diff options
183 files changed, 8072 insertions, 11546 deletions
diff --git a/CommModule/client.pl b/CommModule/client.pl index bf92b27..25e6a73 100755 --- a/CommModule/client.pl +++ b/CommModule/client.pl @@ -31,7 +31,7 @@ use DBI; use Locale::gettext; use IO::Socket; use MIME::Base64; -use Digest::SHA1 qw(sha1_hex); +use Digest::SHA qw(sha1_hex); #Protocol version: my $ver=1; @@ -441,7 +441,7 @@ sub calculateDays($) { if($_[0]) { - my @sum = $dbh->selectrow_array("select sum(`points`) as `total` from `notary` where `to`='".$_[0]."' group by `to`"); + my @sum = $dbh->selectrow_array("select sum(`points`) as `total` from `notary` where `to`='".$_[0]."' and `deleted`=0 group by `to`"); SysLog("Summe: $sum[0]\n") if($debug); return ($sum[0]>=50)?730:180; @@ -834,8 +834,15 @@ sub HandleCerts($$) my $days=$org?($server?(365*2):365):calculateDays($row{"memid"}); + my $md_id = 0; + $md_id = 1 if( $row{'md'} eq "md5"); + $md_id = 2 if( $row{'md'} eq "sha1"); + $md_id = 3 if( $row{'md'} eq "rmd160"); + $md_id = 8 if( $row{'md'} eq "sha256"); + $md_id = 9 if( $row{'md'} eq "sha384"); + $md_id =10 if( $row{'md'} eq "sha512"); - $crt=Request($ver,1,1,$row{'rootcert'}-1,$profile,$row{'md'}eq"sha1"?2:0,$days,$row{'keytype'}eq"NS"?1:0,$content,$SAN,$subject); + $crt=Request($ver,1,1,$row{'rootcert'}-1,$profile,$md_id,$days,$row{'keytype'}eq"NS"?1:0,$content,$SAN,$subject); if(length($crt)) { if($crt=~m/^-----BEGIN CERTIFICATE-----/) diff --git a/CommModule/usbclient.pl b/CommModule/usbclient.pl index 3cbe2c3..6cbc111 100755 --- a/CommModule/usbclient.pl +++ b/CommModule/usbclient.pl @@ -425,7 +425,7 @@ sub calculateDays($) { if($_[0]) { - my @sum = $dbh->selectrow_array("select sum(`points`) as `total` from `notary` where `to`='".$_[0]."' group by `to`"); + my @sum = $dbh->selectrow_array("select sum(`points`) as `total` from `notary` where `to`='".$_[0]."' and `deleted`=0 group by `to`"); SysLog("Summe: $sum[0]\n") if($debug); return ($sum[0]>=50)?730:180; diff --git a/includes/account.php b/includes/account.php index 6a92669..88026d6 100644 --- a/includes/account.php +++ b/includes/account.php @@ -22,14 +22,72 @@ loadem("account"); - $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); - $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); - $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; +/** + * Build a subject string as needed by the signer + * + * @param array(string) $domains + * First domain is used as CN and repeated in subjectAltName. Duplicates + * should already been removed + * + * @param bool $include_xmpp_addr + * [default: true] Whether to include the XmppAddr in the subjectAltName. + * This is needed if the Jabber server is jabber.example.com but a Jabber ID + * on that server would be alice@example.com + * + * @return string + */ +function buildSubject(array $domains, $include_xmpp_addr = true) { + $subject = "/CN=${domains[0]}"; + + foreach ($domains as $domain) { + $subject .= "/subjectAltName=DNS:$domain"; + + if ($include_xmpp_addr) { + $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain"; + } + } + + return $subject; +} + +/** + * Builds the subject string from the session variables + * $_SESSION['_config']['rows'] and $_SESSION['_config']['altrows'] + * + * @return string + */ +function buildSubjectFromSession() { + $domains = array(); + + if (is_array($_SESSION['_config']['rows'])) { + $domains = array_merge($domains, $_SESSION['_config']['rows']); + } + + if (is_array($_SESSION['_config']['altrows'])) + foreach ($_SESSION['_config']['altrows'] as $row) { + if (substr($row, 0, 4) === "DNS:") { + $domains[] = substr($row, 4); + } + } + + return buildSubject(array_unique($domains)); +} + + $id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0; + $oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0; + $process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : ""; +// $showdetalis refers to Secret Question and Answers from account/13.php + $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0; + + $cert = array_key_exists('cert',$_REQUEST) ? intval($_REQUEST['cert']) : 0; + $orgid = array_key_exists('orgid',$_REQUEST) ? intval($_REQUEST['orgid']) : 0; + $memid = array_key_exists('memid',$_REQUEST) ? intval($_REQUEST['memid']) : 0; + $domid = array_key_exists('domid',$_REQUEST) ? intval($_REQUEST['domid']) : 0; + + $actionrequest = array_key_exists('action',$_REQUEST) ? $_REQUEST['action'] : ""; - $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']); - $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']); - $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']); - $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']); + $ticketno = array_key_exists('ticketno',$_REQUEST) ? $_REQUEST['ticketno'] : ""; + $ticketvalidation = FALSE; if(!$_SESSION['mconn']) @@ -93,7 +151,7 @@ exit; } $hash = make_hash(); - $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'"; + $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'"; mysql_query($query); $emailid = mysql_insert_id(); @@ -113,7 +171,7 @@ { $id = 2; $emailid = intval($_REQUEST['emailid']); - $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0"; + $query = "select * from `email` where `id`='$emailid' and `memid`='".intval($_SESSION['profile']['id'])."' and `hash` = '' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -133,7 +191,7 @@ "support@cacert.org", "", "", "CAcert Support"); $_SESSION['profile']['email'] = $row['email']; - $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'"; + $query = "update `users` set `email`='".mysql_real_escape_string($row['email'])."' where `id`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); showheader(_("My CAcert.org Account!")); printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email'])); @@ -149,14 +207,16 @@ $delcount = 0; if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid'])) { + $deltitle=false; foreach($_REQUEST['delid'] as $id) { - if (0==$delcount) { + if (!$deltitle) { echo _('The following email addresses have been removed:')."<br>\n"; + $deltitle=true; } $id = intval($id); $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and - `email`!='".$_SESSION['profile']['email']."'"; + `email`!='".mysql_real_escape_string($_SESSION['profile']['email'])."'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -173,7 +233,7 @@ } if(0 == $delcount) { - echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken."); + echo _("You did not select any accounts to be removed, or you attempted to remove the default account. No action was taken."); } showfooter(); @@ -229,6 +289,9 @@ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; } + + $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']); + $csr = ""; if(trim($_REQUEST['optionalCSR']) == "") { @@ -238,11 +301,8 @@ $_REQUEST['keytype'] = "MS"; $csr = clean_csr($_REQUEST['optionalCSR']); } - if(trim($_REQUEST['description']) != ""){ - $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $_SESSION['_config']['description']= ""; - } + + $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); } if($oldid == 4) @@ -266,7 +326,7 @@ if(is_array($_SESSION['_config']['addid'])) foreach($_SESSION['_config']['addid'] as $id) { - $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'"); + $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'"); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); @@ -285,7 +345,7 @@ showfooter(); exit; } - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'")); + $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'")); if($_SESSION['_config']['SSO'] == 1) $emails .= "$count.emailAddress = ".$user['uniqueID']."\n"; @@ -329,7 +389,8 @@ `codesign`='".intval($_SESSION['_config']['codesign'])."', `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', `rootcert`='".intval($_SESSION['_config']['rootcert'])."', - `description`='".$_SESSION['_config']['description']."'"; + `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."', + `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) @@ -340,7 +401,8 @@ fputs($fp, $emails); fclose($fp); $challenge=$_SESSION['spkac_hash']; - $res=`openssl spkac -verify -in $CSRname`; + $CSRname_esc = escapeshellarg($CSRname); + $res=`openssl spkac -verify -in $CSRname_esc`; if(!strstr($res,"Challenge String: ".$challenge)) { $id = $oldid; @@ -402,7 +464,9 @@ $csrsubject .= "/emailAddress = ".$user['uniqueID']; $tmpname = tempnam("/tmp", "id4csr"); - $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`; + $tmpfname_esc = escapeshellarg($tmpfname); + $tmpname_esc = escapeshellarg($tmpname); + $do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`; // -subj "$csr"`; @unlink($tmpfname); $csr = ""; $fp = fopen($tmpname, "r"); @@ -424,13 +488,14 @@ $query = "insert into emailcerts set `CN`='$defaultemail', `keytype`='".sanitizeHTML($_REQUEST['keytype'])."', - `memid`='".$_SESSION['profile']['id']."', + `memid`='".intval($_SESSION['profile']['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `subject`='".mysql_real_escape_string($csrsubject)."', - `codesign`='".$_SESSION['_config']['codesign']."', + `codesign`='".intval($_SESSION['_config']['codesign'])."', `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', - `rootcert`='".$_SESSION['_config']['rootcert']."', - `description`='".$_SESSION['_config']['description']."'"; + `rootcert`='".intval($_SESSION['_config']['rootcert'])."', + `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."', + `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) @@ -595,7 +660,7 @@ $hash = make_hash(); $query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."', - `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'"; + `memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'"; mysql_query($query); $domainid = mysql_insert_id(); @@ -623,7 +688,7 @@ foreach($_REQUEST['delid'] as $id) { $id = intval($id); - $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; + $query = "select * from `domains` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -668,19 +733,15 @@ exit; } - if(trim($_REQUEST['description']) != ""){ - $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $_SESSION['_config']['description']= ""; - } + $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); fclose($fp); - $CSR = $_SESSION['_config']['tmpfname']; - $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`); - $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); + $CSR = escapeshellarg($_SESSION['_config']['tmpfname']); + $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`); + $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); @@ -707,6 +768,8 @@ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; } + + $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']); } if($process != "" && $oldid == 11) @@ -737,35 +800,8 @@ exit; } - $subject = ""; - $count = 0; - $supressSAN=0; - if($_SESSION["profile"]["id"] == 104074) $supressSAN=1; + $subject = buildSubjectFromSession(); - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - { - $count++; - if($count <= 1) - { - $subject .= "/CN=$row"; - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } else { - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } - } - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) - { - if(substr($row, 0, 4) == "DNS:") - { - $row = substr($row, 4); - if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row"; - if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row"; - } - } if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; @@ -778,20 +814,21 @@ `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', - `description`='".$_SESSION['_config']['description']."'"; + `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."', + `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) { $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', - `description`='".$_SESSION['_config']['description']."'"; + `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."', + `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; } else { showheader(_("My CAcert.org Account!")); echo _("Domain not verified."); showfooter(); exit; - } mysql_query($query); @@ -840,7 +877,7 @@ $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and - `domains`.`memid`='".$_SESSION['profile']['id']."'"; + `domains`.`memid`='".intval($_SESSION['profile']['id'])."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -859,22 +896,23 @@ mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'"); $query = "insert into `domaincerts` set - `domid`='".$row['domid']."', + `domid`='".intval($row['domid'])."', `CN`='".mysql_real_escape_string($row['CN'])."', `subject`='".mysql_real_escape_string($row['subject'])."',". //`csr_name`='".$row['csr_name']."', // RACE CONDITION - "`created`='".$row['created']."', + "`created`='".mysql_real_escape_string($row['created'])."', `modified`=NOW(), - `rootcert`='".$row['rootcert']."', - `type`='".$row['type']."', - `pkhash`='".$row['pkhash']."', - `description`='".$row['description']."'"; + `rootcert`='".intval($row['rootcert'])."', + `type`='".intval($row['type'])."', + `pkhash`='".mysql_real_escape_string($row['pkhash'])."', + `description`='".mysql_real_escape_string($row['description'])."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","server",$newid); copy($row['csr_name'], $newfile); - $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`); - $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); + $newfile_esc = escapeshellarg($newfile); + $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep "Subject:"`); + $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); @@ -890,29 +928,7 @@ continue; } - $subject = ""; - $count = 0; - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - { - $count++; - if($count <= 1) - { - $subject .= "/CN=$row"; - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; - } else { - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; - } - } - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) - if(!strstr($subject, "=$row/") && - substr($subject, -strlen("=$row")) != "=$row") - $subject .= "/subjectAltName=$row"; + $subject = buildSubjectFromSession(); $subject = mysql_real_escape_string($subject); mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'"); @@ -925,7 +941,8 @@ printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); } else { $drow = mysql_fetch_assoc($res); - $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`; + $crt_name = escapeshellarg($drow['crt_name']); + $cert = `/usr/bin/openssl x509 -in $crt_name`; echo "<pre>\n$cert\n</pre>\n"; } } @@ -934,6 +951,7 @@ { echo _("You did not select any certificates for renewal."); } + showfooter(); exit; } @@ -952,7 +970,7 @@ $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and - `domains`.`memid`='".$_SESSION['profile']['id']."'"; + `domains`.`memid`='".intval($_SESSION['profile']['id'])."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -966,8 +984,12 @@ continue; } mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } + + // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term + echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>'; + } else { @@ -983,7 +1005,7 @@ $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and - `domains`.`memid`='".$_SESSION['profile']['id']."'"; + `domains`.`memid`='".intval($_SESSION['profile']['id'])."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -1034,7 +1056,7 @@ { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` - where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; + where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -1053,17 +1075,17 @@ mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'"); $query = "insert into emailcerts set - `memid`='".$row['memid']."', + `memid`='".intval($row['memid'])."', `CN`='".mysql_real_escape_string($row['CN'])."', `subject`='".mysql_real_escape_string($row['subject'])."', - `keytype`='".$row['keytype']."', - `csr_name`='".$row['csr_name']."', - `created`='".$row['created']."', + `keytype`='".mysql_real_escape_string($row['keytype'])."', + `csr_name`='".mysql_real_escape_string($row['csr_name'])."', + `created`='".mysql_real_escape_string($row['created'])."', `modified`=NOW(), - `disablelogin`='".$row['disablelogin']."', - `codesign`='".$row['codesign']."', - `rootcert`='".$row['rootcert']."', - `description`='".$row['description']."'"; + `disablelogin`='".intval($row['disablelogin'])."', + `codesign`='".intval($row['codesign'])."', + `rootcert`='".intval($row['rootcert'])."', + `description`='".mysql_real_escape_string($row['description'])."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","client",$newid); @@ -1108,7 +1130,7 @@ { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` - where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; + where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -1122,8 +1144,11 @@ continue; } mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } + + // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term + echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>'; } else { @@ -1137,7 +1162,7 @@ { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts` - where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; + where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -1169,14 +1194,14 @@ { $cid = intval(substr($id,5)); $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1"; - mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'"); + mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'"); } if(substr($id,0,14)=="check_comment_") { $cid = intval(substr($id,14)); if(!empty($_REQUEST['check_comment_'.$cid])) { $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); - mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'"); + mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'"); } } } @@ -1185,25 +1210,7 @@ exit; } - - if($oldid == 6 && $_REQUEST['certid'] != "") - { - if(trim($_REQUEST['description']) != ""){ - $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $description= ""; - } - - if(trim($_REQUEST['disablelogin']) == "1"){ - $disablelogin = 1; - }else{ - $disablelogin = 0; - } - - mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); - } - - if($oldid == 13 && $process != "") + if($oldid == 13 && $process != "" && $showdetails!="") { csrf_check("perschange"); $_SESSION['_config']['user'] = $_SESSION['profile']; @@ -1268,7 +1275,7 @@ if($oldid == 13 && $process != "") { - $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; + $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`"; $ddres = mysql_query($ddquery); $ddrow = mysql_fetch_assoc($ddres); $_SESSION['profile']['points'] = $ddrow['total']; @@ -1308,37 +1315,29 @@ `lname`='".$_SESSION['_config']['user']['lname']."', `suffix`='".$_SESSION['_config']['user']['suffix']."', `dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."' - where `id`='".$_SESSION['profile']['id']."'"; + where `id`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); } - $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', - `Q2`='".$_SESSION['_config']['user']['Q2']."', - `Q3`='".$_SESSION['_config']['user']['Q3']."', - `Q4`='".$_SESSION['_config']['user']['Q4']."', - `Q5`='".$_SESSION['_config']['user']['Q5']."', - `A1`='".$_SESSION['_config']['user']['A1']."', - `A2`='".$_SESSION['_config']['user']['A2']."', - `A3`='".$_SESSION['_config']['user']['A3']."', - `A4`='".$_SESSION['_config']['user']['A4']."', - `A5`='".$_SESSION['_config']['user']['A5']."' - where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); - - //!!!Should be rewritten - $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); - $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin'])))); - if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "") - { - $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."', - `otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'"; + if ($showdetails!="") { + $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', + `Q2`='".$_SESSION['_config']['user']['Q2']."', + `Q3`='".$_SESSION['_config']['user']['Q3']."', + `Q4`='".$_SESSION['_config']['user']['Q4']."', + `Q5`='".$_SESSION['_config']['user']['Q5']."', + `A1`='".$_SESSION['_config']['user']['A1']."', + `A2`='".$_SESSION['_config']['user']['A2']."', + `A3`='".$_SESSION['_config']['user']['A3']."', + `A4`='".$_SESSION['_config']['user']['A4']."', + `A5`='".$_SESSION['_config']['user']['A5']."' + where `id`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); } $_SESSION['_config']['user']['set'] = 0; - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'")); + $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'")); $_SESSION['profile']['loggedin'] = 1; - $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; + $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`"; $ddres = mysql_query($ddquery); $ddrow = mysql_fetch_assoc($ddres); $_SESSION['profile']['points'] = $ddrow['total']; @@ -1372,7 +1371,7 @@ if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname']) { - $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and + $match = mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))"); $rc = mysql_num_rows($match); @@ -1394,7 +1393,7 @@ echo _("You failed to correctly enter your current Pass Phrase."); } else { mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."') - where `id`='".$_SESSION['profile']['id']."'"); + where `id`='".intval($_SESSION['profile']['id'])."'"); echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n"; echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change."); $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n"; @@ -1436,14 +1435,9 @@ $_SESSION['_config']['emails'][] = $val; } $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name']))); - $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU']))); - + $_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU'])); - if(trim($_REQUEST['description']) != ""){ - $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $_SESSION['_config']['description']= ""; - } + $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); } if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0) @@ -1457,7 +1451,6 @@ if($oldid == 16 && $process != "") { - if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100)) { $_REQUEST['codesign'] = 1; @@ -1473,11 +1466,9 @@ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; - if(trim($_REQUEST['description']) != ""){ - $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $_SESSION['_config']['description']= ""; - } + $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']); + + $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); if(@count($_SESSION['_config']['emails']) > 0) $id = 17; @@ -1513,7 +1504,7 @@ if($_SESSION['_config']['name'] != "") $emails .= "commonName = ".$_SESSION['_config']['name']."\n"; if($_SESSION['_config']['OU']) - $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n"; + $emails .= "organizationalUnitName = ".mysql_real_escape_string($_SESSION['_config']['OU'])."\n"; if($org['O']) $emails .= "organizationName = ".$org['O']."\n"; if($org['L']) @@ -1538,12 +1529,14 @@ $query = "insert into `orgemailcerts` set `CN`='$defaultemail', + `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."', `keytype`='NS', - `orgid`='".$org['orgid']."', + `orgid`='".intval($org['orgid'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), - `codesign`='".$_SESSION['_config']['codesign']."', - `rootcert`='".$_SESSION['_config']['rootcert']."', - `description`='".$_SESSION['_config']['description']."'"; + `codesign`='".intval($_SESSION['_config']['codesign'])."', + `rootcert`='".intval($_SESSION['_config']['rootcert'])."', + `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."', + `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; mysql_query($query); $emailid = mysql_insert_id(); @@ -1555,7 +1548,8 @@ fputs($fp, $emails); fclose($fp); $challenge=$_SESSION['spkac_hash']; - $res=`openssl spkac -verify -in $CSRname`; + $CSRname_esc = escapeshellarg($CSRname); + $res=`openssl spkac -verify -in $CSRname_esc`; if(!strstr($res,"Challenge String: ".$challenge)) { $id = $oldid; @@ -1607,7 +1601,9 @@ $csrsubject .= "/countryName=".$org['C']; $tmpname = tempnam("/tmp", "id17csr"); - $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; + $tmpfname_esc = escapeshellarg($tmpfname); + $tmpname_esc = escapeshellarg($tmpname); + $do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`; @unlink($tmpfname); $csr = ""; $fp = fopen($tmpname, "r"); @@ -1628,13 +1624,15 @@ $query = "insert into `orgemailcerts` set `CN`='$defaultemail', + `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."', `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "', - `orgid`='".$org['orgid']."', + `orgid`='".intval($org['orgid'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), - `subject`='$csrsubject', - `codesign`='".$_SESSION['_config']['codesign']."', - `rootcert`='".$_SESSION['_config']['rootcert']."', - `description`='".$_SESSION['_config']['description']."'"; + `subject`='".mysql_real_escape_string($csrsubject)."', + `codesign`='".intval($_SESSION['_config']['codesign'])."', + `rootcert`='".intval($_SESSION['_config']['rootcert'])."', + `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."', + `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; mysql_query($query); $emailid = mysql_insert_id(); @@ -1676,7 +1674,7 @@ echo "Renewing certificate #$id ...\n<br/>"; $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org` - where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and + where `orgemailcerts`.`id`='$id' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -1701,16 +1699,17 @@ continue; } $query = "insert into `orgemailcerts` set - `orgid`='".$row['orgid']."', - `CN`='".$row['CN']."', - `subject`='".$row['subject']."', - `keytype`='".$row['keytype']."', - `csr_name`='".$row['csr_name']."', - `created`='".$row['created']."', + `orgid`='".intval($row['orgid'])."', + `CN`='".mysql_real_escape_string($row['CN'])."', + `ou`='".mysql_real_escape_string($row['ou'])."', + `subject`='".mysql_real_escape_string($row['subject'])."', + `keytype`='".mysql_real_escape_string($row['keytype'])."', + `csr_name`='".mysql_real_escape_string($row['csr_name'])."', + `created`='".mysql_real_escape_string($row['created'])."', `modified`=NOW(), - `codesign`='".$row['codesign']."', - `rootcert`='".$row['rootcert']."', - `description`='".$row['description']."'"; + `codesign`='".intval($row['codesign'])."', + `rootcert`='".intval($row['rootcert'])."', + `description`='".mysql_real_escape_string($row['description'])."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","orgclient",$newid); @@ -1748,7 +1747,7 @@ { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org` - where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and + where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -1763,8 +1762,11 @@ continue; } mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } + + // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term + echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>'; } else { @@ -1778,7 +1780,7 @@ { $id = intval($id); $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org` - where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and + where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orgemailcerts`.`orgid`"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -1819,6 +1821,21 @@ exit; } + if($oldid == 18 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "") + { + $id=18; + $_SESSION['_config']['orgfilterid']=$_REQUEST['orgfilterid']; + $_SESSION['_config']['sorting']=$_REQUEST['sorting']; + $_SESSION['_config']['status']=$_REQUEST['status']; + } + + if($oldid == 18 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "") + { + $id=18; + $_SESSION['_config']['orgfilterid']=0; + $_SESSION['_config']['sorting']=0; + $_SESSION['_config']['status']=0; + } if($process != "" && $oldid == 20) { @@ -1833,19 +1850,15 @@ exit; } - if(trim($_REQUEST['description']) != ""){ - $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $_SESSION['_config']['description']= ""; - } + $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); fclose($fp); - $CSR = $_SESSION['_config']['tmpfname']; - $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`); - $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); + $CSR = escapeshellarg($_SESSION['_config']['tmpfname']); + $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`); + $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`)); foreach($bits as $val) { $_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val); @@ -1858,16 +1871,16 @@ getalt2(); $query = "select * from `orginfo`,`org`,`orgdomains` where - `org`.`memid`='".$_SESSION['profile']['id']."' and + `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orginfo`.`id` and `org`.`orgid`=`orgdomains`.`orgid` and - `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'"; + `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.CN'])."'"; $_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query)); $query = "select * from `orginfo`,`org`,`orgdomains` where - `org`.`memid`='".$_SESSION['profile']['id']."' and + `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orginfo`.`id` and `org`.`orgid`=`orgdomains`.`orgid` and - `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'"; + `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.subjectAltName'])."'"; $_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query)); //echo "<pre>"; print_r($_SESSION['_config']); die; @@ -1883,6 +1896,8 @@ $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']); if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; + + $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']); } if($process != "" && $oldid == 21) @@ -1917,14 +1932,14 @@ if($_SESSION['_config']['rowid']['0'] > 0) { $query = "select * from `org`,`orginfo` where - `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and + `orginfo`.`id`='".intval($_SESSION['_config']['rowid']['0'])."' and `orginfo`.`id`=`org`.`orgid` and - `org`.`memid`='".$_SESSION['profile']['id']."'"; + `org`.`memid`='".intval($_SESSION['profile']['id'])."'"; } else { $query = "select * from `org`,`orginfo` where - `orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and + `orginfo`.`id`='".intval($_SESSION['_config']['altid']['0'])."' and `orginfo`.`id`=`org`.`orgid` and - `org`.`memid`='".$_SESSION['profile']['id']."'"; + `org`.`memid`='".intval($_SESSION['profile']['id'])."'"; } $org = mysql_fetch_assoc(mysql_query($query)); $csrsubject = ""; @@ -1942,20 +1957,7 @@ //if($org['contact']) // $csrsubject .= "/emailAddress=".trim($org['contact']); - if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) - $csrsubject .= "/commonName=$row"; - $SAN=""; - if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $subalt) - { - if($SAN != "") - $SAN .= ","; - $SAN .= "$subalt"; - } - - if($SAN != "") - $csrsubject .= "/subjectAltName=".$SAN; + $csrsubject .= buildSubjectFromSession(); $type=""; if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8"; @@ -1965,22 +1967,24 @@ if($_SESSION['_config']['rowid']['0'] > 0) { $query = "insert into `orgdomaincerts` set - `CN`='".$_SESSION['_config']['rows']['0']."', - `orgid`='".$org['id']."', + `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."', + `orgid`='".intval($org['id'])."', `created`=NOW(), - `subject`='$csrsubject', - `rootcert`='".$_SESSION['_config']['rootcert']."', - `type`='$type', - `description`='".$_SESSION['_config']['description']."'"; + `subject`='".mysql_real_escape_string($csrsubject)."', + `rootcert`='".intval($_SESSION['_config']['rootcert'])."', + `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."', + `type`='".$type."', + `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; } else { $query = "insert into `orgdomaincerts` set - `CN`='".$_SESSION['_config']['altrows']['0']."', - `orgid`='".$org['id']."', + `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."', + `orgid`='".intval($org['id'])."', `created`=NOW(), - `subject`='$csrsubject', - `rootcert`='".$_SESSION['_config']['rootcert']."', - `type`='$type', - `description`='".$_SESSION['_config']['description']."'"; + `subject`='".mysql_real_escape_string($csrsubject)."', + `rootcert`='".intval($_SESSION['_config']['rootcert'])."', + `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."', + `type`='".$type."', + `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; } mysql_query($query); $CSRid = mysql_insert_id(); @@ -1991,10 +1995,10 @@ mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'"); if(is_array($_SESSION['_config']['rowid'])) foreach($_SESSION['_config']['rowid'] as $id) - mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'"); + mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'"); if(is_array($_SESSION['_config']['altid'])) foreach($_SESSION['_config']['altid'] as $id) - mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'"); + mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'"); waitForResult("orgdomaincerts", $CSRid,$oldid); $query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''"; $res = mysql_query($query); @@ -2025,7 +2029,7 @@ `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and - `org`.`memid`='".$_SESSION['profile']['id']."'"; + `org`.`memid`='".intval($_SESSION['profile']['id'])."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -2049,15 +2053,15 @@ continue; } $query = "insert into `orgdomaincerts` set - `orgid`='".$row['orgid']."', - `CN`='".$row['CN']."', - `csr_name`='".$row['csr_name']."', - `created`='".$row['created']."', + `orgid`='".intval($row['orgid'])."', + `CN`='".mysql_real_escape_string($row['CN'])."', + `csr_name`='".mysql_real_escape_string($row['csr_name'])."', + `created`='".mysql_real_escape_string($row['created'])."', `modified`=NOW(), - `subject`='".$row['subject']."', - `type`='".$row['type']."', - `rootcert`='".$row['rootcert']."', - `description`='".$row['description']."'"; + `subject`='".mysql_real_escape_string($row['subject'])."', + `type`='".intval($row['type'])."', + `rootcert`='".intval($row['rootcert'])."', + `description`='".mysql_real_escape_string($row['description'])."'"; mysql_query($query); $newid = mysql_insert_id(); //echo "NewID: $newid<br/>\n"; @@ -2067,7 +2071,7 @@ echo _("Renewing").": ".$row['CN']."<br>\n"; $res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'"); while($r2 = mysql_fetch_assoc($res)) - mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'"); + mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($r2['orgdomid'])."', `orgcertid`='$newid'"); waitForResult("orgdomaincerts", $newid,$oldid,0); $query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''"; $res = mysql_query($query); @@ -2076,7 +2080,8 @@ printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>"); } else { $drow = mysql_fetch_assoc($res); - $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`; + $crtname = escapeshellarg($drow['crt_name']); + $cert = `/usr/bin/openssl x509 -in $crtname`; echo "<pre>\n$cert\n</pre>\n"; } } @@ -2103,7 +2108,7 @@ `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and - `org`.`memid`='".$_SESSION['profile']['id']."'"; + `org`.`memid`='".intval($_SESSION['profile']['id'])."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -2117,8 +2122,11 @@ continue; } mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } + + // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term + echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>'; } else { @@ -2135,7 +2143,7 @@ `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$id' and `orgdomaincerts`.`orgid`=`org`.`orgid` and - `org`.`memid`='".$_SESSION['profile']['id']."'"; + `org`.`memid`='".intval($_SESSION['profile']['id'])."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -2175,6 +2183,22 @@ exit; } + if($oldid == 22 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "") + { + $id=22; + $_SESSION['_config']['dorgfilterid']=$_REQUEST['dorgfilterid']; + $_SESSION['_config']['dsorting']=$_REQUEST['dsorting']; + $_SESSION['_config']['dstatus']=$_REQUEST['dstatus']; + } + + if($oldid == 22 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "") + { + $id=22; + $_SESSION['_config']['dorgfilterid']=0; + $_SESSION['_config']['dsorting']=0; + $_SESSION['_config']['dstatus']=0; + } + if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 || $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 || @@ -2235,7 +2259,7 @@ `ST`='".$_SESSION['_config']['ST']."', `C`='".$_SESSION['_config']['C']."', `comments`='".$_SESSION['_config']['comments']."' - where `id`='".$_SESSION['_config']['orgid']."'"); + where `id`='".intval($_SESSION['_config']['orgid'])."'"); showheader(_("My CAcert.org Account!")); printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O'])); showfooter(); @@ -2415,11 +2439,11 @@ { csrf_check('orgadmadd'); if($_SESSION['profile']['orgadmin'] == 1) - $masteracc = $_SESSION['_config'][masteracc] = intval($_REQUEST['masteracc']); + $masteracc = $_SESSION['_config']['masteracc'] = intval($_REQUEST['masteracc']); else - $masteracc = $_SESSION['_config'][masteracc] = 0; + $masteracc = $_SESSION['_config']['masteracc'] = 0; $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email']))); - $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU']))); + $_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU'])); $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments']))); $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0"); if(mysql_num_rows($res) <= 0) @@ -2441,7 +2465,7 @@ set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."', `masteracc`='$masteracc', - `OU`='$OU', + `OU`='".mysql_real_escape_string($_SESSION['_config']['OU'])."', `comments`='$comments'"); } } @@ -2450,7 +2474,7 @@ if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1) { $orgid = intval($_SESSION['_config']['orgid']); - $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'"); + $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'"); if(mysql_num_rows($res) <= 0) $id = 32; } @@ -2509,7 +2533,7 @@ { if($key == $lang) { - mysql_query("update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'"); + mysql_query("update `users` set `language`='$lang' where `id`='".intval($_SESSION['profile']['id'])."'"); $_SESSION['profile']['language'] = $lang; showheader(_("My CAcert.org Account!")); echo _("Your language setting has been updated."); @@ -2664,10 +2688,27 @@ $oldid=0; } - if($oldid == 43 && $_REQUEST['action'] == "updatedob") + //check if ticket number was entered + if ( $id == 43 || $oldid == 43 || $id == 44 || $oldid == 44 ) { + if ($ticketno != "" ) { + $ticketno = trim($_REQUEST['ticketno']); + $ticketvalidation = valid_ticket_number($ticketno); + } + + $_SESSION['ticketno'] = $ticketno; + } + + if($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == TRUE) { $id = 43; $oldid=0; + $userid = intval($_REQUEST['userid']); + if (!write_se_log($userid, $_SESSION['profile']['id'],'SE Name/DOB Change',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $fname = mysql_real_escape_string($_REQUEST['fname']); $mname = mysql_real_escape_string($_REQUEST['mname']); $lname = mysql_real_escape_string($_REQUEST['lname']); @@ -2675,21 +2716,29 @@ $day = intval($_REQUEST['day']); $month = intval($_REQUEST['month']); $year = intval($_REQUEST['year']); - $userid = intval($_REQUEST['userid']); - $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'"; - $details = mysql_fetch_assoc(mysql_query($query)); - $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}', - `new-lname`='$lname',`new-dob`='$year-$month-$day',`uid`='$userid',`adminid`='".$_SESSION['profile']['id']."'"; - mysql_query($query); $query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'"; mysql_query($query); + }elseif($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == FALSE){ + $id = 43; + $oldid=0; + $_SESSION['ticketmsg']='No action (name/dob change) taken. Ticket number is missing!'; } - if($oldid == 43 && $_REQUEST['action'] == 'revokecert') + if($oldid == 43 && $actionrequest == 'revokecert' && $ticketvalidation == TRUE) { $userid = intval($_REQUEST['userid']); + if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE Revoke all certificates',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } revoke_all_private_cert($userid); $id=43; + }elseif($oldid == 43 && $actionrequest == "revokecert" && $ticketvalidation == FALSE){ + $id = 43; + $oldid=0; + $_SESSION['ticketmsg']='No certificates revokes. Ticket number is missing!'; } if($oldid == 48 && $_REQUEST['domain'] == "") @@ -2706,8 +2755,7 @@ if($id == 44) { - if($_REQUEST['userid'] != "") - $_REQUEST['userid'] = intval($_REQUEST['userid']); + $_REQUEST['userid'] = intval($_REQUEST['userid']); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); if($row['email'] == "") $id = 42; @@ -2715,13 +2763,19 @@ $_REQUEST['email'] = $row['email']; } - if($oldid == 44) + if($oldid == 44 && $ticketvalidation == TRUE) { showheader(_("My CAcert.org Account!")); if(intval($_REQUEST['userid']) <= 0) { echo _("No such user found."); } else { + if (!write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'SE reset password',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'"); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email'])); @@ -2735,12 +2789,15 @@ sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); - } + showfooter(); exit; + }elseif($oldid == 44 && $ticketvalidation == FALSE){ + $_SESSION['ticketmsg']='No password reset taken. Ticket number is missing!'; } + if($process != "" && $oldid == 45) { $CSR = clean_csr($CSR); @@ -2807,10 +2864,10 @@ $CSRid = mysql_insert_id(); foreach($_SESSION['_config']['rowid'] as $dom) - mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); + mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'"); if(is_array($_SESSION['_config']['altid'])) foreach($_SESSION['_config']['altid'] as $dom) - mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'"); + mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'"); $CSRname=generatecertpath("csr","server",$CSRid); $fp = fopen($CSRname, "w"); @@ -2833,150 +2890,279 @@ } } - if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0) + /* presently not needed + if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change tverify status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['tverify']; mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'"); + }elseif($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==FALSE){ + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } + */ - if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0) + if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == TRUE) { csrf_check('admsetassuret'); $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['assurer']; mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'"); + }elseif($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['assurer']); + $_SESSION['ticketmsg']='No action (Change assurer status) taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0) + if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer blocked status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['assurer_blocked']; mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'"); + }elseif($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0) + if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == TRUE) { csrf_check('admactlock'); $memid = $_REQUEST['userid'] = intval($_REQUEST['locked']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change locked status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['locked']; mysql_query("update `users` set `locked`='$ver' where `id`='$memid'"); + }elseif($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['locked']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0) + if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == TRUE) { csrf_check('admcodesign'); $memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change codesign status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['codesign']; mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'"); + }elseif($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['codesign']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0) + if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == TRUE) { csrf_check('admorgadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change org assuer status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['orgadmin']; mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'"); + }elseif($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['orgadmin']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0) + if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == TRUE) { csrf_check('admttpadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']); + if(!write_se_log($memid, $_SESSION['profile']['id'],'SE Change ttp admin status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['ttpadmin']; mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'"); + }elseif($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0) + if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change advertising admin status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = $row['adadmin'] + 1; if($ver > 2) $ver = 0; mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'"); + }elseif($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['adadmin']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0) + if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change location admin status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['locadmin']; mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'"); + }elseif($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['locadmin']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0) + if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == TRUE) { csrf_check('admsetadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['admin']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change SE status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['admin']; mysql_query("update `users` set `admin`='$ver' where `id`='$memid'"); + }elseif($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['admin']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0) + if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['general']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change general status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['general']; mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'"); + }elseif($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['general']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0) + if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['country']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change country status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['country']; mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'"); + }elseif($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['country']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0) + if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['regional']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change regional status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['regional']; mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'"); + }elseif($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == FALSE){ + $_REQUEST['userid'] = intval($_REQUEST['regional']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } - if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0) + if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['radius']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change radius status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['radius']; mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'"); + }elseif($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == false){ + $_REQUEST['userid'] = intval($_REQUEST['radius']); + $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } if($id == 50) { - if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] != "") + if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] !== "") { $_REQUEST['userid'] = intval($_REQUEST['userid']); + } $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); - if($row['email'] == "") + if($row['email'] == "") { $id = 42; - else + } else { $_REQUEST['email'] = $row['email']; + } } if($oldid == 50) @@ -2991,151 +3177,69 @@ if (trim($_REQUEST['arbitrationno'])==""){ showheader(_("My CAcert.org Account!")); echo _("You did not enter an arbitration number entry."); + printf('<br/><a href="account.php?id=43&userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>'); showfooter(); exit; } if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) { showheader(_("My CAcert.org Account!")); printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno']))); + printf('<br/><a href="account.php?id=43&userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>'); showfooter(); exit; } if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) { showheader(_("My CAcert.org Account!")); printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org')); + printf('<br/><a href="account.php?id=43&userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>'); showfooter(); exit; - } - if (check_client_cert_running($_REQUEST['userid'],1) || - check_server_cert_running($_REQUEST['userid'],1) || - check_gpg_cert_running($_REQUEST['userid'],1)) { + } + if (check_client_cert_running(intval($_REQUEST['userid']),1) || + check_server_cert_running(intval($_REQUEST['userid']),1) || + check_gpg_cert_running(intval($_REQUEST['userid']),1)) { showheader(_("My CAcert.org Account!")); printf(_("The CCA retention time for at least one certificate is not over. Can't continue.")); + printf('<br/><a href="account.php?id=43&userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>'); showfooter(); exit; } - if (check_is_orgadmin($_REQUEST['userid'],1)) { + if (check_is_orgadmin(intval($_REQUEST['userid']),1)) { showheader(_("My CAcert.org Account!")); printf(_("The user is listed as Organisation Administrator. Can't continue.")); + printf('<br/><a href="account.php?id=43&userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>'); + showfooter(); + exit; + } + if (!write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno']))) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + printf('<br/><a href="account.php?id=43&userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>'); showfooter(); exit; } - account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']); + account_delete(intval($_REQUEST['userid']), trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']); } - if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0) + if(($id == 51 || $id == 52 || $oldid == 52)) { showheader(_("My CAcert.org Account!")); - echo _("You don't have access to this area."); + echo _("You don't have access to this area.\nThe Tverify programme is terminated as of 16th November 2010" ); showfooter(); exit; } - if($oldid == 52) - { - $uid = intval($_REQUEST['uid']); - $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; - $rc = mysql_num_rows(mysql_query($query)); - if($rc <= 0) - { - showheader(_("My CAcert.org Account!")); - echo _("Unable to find a valid tverify request for this ID."); - showfooter(); - exit; - } - } - - if($oldid == 52) - { - $query = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".$_SESSION['profile']['id']."'"; - $rc = mysql_num_rows(mysql_query($query)); - if($rc > 0) + if($id == 59){ + if (!($oldid == 43 && $_SESSION['profile']['admin'] == 1) && + !($oldid == 13 && intval($_REQUEST['userid']) == $_SESSION['profile']['id'])) { showheader(_("My CAcert.org Account!")); - echo _("You have already voted on this request."); + echo _("You do not have access to this page."); showfooter(); exit; } } - if($oldid == 52 && ($_REQUEST['agree'] != "" || $_REQUEST['disagree'] != "")) - { - $vote = -1; - if($_REQUEST['agree'] != "") - $vote = 1; - - $query = "insert into `tverify-vote` set - `tverify`='$uid', - `memid`='".$_SESSION['profile']['id']."', - `when`=NOW(), `vote`='$vote', - `comment`='".mysql_real_escape_string($_REQUEST['comment'])."'"; - mysql_query($query); - - $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'")); - if($rc >= 8) - { - mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'"); - $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'")); - $memid = $tverify['memid']; - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); - $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'")); - - $points = 0; - if($tverify['URL'] != "" && $tverify['photoid'] != "") - $points = 150 - intval($tmp['points']); - if($tverify['URL'] != "" && $tverify['photoid'] == "") - $points = 90 - intval($tmp['points']); - if($tverify['URL'] == "" && $tverify['photoid'] == "") - $points = 50 - intval($tmp['points']); - - if($points < 0) - $points = 0; - - if($points > 0) - { - mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points', - `method`='Thawte Points Transfer', `when`=NOW()"); - fix_assurer_flag($memid); - } - $totalpoints = intval($tmp['points']) + $points; - - $body = _("Your request to have points transfered was successful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n"._("The following comments were made by reviewers")."\n\n"; - $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"); - while($row = mysql_fetch_assoc($res)) - $body .= $row['comment']."\n"; - $body .= "\n"; - - $body .= _("Best regards")."\n"; - $body .= _("CAcert Support Team"); - sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify"); - } - - $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'")); - if($rc >= 4) - { - mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'"); - $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'")); - $memid = $tverify['memid']; - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); - - $body = _("Unfortunately your request for a points increase has been denied, below is the comments from people that reviewed your request as to why they rejected your application.")."\n\n"; - $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'"); - while($row = mysql_fetch_assoc($res)) - $body .= $row['comment']."\n"; - $body .= "\n"; - - $body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n"; - - $body .= _("Best regards")."\n"; - $body .= _("CAcert Support Team"); - sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify"); - } - - showheader(_("My CAcert.org Account!")); - echo _("Your vote has been accepted."); - showfooter(); - exit; - } if(intval($cert) > 0) $_SESSION['_config']['cert'] = intval($cert); diff --git a/includes/account_stuff.php b/includes/account_stuff.php index dbebf6a..0fda2f1 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -22,6 +22,7 @@ function showheader($title = "CAcert.org", $title2 = "") { global $id, $PHP_SELF; + $PHP_SELF = &$_SERVER['PHP_SELF']; $expand=""; $tmpid = $id; if($PHP_SELF == "/wot.php") @@ -35,46 +36,51 @@ switch($tmpid) { - case 1: - case 2: $expand = " explode('emailacc');"; break; - case 3: - case 4: - case 5: - case 6: $expand = " explode('clicerts');"; break; - case 7: - case 8: - case 9: $expand = " explode('domains');"; break; - case 10: - case 11: - case 12: - case 15: $expand = " explode('servercert');"; break; - case 13: - case 14: - case 36: - case 41: + case 1: // Add email address + case 2: $expand = " explode('emailacc');"; break; // View email addresses + case 3: // Add Client certificate + case 4: // Confirm Client Certificate Request + case 5: // View Client Certificates + case 6: $expand = " explode('clicerts');"; break; // Client Certificate page + case 7: // Add new domain + case 8: // Confirm Domain page + case 9: $expand = " explode('domains');"; break; // View Domains + case 10: // Add Server Certifiacte + case 11: // Confirm Server Certificate Rewust + case 12: // View Server Cerificate + case 15: $expand = " explode('servercert');"; break; // Server Certificate page + case 13: // ViewEdit + case 14: // Change password + case 36: // My Alert settings + case 41: // Language Settings + case 55: // Trainings + case 59: // Account History case 507: - case 508: - case 513: $expand = " explode('mydetails');"; break; - case 16: - case 17: - case 18: - case 19: $expand = " explode('clientorg');"; break; - case 20: - case 21: - case 22: - case 23: $expand = " explode('serverorg');"; break; - case 24: - case 25: - case 26: - case 27: - case 28: - case 29: - case 30: + case 508: // My Listing + case 510: // Old points calculation + case 515: // New points calculation + case 513: $expand = " explode('mydetails');"; break; // My Location + case 16: // Add Org Client Cert + case 17: // Confirm Org Client Certificate Request + case 18: // View Org Client Certificate + case 19: $expand = " explode('clientorg');"; break; // Org Cleint Cert page + case 20: // Add Org Server Cert + case 21: // Conform Org Server Cert Request + case 22: // View Org Server Certs + case 23: $expand = " explode('serverorg');"; break; // Org Server Certificate page + case 24: // Add new Organisation + case 25: // View Organisation List + case 26: // View Organisation Domains + case 27: // Edit Org Account + case 28: // View Add Org Domain + case 29: // Edit Org Domain + case 30: // Delete Org Domain case 31: - case 32: - case 33: - case 34: - case 35: $expand = " explode('orgadmin');"; break; + case 32: // View Org Admin + case 33: // Add Org Admin + case 34: // Delete Org Admin + case 60: // View Organisation Account History + case 35: $expand = " explode('orgadmin');"; break; // View Org Admin Organisation List case 42: case 43: case 44: @@ -86,20 +92,19 @@ case 50: case 54: case 53: $expand = " explode('sysadmin');"; break; - case 500: + case 500: // CAcert Web of Trust case 501: - case 502: - case 503: - case 504: - case 505: + case 502: // Become an Assurer + case 503: // CAcert Web of Trust Roles + case 504: // TTP + case 505: // Assurer Some one case 506: case 509: - case 510: case 511: - case 512: $expand = " explode('WoT');"; break; + case 512: $expand = " explode('WoT');"; break; // Find Assurer case 1000: case 1001: - case 1002: + case 1002: // View GPG key case 1003: case 1004: case 1005: @@ -108,9 +113,9 @@ case 1008: case 1009: case 1010: $expand = " explode('gpg');"; break; - case 1500: - case 1501: - case 1502: + case 1500: // Dipute + case 1501: // Dispute Email Request + case 1502: // ViewEdit case 1503: case 1504: case 1505: @@ -172,9 +177,11 @@ function hideall() { </div> <div class="relatedLinks"> <h3 class="pointer" onclick="explode('mydetails')">+ <?=_("My Details")?></h3> - <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("View/Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><? + <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("View/Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="account.php?id=55"><?=_("My Trainings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><? +/* to delete if($_SESSION['profile']['id'] == 1 || $_SESSION['profile']['id'] == 5897) echo "<li><a href='sqldump.php'>SQL Dump</a></li>"; +*/ ?></ul> </div> <div class="relatedLinks"> @@ -217,7 +224,7 @@ function hideall() { <? } ?> <div class="relatedLinks"> <h3 class="pointer" onclick="explode('WoT')">+ <?=_("CAcert Web of Trust")?></h3> - <ul class="menu" id="WoT"><li><a href="wot.php?id=0"><?=_("About")?></a></li><li><a href="wot.php?id=12"><?=_("Find an Assurer")?></a></li><li><a href="wot.php?id=3"><?=_("Rules")?></a></li><li><? if($_SESSION['profile']['assurer'] != 1) { ?><a href="wot.php?id=2"><?=_("Becoming an Assurer")?></a><? } else { ?><a href="wot.php?id=5"><?=_("Assure Someone")?></a><? } ?></li><li><a href="wot.php?id=4"><?=_("Trusted ThirdParties")?></a></li><? if($_SESSION['profile']['points'] >= 500) { ?><li><a href="wot.php?id=11"><div style="white-space:nowrap"><?=_("Organisation Assurance")?></div></a></li><? } ?><li><a href="account.php?id=55"><?=_("Training")?></a></li></ul> + <ul class="menu" id="WoT"><li><a href="wot.php?id=0"><?=_("About")?></a></li><li><a href="wot.php?id=12"><?=_("Find an Assurer")?></a></li><li><a href="wot.php?id=3"><?=_("Rules")?></a></li><li><? if($_SESSION['profile']['assurer'] != 1) { ?><a href="wot.php?id=2"><?=_("Becoming an Assurer")?></a><? } else { ?><a href="wot.php?id=5"><?=_("Assure Someone")?></a><? } ?></li><li><a href="wot.php?id=4"><?=_("Trusted ThirdParties")?></a></li><? if($_SESSION['profile']['points'] >= 500) { ?><li><a href="wot.php?id=11"><div style="white-space:nowrap"><?=_("Organisation Assurance")?></div></a></li><? } ?></ul> </div> <div class="relatedLinks"> <h3 class="pointer" onclick="explode('WoTForms')">+ <?=_("CAP Forms")?></h3><? diff --git a/includes/general.php b/includes/general.php index d89c0e6..26a369e 100644 --- a/includes/general.php +++ b/includes/general.php @@ -57,7 +57,7 @@ exit; } - if(array_key_exists('HTTP_HOST',$_SERVER) && + if(array_key_exists('HTTP_HOST',$_SERVER) && ($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] || $_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify'])) { @@ -77,12 +77,12 @@ L10n::detect_language(); L10n::init_gettext(); - if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0) + if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0) { - $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'")); + $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'")); if($locked['locked'] == 0) { - $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; + $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; @@ -169,19 +169,19 @@ $points++; //echo "Points due to length and charset: $points<br/>"; - + // check for historical password proposal if ($pwd === "Fr3d Sm|7h") { return 0; } - + return $points; } function checkpw($pwd, $email, $fname, $mname, $lname, $suffix) { $points = checkpwlight($pwd); - + if(@strstr(strtolower($pwd), strtolower($email))) $points--; @@ -219,7 +219,7 @@ //echo "Points due to name matches: $points<br/>"; $shellpwd = escapeshellarg($pwd); - $do = `grep $shellpwd /usr/share/dict/american-english`; + $do = `grep -F -- $shellpwd /usr/share/dict/american-english`; if($do) $points--; @@ -232,7 +232,7 @@ { $bits = explode(": ", $_SESSION['_config']['subject'], 2); $bits = str_replace(", ", "|", str_replace("/", "|", array_key_exists('1',$bits)?$bits['1']:"")); - $bits = explode("|", $bits); + $bits = explode("|", $bits); $_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0; $_SESSION['_config']['OU'] = ""; @@ -287,7 +287,7 @@ $dom = $bits[$i]; $_SESSION['_config']['row'] = ""; $dom = mysql_real_escape_string($dom); - $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; + $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -339,7 +339,7 @@ $dom = $bits[$i]; $_SESSION['_config']['altrow'] = ""; $dom = mysql_real_escape_string($dom); - $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; + $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -378,7 +378,7 @@ $_SESSION['_config']['row'] = ""; $dom = mysql_real_escape_string($dom); $query = "select *, `orginfo`.`id` as `id` from `orginfo`,`orgdomains`,`org` where - `org`.`memid`='".$_SESSION['profile']['id']."' and + `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; @@ -426,7 +426,7 @@ $_SESSION['_config']['altrow'] = ""; $dom = mysql_real_escape_string($dom); $query = "select * from `orginfo`,`orgdomains`,`org` where - `org`.`memid`='".$_SESSION['profile']['id']."' and + `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; @@ -458,7 +458,7 @@ $dom = $bits[$i]; $dom = mysql_real_escape_string($dom); $query = "select * from `org`,`orgdomains`,`orginfo` - where `org`.`memid`='".$_SESSION['profile']['id']."' + where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomains`.`orgid`=`org`.`orgid` and `orginfo`.`id`=`org`.`orgid` and `orgdomains`.`domain`='$dom'"; @@ -477,12 +477,12 @@ if($id <= 0) $id = $_SESSION['profile']['id']; - $query = "select sum(`points`) as `points` from `notary` where `to`='$id' group by `to`"; + $query = "select sum(`points`) as `points` from `notary` where `to`='$id' and `deleted` = 0 group by `to`"; $row = mysql_fetch_assoc(mysql_query($query)); $points = $row['points']; $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-18)); - $query = "select * from `users` where `id`='".$_SESSION['profile']['id']."' and `dob` < '$dob'"; + $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `dob` < '$dob'"; if(mysql_num_rows(mysql_query($query)) < 1) { if($points >= 100) @@ -506,7 +506,7 @@ return(0); } - function hex2bin($data) + function gpg_hex2bin($data) { while(strstr($data, "\\x")) { @@ -557,7 +557,7 @@ $fp = @fsockopen($domain,25,$errno,$errstr,5); if($fp) { - + $line = fgets($fp, 4096); while(substr($line, 0, 4) == "220-") $line = fgets($fp, 4096); @@ -581,7 +581,7 @@ $line = mysql_real_escape_string(trim(strip_tags($line))); $query = "insert into `pinglog` set `when`=NOW(), `email`='$myemail', `result`='$line'"; - if(is_array($_SESSION['profile'])) $query.=", `uid`='".$_SESSION['profile']['id']."'"; + if(is_array($_SESSION['profile'])) $query.=", `uid`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); if(substr($line, 0, 3) != "250") @@ -591,7 +591,7 @@ } } } - $query = "insert into `pinglog` set `when`=NOW(), `uid`='".$_SESSION['profile']['id']."', + $query = "insert into `pinglog` set `when`=NOW(), `uid`='".intval($_SESSION['profile']['id'])."', `email`='$myemail', `result`='Failed to make a connection to the mail server'"; mysql_query($query); return _("Failed to make a connection to the mail server"); @@ -662,9 +662,9 @@ return $ticket; } - function sanitizeHTML($input) + function sanitizeHTML($input) { - return htmlentities(strip_tags($input), ENT_QUOTES); + return htmlentities(strip_tags($input), ENT_QUOTES, 'ISO-8859-1'); //In case of problems, please use the following line again: //return htmlentities(strip_tags(utf8_decode($input)), ENT_QUOTES); //return htmlspecialchars(strip_tags($input)); @@ -732,7 +732,7 @@ $text=preg_replace("/[^\w-.@]/","",$text); return($text); } - + // returns text message to be shown to the user given the result of is_no_assurer function no_assurer_text($Status) @@ -775,7 +775,7 @@ $name="../$type/$kind/".intval($id/1000)."/$kind-".intval($id).".$type"; if (!is_dir("../csr")) { mkdir("../csr",0777); } if (!is_dir("../crt")) { mkdir("../crt",0777); } - + if (!is_dir("../csr/$kind")) { mkdir("../csr/$kind",0777); } if (!is_dir("../crt/$kind")) { mkdir("../crt/$kind",0777); } if (!is_dir("../csr/$kind/".intval($id/1000))) { mkdir("../csr/$kind/".intval($id/1000)); } diff --git a/includes/keygen.php b/includes/keygen.php index 09ec7f9..2713a81 100644 --- a/includes/keygen.php +++ b/includes/keygen.php @@ -75,7 +75,7 @@ if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_A <p style="color:red"><?php printf(_('Please note that RSA key sizes smaller than %d bit '. 'will not be accepted by CAcert.'), - 1024)?> + 2048)?> </p> </fieldset> diff --git a/includes/lib/account.php b/includes/lib/account.php index e311668..dd8afd3 100644 --- a/includes/lib/account.php +++ b/includes/lib/account.php @@ -19,10 +19,10 @@ /** * Function to recalculate the cached Assurer status - * + * * @param int $userID * if the user ID is not given the flag will be recalculated for all users - * + * * @return bool * false if there was an error on fixing the flag. This does NOT return the * new value of the flag @@ -30,7 +30,7 @@ function fix_assurer_flag($userID = NULL) { // Update Assurer-Flag on users table if 100 points and CATS passed. - // + // // We may have some performance issues here if no userID is given // there are ~150k assurances and ~220k users currently // but the exists-clause on cats_passed should be a good filter @@ -46,20 +46,21 @@ function fix_assurer_flag($userID = NULL) WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `cp`.`user_id` = `u`.`id` - ) + ) AND ( SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND (`n`.`expire` > now() - OR `n`.`expire` IS NULL) + OR `n`.`expire` IS NULL) + AND `n`.`deleted` = 0 ) >= 100'; - + $query = mysql_query($sql); if (!$query) { return false; } // Challenge has been passed and non-expired points >= 100 - + // Reset flag if requirements are not met // // Also a bit performance critical but assurer flag is only set on @@ -86,13 +87,64 @@ function fix_assurer_flag($userID = NULL) `n`.`expire` > now() OR `n`.`expire` IS NULL ) + AND `n`.`deleted` = 0 ) < 100 )'; - + $query = mysql_query($sql); if (!$query) { return false; } - + return true; -}
\ No newline at end of file +} + +/** + * Supported hash algorithms for signing certificates + */ +class HashAlgorithms { + /** + * Default hash algorithm identifier for signing + * @var string + */ + public static $default = 'sha256'; + + /** + * Get display strings for the supported hash algorithms + * @return array(string=>array('name'=>string, 'info'=>string)) + * - [$hash_identifier]['name'] = Name that should be displayed in UI + * - [$hash_identifier]['info'] = Additional information that can help + * with the selection of a suitable algorithm + */ + public static function getInfo() { + return array( + 'sha256' => array( + 'name' => 'SHA-256', + 'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'), + ), + 'sha384' => array( + 'name' => 'SHA-384', + 'info' => '', + ), + 'sha512' => array( + 'name' => 'SHA-512', + 'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'), + ), + ); + } + + /** + * Check if the input is a supported hash algorithm identifier otherwise + * return the identifier of the default hash algorithm + * + * @param string $hash_identifier + * @return string The cleaned identifier + */ + public static function clean($hash_identifier) { + if (array_key_exists($hash_identifier, self::getInfo() )) { + return $hash_identifier; + } else { + return self::$default; + } + } +} diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php index ca13ba2..dd4f3a5 100644 --- a/includes/lib/check_weak_key.php +++ b/includes/lib/check_weak_key.php @@ -128,16 +128,15 @@ function checkWeakKeyText($text) if ($algorithm === "rsaEncryption") { - if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text, - $keysize)) + if (!preg_match('/^\s*Public-Key: \((\d+) bit\)$/m', $text, $keysize)) { return failWithId("checkWeakKeyText(): Couldn't parse the RSA ". "key size.\nData:\n$text"); } else { $keysize = intval($keysize[1]); } - - if ($keysize < 1024) + + if ($keysize < 2048) { return sprintf(_("The keys that you use are very small ". "and therefore insecure. Please generate stronger ". @@ -145,14 +144,8 @@ function checkWeakKeyText($text) "found in %sthe wiki%s"), "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>", "</a>"); - } elseif ($keysize < 2048) { - // not critical but log so we have some statistics about - // affected users - trigger_error("checkWeakKeyText(): Certificate for small ". - "key (< 2048 bit) requested", E_USER_NOTICE); } - - + $debianVuln = checkDebianVulnerability($text, $keysize); if ($debianVuln === true) { @@ -170,7 +163,7 @@ function checkWeakKeyText($text) "checkDebianVulnerability().\nKeysize: $keysize\n". "Data:\n$text"); } - + if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text, $exponent)) { @@ -180,7 +173,7 @@ function checkWeakKeyText($text) $exponent = $exponent[1]; // exponent might be very big => //handle as string using bc*() - if (bccomp($exponent, "3") === 0) + if (bccomp($exponent, "65537") < 0) { return sprintf(_("The keys you use might be insecure. ". "Although there is currently no known attack for ". @@ -192,9 +185,9 @@ function checkWeakKeyText($text) "<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>", "</a>"); } elseif (!(bccomp($exponent, "65537") >= 0 && - (bccomp($exponent, "100000") === -1 || - // speed things up if way smaller than 2^256 - bccomp($exponent, bcpow("2", "256")) === -1) )) { + (bccomp($exponent, "100000") === -1 || + // speed things up if way smaller than 2^256 + bccomp($exponent, bcpow("2", "256")) === -1) )) { // 65537 <= exponent < 2^256 recommended by NIST // not critical but log so we have some statistics about // affected users @@ -203,10 +196,83 @@ function checkWeakKeyText($text) E_USER_NOTICE); } } - } - /* No weakness found */ - return ""; + // No weakness found + return ""; + } // End RSA + +/* +//Fails to work due to outdated OpenSSL 0.9.8o +//For this to work OpenSSL 1.0.1f or newer is required +//which is currently unavailable on the systems +//If DSA2048 or longer is used the CSR hangs pending on the signer. + if ($algorithm === "dsaEncryption") + { + if (!preg_match('/^\s*Public Key Algorithm:\s+dsaEncryption\s+pub:\s+([0-9a-fA-F:\s]+)\s+P:\s+([0-9a-fA-F:\s]+)\s+Q:\s+([0-9a-fA-F:\s]+)\s+G:\s+([0-9a-fA-F:\s]+)\s+$/sm', $text, $keydetail)) + { + return failWithId("checkWeakKeyText(): Couldn't parse the DSA ". + "key size.\nData:\n$text"); + } + + $key_pub = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[1]), "ABCDEF", "abcdef"); + $key_P = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[2]), "ABCDEF", "abcdef"); + $key_Q = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[3]), "ABCDEF", "abcdef"); + $key_G = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[4]), "ABCDEF", "abcdef"); + + //Verify the numbers provided by the client + $num_pub = @gmp_init($key_pub, 16); + $num_P = @gmp_init($key_P, 16); + $num_Q = @gmp_init($key_Q, 16); + $num_G = @gmp_init($key_G, 16); + + $bit_P = ltrim(gmp_strval($num_P, 2), "0"); + $keysize = strlen($bit_P); + + if ($keysize < 2048) { + return sprintf(_("The keys that you use are very small ". + "and therefore insecure. Please generate stronger ". + "keys. More information about this issue can be ". + "found in %sthe wiki%s"), + "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>", + "</a>"); + } + + //Following checks based on description of key generation in Wikipedia + //These checks do not ensure a strong key, but at least check for enough sanity in the key material + // cf. https://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Key_generation + + //Check that P is prime + if(!gmp_testprime($num_P)) { + return failWithId("checkWeakKeyText(): The supplied DSA ". + "key does seem to have a non-prime public modulus.\nData:\n$text"); + } + + //Check that Q is prime + if(!gmp_testprime($num_Q)) { + return failWithId("checkWeakKeyText(): The supplied DSA ". + "key does seem to have a non-prime Q-value.\nData:\n$text"); + } + + //Check if P-1 is diviseable by Q + if(0 !== gmp_cmp("1", gmp_mod($num_P, $num_Q))) { + return failWithId("checkWeakKeyText(): The supplied DSA ". + "key does seem to have P mod Q === 1 (i.e. P-1 is not diviseable by Q).\nData:\n$text"); + } + + //Check the numbers are all less than the public modulus P + if(0 <= gmp_cmp($num_Q, $num_P) || 0 <= gmp_cmp($num_G, $num_P) || 0 <= gmp_cmp($num_pub, $num_P)) { + return failWithId("checkWeakKeyText(): The supplied DSA ". + "key does seem to be normalized to have Q < P, G < P and pub < P.\nData:\n$text"); + } + + // No weakness found + return ""; + } // End DSA +*/ + + + return _("The keys you supplied use an unrecognized algorithm. ". + "For security reasons these keys can not be signed by CAcert."); } /** @@ -242,7 +308,7 @@ function checkDebianVulnerability($text, $keysize = 0) if ($algorithm !== "rsaEncryption") return false; /* Extract public key size */ - if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text, + if (!preg_match('/^\s*Public-Key: \((\d+) bit\)$/m', $text, $keysize)) { trigger_error("checkDebianVulnerability(): Couldn't parse the ". @@ -272,7 +338,7 @@ function checkDebianVulnerability($text, $keysize = 0) /* Extract RSA modulus */ - if (!preg_match('/^\s*Modulus \(\d+ bit\):\n'. + if (!preg_match('/^\s*Modulus:\n'. '((?:\s*[0-9a-f][0-9a-f]:(?:\n)?)+[0-9a-f][0-9a-f])$/m', $text, $modulus)) { diff --git a/includes/lib/general.php b/includes/lib/general.php index 85b132d..127c6b7 100644 --- a/includes/lib/general.php +++ b/includes/lib/general.php @@ -18,10 +18,10 @@ /** * Checks if the user may log in and retrieve the user id - * + * * Usually called with $_SERVER['SSL_CLIENT_M_SERIAL'] and * $_SERVER['SSL_CLIENT_I_DN_CN'] - * + * * @param $serial string * usually $_SERVER['SSL_CLIENT_M_SERIAL'] * @param $issuer_cn string @@ -43,7 +43,7 @@ function get_user_id_from_cert($serial, $issuer_cn) $row = mysql_fetch_assoc($res); return intval($row['memid']); } - + return -1; } @@ -71,7 +71,7 @@ function failWithId($errormessage) { /** * Runs a command on the shell and return it's exit code and output - * + * * @param string $command * The command to run. Make sure that you escapeshellarg() any non-constant * parts as this is executed on a shell! @@ -85,7 +85,7 @@ function failWithId($errormessage) { * @param string|bool $errors * The output the command wrote to STDERR (this is passed as reference), * if true (default) the output will be written to the real STDERR - * + * * @return int|bool * The exit code of the command, true if the execution of the command * failed (true because then @@ -93,38 +93,38 @@ function failWithId($errormessage) { */ function runCommand($command, $input = "", &$output = null, &$errors = true) { $descriptorspec = array(); - + if ($input !== true) { $descriptorspec[0] = array("pipe", "r"); // STDIN for child } - + if ($output !== true) { $descriptorspec[1] = array("pipe", "w"); // STDOUT for child } - + if ($errors !== true) { $descriptorspec[2] = array("pipe", "w"); // STDERR for child } - + $proc = proc_open($command, $descriptorspec, $pipes); - + if (is_resource($proc)) { if ($input !== true) { fwrite($pipes[0], $input); fclose($pipes[0]); } - + if ($output !== true) { $output = stream_get_contents($pipes[1]); } - + if ($errors !== true) { $errors = stream_get_contents($pipes[2]); } - + return proc_close($proc); - + } else { return true; } @@ -145,19 +145,18 @@ function runCommand($command, $input = "", &$output = null, &$errors = true) { { $Result |= 5; } - - $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now()'); + + $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now() and `deleted` = 0'); $row = mysql_fetch_assoc($query); if ($row['points'] < 100) { $Result |= 3; } - + $query = mysql_query('SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\''); $row = mysql_fetch_assoc($query); if ($row['assurer_blocked'] > 0) { $Result |= 9; } - + return $Result; } -
\ No newline at end of file diff --git a/includes/lib/l10n.php b/includes/lib/l10n.php index 85b7aff..e325add 100644 --- a/includes/lib/l10n.php +++ b/includes/lib/l10n.php @@ -22,10 +22,10 @@ class L10n { /** * These are tranlations we currently support. - * + * * If another translation is added, it doesn't suffice to have gettext set * up, you also need to add it here, because it acts as a white list. - * + * * @var array("ISO-language code" => "native name of the language") */ public static $translations = array( @@ -53,15 +53,15 @@ class L10n { "zh-cn" => "中文(简体)", "zh-tw" => "中文(臺灣)", ); - + /** * setlocale needs a language + region code for whatever reason so here's * the mapping from a translation code to locales with the region that * seemed the most common for this language - * + * * You probably never need this. Use {@link set_translation()} to change the * language instead of manually calling setlocale(). - * + * * @var array(string => string) */ private static $locales = array( @@ -101,11 +101,11 @@ class L10n { "zh-cn" => "zh_CN", "zh-tw" => "zh_TW", ); - + /** * Auto-detects the language that should be used and sets it. Only works for * HTTP, not in a command line script. - * + * * Priority: * <ol> * <li>explicit parameter "lang" passed in HTTP (e.g. via GET)</li> @@ -128,10 +128,10 @@ class L10n { return; } } - - + + $languages = array(); - + // parse Accept-Language header if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER)) { $bits = explode(",", strtolower( @@ -144,29 +144,29 @@ class L10n { $c = floatval(substr($b[1], 2)); else $c = 1; - + if ($c != 0) { $languages[trim($b[0])] = $c; } } } - + // check if there is an explicit language given as parameter if(array_key_exists("lang",$_REQUEST) && trim($_REQUEST["lang"]) != "") { // higher priority than those values in the header $languages[strtolower(trim($_REQUEST["lang"]))] = 2.0; } - + arsort($languages, SORT_NUMERIC); - + // this is used to be compatible with browsers like internet // explorer which only provide the language code including the // region not without. Also handles the fallback to English (qvalues // may only have three digits after the .) $fallbacks = array("en" => 0.0005); - + foreach($languages as $lang => $qvalue) { // ignore any non-conforming values (that's why we don't need to @@ -179,7 +179,7 @@ class L10n { } $lang_prefix = $matches[1]; // usually two-letter language code $fallbacks[$lang_prefix] = $qvalue; - + $chosen_translation = ""; if ($lang === '*') { // According to the standard '*' matches anything but any @@ -202,7 +202,7 @@ class L10n { } } } - + if ($chosen_translation !== "") { if (self::set_translation($chosen_translation)) { @@ -210,7 +210,7 @@ class L10n { } } } - + // No translation found yet => try the prefixes arsort($fallbacks, SORT_NUMERIC); foreach ($fallbacks as $lang => $qvalue) { @@ -218,16 +218,47 @@ class L10n { return; } } - + // should not get here, as the fallback of "en" is provided and that // should always work => log an error trigger_error("L10n::detect_language(): could not set language", E_USER_WARNING); } - + + /** + * Normalise the translation code (e.g. from the old codes to the new) + * + * @return string + * a translation code or the empty string if it can't be normalised + */ + public static function normalise_translation($translation_code) { + // check $translation_code against whitelist + if (array_key_exists($translation_code, self::$translations) ) { + return $translation_code; + } + + // maybe it's a locale as previously used in the system? e.g. en_AU + if (preg_match('/^([a-z][a-z])_([A-Z][A-Z])$/', $translation_code, $matches) !== 1) { + return ''; + } + + $lang_code = $matches[1]; + $region_code = strtolower($matches[2]); + + if (array_key_exists("${lang_code}-${region_code}", self::$translations)) { + return "${lang_code}-${region_code}"; + } + + if (array_key_exists($lang_code, self::$translations)) { + return $lang_code; + } + + return ''; + } + /** * Get the set translation - * + * * @return string * a translation code or the empty string if not set */ @@ -238,13 +269,13 @@ class L10n { return ""; } } - + /** * Set the translation to use. - * + * * @param string $translation_code * the translation code as specified in the keys of {@link $translations} - * + * * @return bool * <ul> * <li>true if the translation has been set successfully</li> @@ -255,27 +286,11 @@ class L10n { * </ul> */ public static function set_translation($translation_code) { - // check $translation_code against whitelist - if ( !array_key_exists($translation_code, self::$translations) ) { - // maybe it's a locale as previously used in the system? e.g. en_AU - if ( preg_match('/^([a-z][a-z])_([A-Z][A-Z])$/', $translation_code, - $matches) !== 1 ) { - return false; - } - - $lang_code = $matches[1]; - $region_code = strtolower($matches[2]); - - if ( array_key_exists("${lang_code}-${region_code}", - self::$translations) ) { - $translation_code = "${lang_code}-${region_code}"; - } elseif ( array_key_exists($lang_code, self::$translations) ) { - $translation_code = $lang_code; - } else { - return false; - } + $translation_code = self::normalise_translation($translation_code); + if (empty($translation_code)) { + return false; } - + // map translation to locale if ( !array_key_exists($translation_code, self::$locales) ) { // weird. maybe you added a translation but haven't added a @@ -285,7 +300,7 @@ class L10n { return false; } $locale = self::$locales[$translation_code]; - + // set up locale if ( !putenv("LANG=$locale") ) { trigger_error("L10n::set_translation(): could not set the ". @@ -297,42 +312,42 @@ class L10n { "LC_ALL to $locale", E_USER_WARNING); return false; } - - + + // only set if we're running in a server not in a script if (isset($_SESSION)) { // save the setting $_SESSION['_config']['language'] = $translation_code; - - + + // Set up the recode settings needed e.g. in PDF creation $_SESSION['_config']['recode'] = "html..latin-1"; - + if($translation_code === "zh-cn" || $translation_code === "zh-tw") { $_SESSION['_config']['recode'] = "html..gb2312"; - + } else if($translation_code === "pl" || $translation_code === "hu") { $_SESSION['_config']['recode'] = "html..ISO-8859-2"; - + } else if($translation_code === "ja") { $_SESSION['_config']['recode'] = "html..SHIFT-JIS"; - + } else if($translation_code === "ru") { $_SESSION['_config']['recode'] = "html..ISO-8859-5"; - + } else if($translation_code == "lt") { // legacy, keep for reference $_SESSION['_config']['recode'] = "html..ISO-8859-13"; - + } } - + return true; } - + /** * Sets up the text domain used by gettext - * + * * @param string $domain * the gettext domain that should be used, defaults to "messages" */ diff --git a/includes/loggedin.php b/includes/loggedin.php index b386a2a..c14f8c2 100644 --- a/includes/loggedin.php +++ b/includes/loggedin.php @@ -39,12 +39,12 @@ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; if(is_int($key) || is_string($key)) - unset($_SESSION[$key]); - unset($$key); - //session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'")); + $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($uid)."'")); if($_SESSION['profile']['locked'] == 0) $_SESSION['profile']['loggedin'] = 1; else @@ -65,13 +65,13 @@ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; if(is_int($key) || is_string($key)) - unset($_SESSION[$key]); - unset($$key); - //session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( - "select * from `users` where `id`='".$user_id."'")); + "select * from `users` where `id`='".intval($user_id)."'")); if($_SESSION['profile']['locked'] == 0) $_SESSION['profile']['loggedin'] = 1; else @@ -83,9 +83,9 @@ { if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; - unset($_SESSION[$key]); - unset($$key); - //session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI']; @@ -102,7 +102,7 @@ if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0) { - $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; + $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; @@ -110,7 +110,7 @@ if($_SESSION['profile']['language'] == "") { $query = "update `users` set `language`='".L10n::get_translation()."' - where `id`='".$_SESSION['profile']['id']."'"; + where `id`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); } else { L10n::set_translation($_SESSION['profile']['language']); @@ -125,9 +125,9 @@ $_SESSION['profile'] = ""; foreach($_SESSION as $key => $value) { - unset($_SESSION[$key]); - unset($$key); - //session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } header("Location: https://{$normalhost}/index.php"); diff --git a/includes/notary.inc.php b/includes/notary.inc.php index 37a7ed0..3b8e736 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -16,6 +16,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +define('NULL_DATETIME', '0000-00-00 00:00:00'); +define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00'); + function query_init ($query) { return mysql_query($query); @@ -35,7 +38,7 @@ function get_number_of_assurances ($userid) { $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' "); + WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' and `deleted` = 0"); $row = query_getnextrow($res); return intval($row['list']); @@ -44,7 +47,7 @@ function get_number_of_ttpassurances ($userid) { $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' "); + WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' and `deleted` = 0"); $row = query_getnextrow($res); return intval($row['list']); @@ -53,7 +56,7 @@ function get_number_of_assurees ($userid) { $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' "); + WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' and `deleted` = 0"); $row = query_getnextrow($res); return intval($row['list']); @@ -62,7 +65,7 @@ function get_top_assurer_position ($no_of_assurances) { $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' + WHERE `method` = 'Face to Face Meeting' and `deleted` = 0 GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'"); return intval(query_get_number_of_rows($res)+1); } @@ -70,32 +73,52 @@ function get_top_assuree_position ($no_of_assurees) { $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' + WHERE `method` = 'Face to Face Meeting' and `deleted` = 0 GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'"); return intval(query_get_number_of_rows($res)+1); } - function get_given_assurances ($userid) + /** + * Get the list of assurances given by the user + * @param int $userid - id of the assurer + * @param int $log - if set to 1 also includes deleted assurances + * @return resource - a MySQL result set + */ + function get_given_assurances($userid, $log=0) { - $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc"); + $deleted=''; + if ($log == 0) { + $deleted = ' and `deleted` = 0 '; + } + $res = query_init("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc"); return $res; } - function get_received_assurances ($userid) + /** + * Get the list of assurances received by the user + * @param int $userid - id of the assuree + * @param int $log - if set to 1 also includes deleted assurances + * @return resource - a MySQL result set + */ + function get_received_assurances($userid, $log=0) { - $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc "); + $deleted=''; + if ($log == 0) { + $deleted = ' and `deleted` = 0 '; + } + $res = query_init("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc "); return $res; } function get_given_assurances_summary ($userid) { - $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method"); + $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method"); return $res; } function get_received_assurances_summary ($userid) { - $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method"); + $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method"); return $res; } @@ -113,69 +136,177 @@ return mysql_num_rows($res); } - function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked) + + /** + * Calculate awarded points (corrects some issues like out of range points + * or points that were issued by means that have been deprecated) + * + * @param array $row - associative array containing the data from the + * `notary` table + * @return int - the awarded points for this assurance + */ + function calc_awarded($row) + { + // Back in the old days there was no `awarded` column => is now zero, + // there the `points` column contained that data + $points = max(intval($row['awarded']), intval($row['points'])); + + // Set negative points to zero, yes there are such things in the database + $points = max($points, 0); + + switch ($row['method']) + { + // These programmes have been revoked + case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration) + case 'CT Magazine - Germany': // revoke c't (only one test-entry) + case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented) + $points = 0; + break; + + case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation) + if ($points <= 2) // maybe limit to 35/50 pts in the future? + $points = 0; + break; + + // TTP assurances, limit to 35 + case 'TTP-Assisted': + $points = min($points, 35); + break; + + // TTP TOPUP, limit to 30 + case 'TOPUP': + $points = min($points, 30); + + // All these should be preserved for the time being + case 'Unknown': // to be revoked in the future? limit to max 50 pts? + case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts? + case '': // to be revoked in the future? limit to max 50 pts? + case 'Face to Face Meeting': // normal assurances (and superassurances?), limit to 35/50 pts in the future? + break; + + default: // should never happen ... ;-) + $points = 0; + } + + return $points; + } + + + /** + * Calculate the experience points from a given Assurance + * @param array $row - [inout] associative array containing the data from + * the `notary` table, the keys 'experience' and 'calc_awarded' will be + * added + * @param int $sum_points - [inout] the sum of already counted assurance + * points the assurer issued + * @param int $sum_experience - [inout] the sum of already counted + * experience points that were awarded to the assurer + */ + function calc_experience(&$row, &$sum_points, &$sum_experience) { - $apoints = max($row['points'], $row['awarded']); - $points += $apoints; - $experience = " "; - $revoked = false; # to be coded later (after DB-upgrade) + $row['calc_awarded'] = calc_awarded($row); + + // Don't count revoked assurances even if we are displaying them + if ($row['deleted'] !== NULL_DATETIME) { + $row['experience'] = 0; + return; + } + + $experience = 0; if ($row['method'] == "Face to Face Meeting") { - $sum_experience = $sum_experience +2; - $experience = "2"; + $experience = 2; } - return $apoints; + $sum_experience += $experience; + $row['experience'] = $experience; + + $sum_points += $row['calc_awarded']; } - function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded,&$revoked) + /** + * Calculate the points received from a received Assurance + * @param array $row - [inout] associative array containing the data from + * the `notary` table, the keys 'experience' and 'calc_awarded' will be + * added + * @param int $sum_points - [inout] the sum of already counted assurance + * points the assuree received + * @param int $sum_experience - [inout] the sum of already counted + * experience points that were awarded to the assurer + */ + function calc_assurances(&$row, &$sum_points, &$sum_experience) { - $awarded = calc_points($row); - $revoked = false; + $row['calc_awarded'] = calc_awarded($row); + $experience = 0; - if ($awarded > 100) + // High point values mean that some of them are experience points + if ($row['calc_awarded'] > 100) { - $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100) - $awarded = 100; + $experience = $row['calc_awarded'] - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100) + $row['calc_awarded'] = 100; } - else - $experience = 0; switch ($row['method']) { case 'Thawte Points Transfer': case 'CT Magazine - Germany': case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented - $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked")); - $experience=0; - $revoked=true; + $experience = 0; + $row['deleted'] = THAWTE_REVOCATION_DATETIME; break; - default: - $points += $awarded; } - $sumexperience = $sumexperience + $experience; - } + // Don't count revoked assurances even if we are displaying them + if ($row['deleted'] !== NULL_DATETIME) { + $row['experience'] = 0; + return; + } + + $sum_experience += $experience; + $row['experience'] = $experience; + $sum_points += $row['calc_awarded']; + } - function show_user_link ($name,$userid) + /** + * Generate a link to the support engineer page for the user with the name + * of the user as link text + * @param array $user - associative array containing the data from the + * `user` table + * @return string + */ + function show_user_link($user) { - $name = trim($name); + $name = trim($user['fname'].' '.$user['lname']); + $userid = intval($user['id']); + if($name == "") { - if ($userid == 0) + if ($userid == 0) { $name = _("System"); - else + } else { $name = _("Deleted account"); + } } else - $name = "<a href='wot.php?id=9&userid=".intval($userid)."'>".sanitizeHTML($name)."</a>"; + { + $name = "<a href='wot.php?id=9&userid=".$userid."'>".sanitizeHTML($name)."</a>"; + } + return $name; } - function show_email_link ($email,$userid) + /** + * Generate a link to the support engineer page for the user with the email + * address as link text + * @param array $user - associative array containing the data from the + * `user` table + * @return string + */ + function show_email_link($user) { - $email = trim($email); - if($email != "") - $email = "<a href='account.php?id=43&userid=".intval($userid)."'>".sanitizeHTML($email)."</a>"; + $email = trim($user['email']); + if($email != "") { + $email = "<a href='account.php?id=43&userid=".intval($user['id'])."'>".sanitizeHTML($email)."</a>"; + } return $email; } @@ -215,35 +346,41 @@ <? } - function output_assurances_header($title,$support) + /** + * Render header for the assurance table (same for given/received) + * @param string $title - The title for the table + * @param int $support - set to 1 if the output is for the support interface + * @param int $log - if set to 1 also includes deleted assurances + */ + function output_assurances_header($title, $support, $log) { + if ($support == 1) { + $log = 1; + } + + $colspan = 7; + if ($support == 1) { + $colspan += 2; + } + if ($log == 1) { + $colspan += 1; + } ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> -<? - if ($support == "1") - { -?> - <td colspan="10" class="title"><?=$title?></td> -<? - } else { -?> - <td colspan="7" class="title"><?=$title?></td> -<? - } -?> + <td colspan="<?=$colspan?>" class="title"><?=$title?></td> </tr> <tr> <td class="DataTD"><strong><?=_("ID")?></strong></td> <td class="DataTD"><strong><?=_("Date")?></strong></td> <? - if ($support == "1") - { + if ($support == 1) + { ?> <td class="DataTD"><strong><?=_("When")?></strong></td> <td class="DataTD"><strong><?=_("Email")?></strong></td> <? - } + } ?> <td class="DataTD"><strong><?=_("Who")?></strong></td> <td class="DataTD"><strong><?=_("Points")?></strong></td> @@ -251,43 +388,88 @@ <td class="DataTD"><strong><?=_("Method")?></strong></td> <td class="DataTD"><strong><?=_("Experience Points")?></strong></td> <? - if ($support == "1") - { + if ($log == 1) + { ?> - <td class="DataTD"><strong><?=_("Revoke")?></strong></td> + <td class="DataTD"><strong><?=_("Revoked")?></strong></td> <? - } + } ?> </tr> <? } - function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support) + /** + * Render footer for the assurance table (same for given/received) + * @param string $points_txt - Description for sum of assurance points + * @param int $sumpoints - sum of assurance points + * @param string $experience_txt - Description for sum of experience points + * @param int $sumexperience - sum of experience points + * @param int $support - set to 1 if the output is for the support interface + * @param int $log - if set to 1 also includes deleted assurances + */ + function output_assurances_footer( + $points_txt, + $sumpoints, + $experience_txt, + $sumexperience, + $support, + $log) { ?> <tr> - <td<?=($support == "1")?' colspan="5"':' colspan="3"'?> class="DataTD"><strong><?=$points_txt?>:</strong></td> - <td class="DataTD"><?=$points?></td> + <td colspan="<?=($support == 1) ? 5 : 3 ?>" class="DataTD"><strong><?=$points_txt?>:</strong></td> + <td class="DataTD"><?=intval($sumpoints)?></td> <td class="DataTD"> </td> <td class="DataTD"><strong><?=$experience_txt?>:</strong></td> - <td class="DataTD"><?=$sumexperience?></td> + <td class="DataTD"><?=intval($sumexperience)?></td> <? - if ($support == "1") - { + if ($log == 1) + { ?> <td class="DataTD"> </td> <? - } + } ?> - </tr> </table> <br/> <? } - function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked) + /** + * Render an assurance for a view + * @param array $assurance - associative array containing the data from the `notary` table + * @param int $userid - Id of the user whichs given/received assurances are displayed + * @param array $other_user - associative array containing the other users data from the `users` table + * @param int $support - set to 1 if the output is for the support interface + * @param string $ticketno - ticket number currently set in the support interface + * @param int $log - if set to 1 also includes deleted assurances + */ + function output_assurances_row( + $assurance, + $userid, + $other_user, + $support, + $ticketno, + $log) { + $assuranceid = intval($assurance['id']); + $date = $assurance['date']; + $when = $assurance['when']; + $awarded = intval($assurance['calc_awarded']); + $points = intval($assurance['points']); + $location = $assurance['location']; + $method = $assurance['method'] ? _($assurance['method']) : ''; + $experience = intval($assurance['experience']); + $revoked = $assurance['deleted'] !== NULL_DATETIME; + + $email = show_email_link($other_user); + $name = show_user_link($other_user); + + if ($support == 1) { + $log = 1; + } $tdstyle=""; $emopen=""; @@ -295,7 +477,7 @@ if ($awarded == $points) { - if ($awarded == "0") + if ($awarded == 0) { if ($when < "2006-09-01") { @@ -310,7 +492,7 @@ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td> <? - if ($support == "1") + if ($support == 1) { ?> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td> @@ -319,26 +501,30 @@ } ?> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$revoked ? sprintf("<strong style='color: red'>%s</strong>",_("Revoked")) : $awarded?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=sanitizeHTML($location)?><?=$emclose?></td> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?$experience:' '?><?=$emclose?></td> <? - if ($support == "1") + if ($log == 1) { if ($revoked == true) { ?> - <td class="DataTD" <?=$tdstyle?>> </td> + <td class="DataTD" <?=$tdstyle?>><?=$assurance['deleted']?></td> +<? + } elseif ($support == 1) { +?> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&userid=<?=intval($userid)?>&assurance=<?=intval($assuranceid)?>&csrf=<?=make_csrf('admdelassurance')?>&ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td> <? } else { ?> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&userid=<?=intval($userid)?>&assurance=<?=intval($assuranceid)?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>> </td> <? } } ?> - </tr> + </tr> <? } @@ -381,35 +567,61 @@ // ************* output given assurances ****************** - function output_given_assurances_content($userid,&$points,&$sum_experience,$support) + /** + * Helper function to render assurances given by the user + * @param int $userid + * @param int& $sum_points - [out] sum of given points + * @param int& $sum_experience - [out] sum of experience points gained + * @param int $support - set to 1 if the output is for the support interface + * @param string $ticketno - the ticket number set in the support interface + * @param int $log - if set to 1 also includes deleted assurances + */ + function output_given_assurances_content( + $userid, + &$sum_points, + &$sum_experience, + $support, + $ticketno, + $log) { - $points = 0; + $sum_points = 0; $sumexperience = 0; - $res = get_given_assurances(intval($userid)); + $res = get_given_assurances(intval($userid), $log); while($row = mysql_fetch_assoc($res)) { - $fromuser = get_user (intval($row['to'])); - $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked); - $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to'])); - $email = show_email_link ($fromuser['email'],intval($row['to'])); - output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked); + $assuree = get_user(intval($row['to'])); + calc_experience($row, $sum_points, $sum_experience); + output_assurances_row($row, $userid, $assuree, $support, $ticketno, $log); } } // ************* output received assurances ****************** - function output_received_assurances_content($userid,&$points,&$sum_experience,$support) + /** + * Helper function to render assurances received by the user + * @param int $userid + * @param int& $sum_points - [out] sum of received points + * @param int& $sum_experience - [out] sum of experience points the assurers gained + * @param int $support - set to 1 if the output is for the support interface + * @param string $ticketno - the ticket number set in the support interface + * @param int $log - if set to 1 also includes deleted assurances + */ + function output_received_assurances_content( + $userid, + &$sum_points, + &$sum_experience, + $support, + $ticketno, + $log) { - $points = 0; + $sum_points = 0; $sumexperience = 0; - $res = get_received_assurances(intval($userid)); + $res = get_received_assurances(intval($userid), $log); while($row = mysql_fetch_assoc($res)) { - $fromuser = get_user (intval($row['from'])); - calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked); - $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from'])); - $email = show_email_link ($fromuser['email'],intval($row['from'])); - output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked); + $fromuser = get_user(intval($row['from'])); + calc_assurances($row, $sum_points, $sum_experience); + output_assurances_row($row, $userid, $fromuser, $support, $ticketno, $log); } } @@ -422,41 +634,6 @@ return intval(query_get_number_of_rows($res)); } - function calc_points($row) - { - $awarded = intval($row['awarded']); - if ($awarded == "") - $awarded = 0; - if (intval($row['points']) < $awarded) - $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value - else - $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value - switch ($row['method']) - { - case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration) - case 'CT Magazine - Germany': // revoke c't (only one test-entry) - case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented) - $points = 0; - break; - case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation) - if ($points <= 2) // maybe limit to 35/50 pts in the future? - $points = 0; - break; - case 'Unknown': // to be revoked in the future? limit to max 50 pts? - case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts? - case 'TTP-Assisted': // TTP assurances, limit to 35 - case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30 - case '': // to be revoked in the future? limit to max 50 pts? - case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future? - break; - default: // should never happen ... ;-) - $points = 0; - } - if ($points < 0) // ignore negative points (bug needs to be fixed) - $points = 0; - return $points; - } - function max_points($userid) { return output_summary_content ($userid,0); @@ -486,7 +663,7 @@ $res = get_received_assurances_summary($userid); while($row = mysql_fetch_assoc($res)) { - $points = calc_points ($row); + $points = calc_awarded($row); if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed) { @@ -591,18 +768,66 @@ return $issue_points; } - function output_given_assurances($userid,$support=0) + /** + * Render assurances given by the user + * @param int $userid + * @param int $support - set to 1 if the output is for the support interface + * @param string $ticketno - the ticket number set in the support interface + * @param int $log - if set to 1 also includes deleted assurances + */ + function output_given_assurances($userid, $support=0, $ticketno='', $log=0) { - output_assurances_header(_("Assurance Points You Issued"),$support); - output_given_assurances_content($userid,$points,$sum_experience,$support); - output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support); + output_assurances_header( + _("Assurance Points You Issued"), + $support, + $log); + + output_given_assurances_content( + $userid, + $sum_points, + $sum_experience, + $support, + $ticketno, + $log); + + output_assurances_footer( + _("Total Points Issued"), + $sum_points, + _("Total Experience Points"), + $sum_experience, + $support, + $log); } - function output_received_assurances($userid,$support=0) + /** + * Render assurances received by the user + * @param int $userid + * @param int $support - set to 1 if the output is for the support interface + * @param string $ticketno - the ticket number set in the support interface + * @param int $log - if set to 1 also includes deleted assurances + */ + function output_received_assurances($userid, $support=0, $ticketno='', $log=0) { - output_assurances_header(_("Your Assurance Points"),$support); - output_received_assurances_content($userid,$points,$sum_experience,$support); - output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience,$support); + output_assurances_header( + _("Assurance Points You Received"), + $support, + $log); + + output_received_assurances_content( + $userid, + $sum_points, + $sum_experience, + $support, + $ticketno, + $log); + + output_assurances_footer( + _("Total Points Received"), + $sum_points, + _("Total Experience Points"), + $sum_experience, + $support, + $log); } function output_summary($userid) @@ -639,10 +864,16 @@ $res = mysql_query($query); } + /** + * get_user_agreement_status() + * returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded + * @param mixed $memid + * @param string $type + * @return + */ function get_user_agreement_status($memid, $type="CCA"){ - //returns 0 - no user agreement, 1- at least one entry $query="SELECT u.`document` FROM `user_agreements` u - WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ; + WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ; $res = mysql_query($query); if(mysql_num_rows($res) <=0){ return 0; @@ -651,53 +882,118 @@ } } - function get_first_user_agreement($memid, $active=1, $type="CCA"){ - //returns an array (`document`,`date`,`method`, `comment`,`active`) - if($active==1){ - $filter="u.`memid`=".$memid; - }else{ - $filter="u.`secmemid`=".$memid; + /** + * Get the first user_agreement entry of the requested type + * @param int $memid + * @param string $type - the type of user agreement, by default all + * agreements are listed + * @param int $active - whether to get active or passive agreements: + * 0 := passive + * 1 := active + * null := both + * @return array(string=>mixed) - an associative array containing + * 'document', 'date', 'method', 'comment', 'active' + */ + function get_first_user_agreement($memid, $type=null, $active=null){ + $filter = ''; + if (!is_null($type)) { + $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'"; } - $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u - WHERE u.`document` = '".$type."' AND ".$filter." - ORDER BY u.`date` Limit 1;"; + + if (!is_null($active)) { + $filter .= " AND u.`active` = ".intval($active); + } + + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u + WHERE u.`memid`=".intval($memid)." + $filter + ORDER BY u.`date` LIMIT 1"; $res = mysql_query($query); if(mysql_num_rows($res) >0){ - $row = mysql_fetch_assoc($res); - $rec['document']= $row['document']; - $rec['date']= $row['date']; - $rec['method']= $row['method']; - $rec['comment']= $row['comment']; - $rec['active']= $row['active']; + $rec = mysql_fetch_assoc($res); }else{ $rec=array(); } return $rec; } - function get_last_user_agreement($memid, $type="CCA"){ - //returns an array (`document`,`date`,`method`, `comment`,`active`) - $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1) - union - (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; + /** + * Get the last user_agreement entry of the requested type + * @param int $memid + * @param string $type - the type of user agreement, by default all + * agreements are listed + * @param int $active - whether to get active or passive agreements: + * 0 := passive, + * 1 := active, + * null := both + * @return array(string=>mixed) - an associative array containing + * 'document', 'date', 'method', 'comment', 'active' + */ + function get_last_user_agreement($memid, $type=null, $active=null){ + $filter = ''; + if (!is_null($type)) { + $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'"; + } + + if (!is_null($active)) { + $filter .= " AND u.`active` = ".intval($active); + } + + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u + WHERE u.`memid`=".intval($memid)." + $filter + ORDER BY u.`date` DESC LIMIT 1"; $res = mysql_query($query); if(mysql_num_rows($res) >0){ - $row = mysql_fetch_assoc($res); - $rec['document']= $row['document']; - $rec['date']= $row['date']; - $rec['method']= $row['method']; - $rec['comment']= $row['comment']; - $rec['active']= $row['active']; + $rec = mysql_fetch_assoc($res); }else{ $rec=array(); } return $rec; } - function delete_user_agreement($memid, $type="CCA"){ - //deletes all entries to an user for the given type of user agreements - mysql_query("delete from `user_agreements` where `memid`='".$memid."'"); - mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'"); +/** + * Get the all user_agreement entries of the requested type + * @param int $memid + * @param string $type - the type of user agreement, by default all + * agreements are listed + * @param int $active - whether to get an active or passive agreements: + * 0 := passive, + * 1 := active, + * null := both + * @return resource - a mysql result set containing all agreements + */ +function get_user_agreements($memid, $type=null, $active=null){ + $filter = ''; + if (!is_null($type)) { + $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'"; + } + + if (!is_null($active)) { + $filter .= " AND u.`active` = ".intval($active); + } + + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u + WHERE u.`memid`=".intval($memid)." + $filter + ORDER BY u.`date`"; + return mysql_query($query); +} + + /** + * delete_user_agreement() + * deletes all entries for a given type from user_agreement of a given user, if type is not given all + * @param mixed $memid + * @param string $type + * @return + */ + function delete_user_agreement($memid, $type=false){ + if ($type === false) { + $filter = ''; + } else { + $filter = " and `document` = '" . mysql_real_escape_string($type) . "'"; + } + mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter ); } // functions for 6.php (assure somebody) @@ -720,7 +1016,7 @@ { ?> <tr> - <td class="DataTD"><?=$field1.(empty($field1)?'':':')?>:</td> + <td class="DataTD"><?=$field1.(empty($field1)?'':':')?></td> <td class="DataTD"><?=$field2?></td> </tr> <? @@ -759,7 +1055,7 @@ <? } else { ?> - <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" /> + <input type="hidden" name="method" value="<?=$methods[0]?>" /> <? } } @@ -768,7 +1064,7 @@ { ?> <tr> - <td class="DataTD"><?=$field.(empty($field)?'':':')?>:</td> + <td class="DataTD"><?=$field.(empty($field)?'':':')?></td> <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td> </tr> <? @@ -894,11 +1190,6 @@ } //change personal information to arbitration number and DOB=1900-01-01 - $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'"; - $details = mysql_fetch_assoc(mysql_query($query)); - $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}', - `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'"; - mysql_query($query); $query = "update `users` set `fname`='".$arbno."', `mname`='".$arbno."', `lname`='".$arbno."', @@ -1110,3 +1401,740 @@ function check_date_difference($date, $diff=1){ return (strtotime($date)<=time()+$diff*86400); } + +/** + * Write some information to the adminlog + * + * @param int $uid - id of the user account + * @param int $adminid - id of the admin + * @param string $type - the operation that was performed on the user account + * @param string $info - the ticket / arbitration number or other information + * @return bool - true := success, false := error + */ +function write_se_log($uid, $adminid, $type, $info){ + //records all support engineer actions changing a user account + $uid = intval($uid); + $adminid = intval($adminid); + $type = mysql_real_escape_string($type); + $info = mysql_real_escape_string($info); + $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values + (Now(), $uid, $adminid, '$type', '$info')"; + return mysql_query($query); +} + +/** + * Check if the entered information is a valid ticket or arbitration number + * @param string $ticketno + * @return bool + */ +function valid_ticket_number($ticketno){ + //a arbitration case + //d dispute action + //s support case + //m board motion + $pattern='/[adsmADSM]\d{8}\.\d+/'; + if (preg_match($pattern, $ticketno)) { + return true; + } + return false; +} + +// function for handling account/43.php +/** + * Get all data of an account given by the id from the `users` table + * @param int $userid - account id + * @param int $deleted - states if deleted data should be visible , default = 0 - not visible + * @return resource - a mysql result set + */ +function get_user_data($userid, $deleted=0){ + $userid = intval($userid); + $filter=''; + if (0==$deleted) { + $filter .=' and `users`.`deleted`=0'; + } + $query = "select * from `users` where `users`.`id`='$userid' ".$filter; + return mysql_query($query); +} + +/** + * Get the alert settings for a user + * @param int $userid for the requested account + * @return array - associative array + */ +function get_alerts($userid){ + return mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($userid)."'")); +} + +/** + * Get all email addresses linked to the account + * @param int $userid + * @param string $exclude - if given the email address will be excluded + * @param int $deleted - states if deleted data should be visible, default = 0 - not visible + * @return resource - a mysql result set + */ +function get_email_addresses($userid, $exclude, $deleted=0){ + //should be entered in account/2.php + $userid = intval($userid); + $filter=''; + if (0==$deleted) { + $filter .= ' and `deleted`=0'; + } + if ($exclude) { + $filter .= " and `email`!='".mysql_real_escape_string($exclude)."'"; + } + $query = "select * from `email` where `memid`='".$userid."' and `hash`='' ".$filter." order by `created`"; + return mysql_query($query); +} + +/** + * Get all domains linked to the account + * @param int $userid + * @param int $deleted - states if deleted data should be visible, default = 0 - not visible + * @return resource - a mysql result set + */ +function get_domains($userid, $deleted=0){ + //should be entered in account/9.php + $userid = intval($userid); + $filter=''; + if (0==$deleted) { + $filter .= ' and `deleted`=0'; + } + $query = "select * from `domains` where `memid`='".$userid."' and `hash`=''".$filter." order by `created`"; + return mysql_query($query); +} + +/** + * Get all training results for the account + * @param int $userid + * @return resource - a mysql result set + */ +function get_training_results($userid){ + //should be entered in account/55.php + $userid = intval($userid); + $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ". + " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ". + " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".$userid."'". + " ORDER BY `CP`.`pass_date`"; + return mysql_query($query); +} + +/** + * Get all SE log entries for the account + * @param int $userid + * @return resource - a mysql result set + */ +function get_se_log($userid){ + $userid = intval($userid); + $query = "SELECT `adminlog`.`when`, `adminlog`.`type`, `adminlog`.`information`, `users`.`fname`, `users`.`lname` + FROM `adminlog`, `users` + WHERE `adminlog`.`adminid` = `users`.`id` and `adminlog`.`uid`=".$userid." + ORDER BY `adminlog`.`when`"; + return mysql_query($query); +} + +/** + * Get all client certificates linked to the account + * @param int $userid + * @param int $viewall - states if expired certs should be visible, default = 0 - not visible + * @return resource - a mysql result set + */ +function get_client_certs($userid, $viewall=0){ + //add to account/5.php + $userid = intval($userid); + $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, + UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, + UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`, + `emailcerts`.`expire`, + `emailcerts`.`revoked` as `revoke`, + UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, + `emailcerts`.`id`, + `emailcerts`.`CN`, + `emailcerts`.`serial`, + `emailcerts`.`disablelogin`, + `emailcerts`.`description` + from `emailcerts` + where `emailcerts`.`memid`='".$userid."'"; + if($viewall == 0) + { + $query .= " AND `emailcerts`.`revoked`=0 AND `emailcerts`.`renewed`=0"; + $query .= " HAVING `timeleft` > 0"; + } + $query .= " ORDER BY `emailcerts`.`modified` desc"; + return mysql_query($query); +} + +/** + * Get all server certs linked to the account + * @param int $userid + * @param int $viewall - states if expired certs should be visible, default = 0 - not visible + * @return resource - a mysql result set + */ +function get_server_certs($userid, $viewall=0){ + //add to account/12.php + $userid = intval($userid); + $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`, + UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, + UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`, + `domaincerts`.`expire`, + `domaincerts`.`revoked` as `revoke`, + UNIX_TIMESTAMP(`revoked`) as `revoked`, + `domaincerts`.`CN`, + `domaincerts`.`serial`, + `domaincerts`.`id`, + `domaincerts`.`description` + from `domaincerts`,`domains` + where `domains`.`memid`='".$userid."' and `domaincerts`.`domid`=`domains`.`id`"; + if($viewall == 0) + { + $query .= " AND `domaincerts`.`revoked`=0 AND `domaincerts`.`renewed`=0"; + $query .= " HAVING `timeleft` > 0"; + } + $query .= " ORDER BY `domaincerts`.`modified` desc"; + return mysql_query($query); +} + +/** + * Get all gpg certs linked to the account + * @param int $userid + * @param int $viewall - states if expired certs should be visible, default = 0 - not visible + * @return resource - a mysql result set + */ +function get_gpg_certs($userid, $viewall=0){ + //add to gpg/2.php + $userid = intval($userid); + $query = $query = "select UNIX_TIMESTAMP(`issued`) as `issued`, + UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`, + UNIX_TIMESTAMP(`expire`) as `expired`, + `expire`, `id`, `level`, `email`, `keyid`, `description` + from `gpg` where `memid`='".$userid."'"; + if ($viewall == 0) { + $query .= " HAVING `timeleft` > 0"; + } + $query .= " ORDER BY `issued` desc"; + return mysql_query($query); +} + + + +/** + * Show the table header to the email table for the admin log + */ +function output_log_email_header(){ + ?> + <tr> + <td class="DataTD bold"><?= _("Email, primary bold") ?></td> + <td class="DataTD bold"><?= _("Created") ?></td> + <td class="DataTD bold"><?= _("Deleted") ?></td> + </tr> + + <? +} +/** + * Show all email data for the admin log + * @param array $row - associative array containing the column data + * @param string $primary - if given the primary address is highlighted + */ +function output_log_email($row, $primary){ + $style = ''; + if ($row['deleted'] !== NULL_DATETIME) { + $style = ' deletedemailaddress'; + } elseif ($primary == $row['email']) { + $style = ' primaryemailaddress'; + } + ?> + <tr> + <td class="DataTD<?=$style?>"><?=$row['email']?></td> + <td class="DataTD<?=$style?>"><?=$row['created']?></td> + <td class="DataTD<?=$style?>"><?=$row['deleted']?></td> + </tr> + <? +} + +/** + * Show the table header to the domains table for the admin log + */ +function output_log_domains_header(){ + ?> + <tr> + <td class="DataTD bold"><?= _("Domain") ?></td> + <td class="DataTD bold"><?= _("Created") ?></td> + <td class="DataTD bold"><?= _("Deleted") ?></td> + </tr> + + <? +} + +/** + * Show the domain data for the admin log + * @param array $row - associative array containing the column data + */ +function output_log_domains($row){ + $italic=''; + if ($row['deleted'] !== NULL_DATETIME) { + $italic=' italic'; + } + ?> + <tr> + <td class="DataTD<?=$italic?>"><?=$row['domain']?></td> + <td class="DataTD<?=$italic?>"><?=$row['created']?></td> + <td class="DataTD<?=$italic?>"><?=$row['deleted']?></td> + </tr> + <? +} + +/** + * Show the table header to the user agreement table for the admin log + */ +function output_log_agreement_header(){ + ?> + <tr> + <td class="DataTD bold"><?= _("Agreement") ?></td> + <td class="DataTD bold"><?= _("Date") ?></td> + <td class="DataTD bold"><?= _("Method") ?></td> + <td class="DataTD bold"><?= _("Active ") ?></td> + </tr> + <? +} + +/** + * Show the agreement data for the admin log + * @param array $row - associative array containing the column data + */ +function output_log_agreement($row){ + ?> + <tr> + <td class="DataTD" ><?=$row['document']?></td> + <td class="DataTD" ><?=$row['date']?></td> + <td class="DataTD" ><?=$row['method']?></td> + <td class="DataTD"><?= ($row['active']==0)? _('passive'):_('active')?></td> + </tr> + <? +} + +/** + * Show the table header to the training table + */ +function output_log_training_header(){ + //should be entered in account/55.php + ?> + <tr> + <td class="DataTD bold"><?= _("Agreement") ?></td> + <td class="DataTD bold"><?= _("Test") ?></td> + <td class="DataTD bold"><?= _("Variant") ?></td> + </tr> + <? +} + +/** + * Show the training data + * @param array $row - associative array containing the column data + */ +function output_log_training($row){ + //should be entered in account/55.php + ?> + <tr> + <td class="DataTD"><?=$row['pass_date']?></td> + <td class="DataTD"><?=$row['type_text']?></td> + <td class="DataTD"><?=$row['test_text']?></td> + </tr> + <? +} + +/** + * Show the table header to the SE log table for the admin log + * @param int $support - if support = 1 more information is visible + */ +function output_log_se_header($support=0){ + ?> + <tr> + <td class="DataTD bold"><?= _("Date") ?></td> + <td class="DataTD bold"><?= _("Type") ?></td> + <? + if (1 == $support) { + ?> + <td class="DataTD bold"><?= _("Information") ?></td> + <td class="DataTD bold"><?= _("Admin") ?></td> + <? + } + ?> + </tr> + <? +} + +/** + * Show the SE log data for the admin log + * @param array $row - associative array containing the column data + * @param int $support - if support = 1 more information is visible + */ +function output_log_se($row, $support=0){ + //should be entered in account/55.php + ?> + <tr> + <td class="DataTD"><?=$row['when']?></td> + <td class="DataTD"><?=$row['type']?></td> + <? + if (1 == $support) { + ?> + <td class="DataTD"><?=$row['information']?></td> + <td class="DataTD"><?=$row['fname'].' '.$row['lname']?></td> + <? + } + ?> + </tr> + <? +} + +/** + * Shows the table header to the client cert table + * @param int $support - if support = 1 some columns ar not visible + * @param bool $readonly - whether elements to modify data should be hidden, default is `true` + */ +function output_client_cert_header($support=0, $readonly=true){ + //should be added to account/5.php + ?> + <tr> + <? + if (!$readonly) { + ?> + <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> + <? + } + ?> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=_("Email Address")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=_("Expires")?></td> + <td class="DataTD"><?=_("Login")?></td> + <? + if (1 != $support) { + ?> + <td colspan="2" class="DataTD"><?=_("Comment *")?></td> + <? + } + ?> + </tr> + <? +} + +/** + * Show the client cert data + * @param array $row - associative array containing the column data + * @param int $support - if support = 1 some columns are not visible + * @param bool $readonly - whether elements to modify data should be hidden, default is `true` + */ +function output_client_cert($row, $support=0, $readonly=true){ + //should be entered in account/5.php + $verified=""; + if ($row['timeleft'] > 0) { + $verified = _("Valid"); + } else { + $verified = _("Expired"); + } + + if ($row['expired'] == 0) { + $verified = _("Pending"); + } + + if ($row['revoked'] == 0) { + $row['revoke'] = _("Not Revoked"); + } else { + $verified = _("Revoked"); + } + + ?> + <tr> + <? + if (!$readonly) { + if ($verified === _("Pending")) { + ?> + <td class="DataTD"> + <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"> + </td> + <? + + } elseif ($verified === _("Revoked")) { + ?> + <td class="DataTD"> </td> + <? + + } else { + ?> + <td class="DataTD"> + <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"> + </td> + <? + } + } + + ?> + <td class="DataTD"><?=$verified?></td> + <? + + if ($verified === _("Pending")) { + ?> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?></td> + <? + } else { + ?> + <td class="DataTD"> + <a href="account.php?id=6&cert=<?=intval($row['id'])?>"> + <?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?> + </a> + </td> + <? + } + + ?> + <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['revoke']?></td> + <td class="DataTD"><?=$row['expire']?></td> + <td class="DataTD"> + <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?> <?=$readonly?'disabled="disabled"':''?>/> + <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" /> + </td> + <? + + if (1 != $support) { + ?> + <td class="DataTD"> + <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /> + </td> + <? + if (!$readonly) { + ?> + <td class="DataTD"> + <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /> + </td> + <? + } + } + + ?> + </tr> + <? +} + +/** + * Show the table header to the server cert table + * @param int $support - if support = 1 some columns ar not visible + * @param bool $readonly - whether elements to modify data should be hidden, default is `true` + */ +function output_server_certs_header($support=0, $readonly=true){ + //should be entered in account/12.php + ?> + <tr> + <? + if (!$readonly) { + ?> + <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> + <? + } + ?> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=_("CommonName")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=_("Expires")?></td> + <? + if (1 != $support) { + ?> + <td colspan="2" class="DataTD"><?=_("Comment *")?></td> + <? + } + ?> + </tr> + <? +} + +/** + * Show the server cert data + * @param array $row - associative array containing the column data + * @param int $support - if support = 1 some columns are not visible + * @param bool $readonly - whether elements to modify data should be hidden, default is `true` + */ +function output_server_certs($row, $support=0, $readonly=true){ + //should be entered in account/12.php + $verified=""; + if ($row['timeleft'] > 0) { + $verified = _("Valid"); + } else { + $verified = _("Expired"); + } + + if ($row['expired'] == 0) { + $verified = _("Pending"); + } + + if ($row['revoked'] == 0) { + $row['revoke'] = _("Not Revoked"); + } else { + $verified = _("Revoked"); + } + + ?> + <tr> + <? + if (!$readonly) { + if ($verified === _("Pending")) { + ?> + <td class="DataTD"> + <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/> + </td> + <? + } elseif($verified === _("Revoked")) { + ?> + <td class="DataTD"> </td> + <? + } else { + ?> + <td class="DataTD"> + <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/> + </td> + <? + } + } + + ?> + <td class="DataTD"><?=$verified?></td> + <? + + if ($verified === _("Pending")) { + ?> + <td class="DataTD"><?=htmlspecialchars($row['CN'])?></td> + <? + } else { + ?> + <td class="DataTD"> + <a href="account.php?id=15&cert=<?=intval($row['id'])?>"> + <?=htmlspecialchars($row['CN'])?> + </a> + </td> + <? + } + + ?> + <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['revoke']?></td> + <td class="DataTD"><?=$row['expire']?></td> + <? + + if (1 != $support) { + ?> + <td class="DataTD"> + <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /> + </td> + <? + if (!$readonly) { + ?> + <td class="DataTD"> + <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /> + </td> + <? + } + } + + ?> + </tr> + <? +} + +/** + * Show the table header to the gpg cert table + * @param int $support - if support = 1 some columns ar not visible + * @param bool $readonly - whether elements to modify data should be hidden, default is `true` + */ +function output_gpg_certs_header($support=0, $readonly=true){ + // $readonly is currently ignored but kept for consistency + ?> + <tr> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=_("Email Address")?></td> + <td class="DataTD"><?=_("Expires")?></td> + <td class="DataTD"><?=_("Key ID")?></td> + <? + if (1 != $support) { + ?> + <td colspan="2" class="DataTD"><?=_("Comment *")?></td> + <? + } + ?> + </tr> + <? +} + +/** + * Show the gpg cert data + * @param array $row - associative array containing the column data + * @param int $support - if support = 1 some columns are not visible + * @param bool $readonly - whether elements to modify data should be hidden, default is `true` + */ +function output_gpg_certs($row, $support=0, $readonly=true){ + //should be entered in account/55.php + $verified=""; + if ($row['timeleft'] > 0) { + $verified = _("Valid"); + } else { + $verified = _("Expired"); + } + + if ($row['expired'] == 0) { + $verified = _("Pending"); + } + + ?> + <tr> + <td class="DataTD"><?=$verified?></td> + <? + + if($verified == _("Pending")) { + ?> + <td class="DataTD"><?=htmlspecialchars($row['email'])?></td> + <? + } else { + ?> + <td class="DataTD"> + <a href="gpg.php?id=3&cert=<?=intval($row['id'])?>"> + <?=htmlspecialchars($row['email'])?> + </a> + </td> + <? + } + + ?> + <td class="DataTD"><?=$row['expire']?></td> + <? + + if($verified == _("Pending")) { + ?> + <td class="DataTD"><?=htmlspecialchars($row['keyid'])?></td> + <? + } else { + ?> + <td class="DataTD"> + <a href="gpg.php?id=3&cert=<?=intval($row['id'])?>"> + <?=htmlspecialchars($row['keyid'])?> + </a> + </td> + <? + } + + if (1 != $support) { + ?> + <td class="DataTD"> + <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /> + </td> + <? + if (!$readonly) { + ?> + <td class="DataTD"> + <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /> + </td> + <? + } + } + + ?> + </tr> + <? +} diff --git a/locale/Makefile b/locale/Makefile index 4215a4f..a2b856b 100644 --- a/locale/Makefile +++ b/locale/Makefile @@ -144,7 +144,7 @@ GETTEXT_FILE_PATTERN := \ ../pages/*/*.php \ ../scripts/*.php \ ../www/*.php \ -../www/*/*.php \ +../www/[a-z]*/*.php \ # ../tverify/*.php \ # ../tverify/*/*.php \ diff --git a/pages/account/10.php b/pages/account/10.php index 6371f76..17999a7 100644 --- a/pages/account/10.php +++ b/pages/account/10.php @@ -17,7 +17,7 @@ */ include_once("../includes/shutdown.php"); ?> -<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3> +<h3><?=_("CAcert Certificate Acceptable Use Policy")?></h3> <p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p> <p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p> @@ -30,17 +30,66 @@ <p><?=_("If you are a valid organisation and would like the organisation name in the certificates you can apply for an organisation assurance. Contact us via support@cacert.org for more information.")?></p> <form method="post" action="account.php"> +<p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="80" size="80" /> +</p> +<p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br /> + <textarea id="CSR" name="CSR" cols="80" rows="15"></textarea> +</p> + +<fieldset> +<legend> + <input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" /> + <label for="expertbox"><?=_("Advanced Options")?></label> +</legend> +<div id="advanced_options"> + <? if($_SESSION['profile']['points'] >= 50) { ?> -<input type="radio" name="rootcert" value="1"/> <?=_("Sign by class 1 root certificate")?><br /> -<input type="radio" name="rootcert" value="2" checked/> <?=_("Sign by class 3 root certificate")?><br /> +<ul class="no_indent"> + <li> + <input type="radio" id="root1" name="rootcert" value="1" /> + <label for="root1"><?=_("Sign by class 1 root certificate")?></label> + </li> + <li> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> + <label for="root2"><?=_("Sign by class 3 root certificate")?></label> + </li> +</ul> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <? } ?> -<p><?=_("Optional comment, only used in the certifictate overview")?><br> - <input type="text" name="description" maxlength="80" size=80/></p> -<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p> -<textarea name="CSR" cols="80" rows="15"></textarea><br /> -<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> - <?=_("Please Note: You need to accept the CCA to proceed.")?></p> + +<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p> +<ul class="no_indent"> +<? +foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { +?> + <li> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label> + </li> +<? +} +?> +</ul> + +</div> +</fieldset> + +<p><input type="checkbox" id="CCA" name="CCA" /> <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please note: You need to accept the CCA to proceed.")?></label></p> <input type="submit" name="process" value="<?=_("Submit")?>" /> <input type="hidden" name="oldid" value="<?=$id?>" /> </form> + + +<script language="javascript"> +function showExpert(a) +{ + var options=document.getElementById("advanced_options"); + options.style.display = (a) ? "" : "none"; + + var checkbox=document.getElementById("expertbox"); + checkbox.style.display = ""; +} +showExpert(false); +</script> diff --git a/pages/account/11.php b/pages/account/11.php index 4e070cb..5f94122 100644 --- a/pages/account/11.php +++ b/pages/account/11.php @@ -15,39 +15,61 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> + <p> -<?=_("Please make sure the following details are correct before proceeding any further.")?> +<?=_("Please make sure the following details are correct before proceeding ". + "any further.")?> </p> -<?// print_r($_SESSION['_config']['altrows']); ?> + +<p><? +if (is_array($_SESSION['_config']['rows'])) { + foreach ($_SESSION['_config']['rows'] as $row) { + echo _("CommonName"), ": $row<br>\n"; + } +} + +if (is_array($_SESSION['_config']['altrows'])) { + foreach ($_SESSION['_config']['altrows'] as $row) { + echo _("subjectAltName"), ": $row<br>\n"; + } +} +?></p> + <p> -<? if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) { ?> -<?=_("CommonName")?>: <?=$row?><br> -<? } ?> -<? if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) { ?> -<?=_("subjectAltName")?>: <?=$row?><br> -<? } ?> -<? if(1 == 0) { ?> -<?=_("Organisation")?>: <?=$_SESSION['_config']['O']?><br> -<?=_("Org. Unit")?>: <?=$_SESSION['_config']['OU']?><br> -<?=_("Location")?>: <?=$_SESSION['_config']['L']?><br> -<?=_("State/Province")?>: <?=$_SESSION['_config']['ST']?><br> -<?=_("Country")?>: <?=$_SESSION['_config']['C']?><br> -<?=_("Email Address")?>: <?=$_SESSION['_config']['emailAddress']?><br> -<? } ?> -<?=_("No additional information will be included on certificates because it can not be automatically checked by the system.")?> -<? if(array_key_exists('rejected',$_SESSION['_config']) && is_array($_SESSION['_config']['rejected'])) { ?> -<br><br><?=_("The following hostnames were rejected because the system couldn't link them to your account, if they are valid please verify the domains against your account.")?><br> -<? foreach($_SESSION['_config']['rejected'] as $row) { ?> -<?=_("Rejected")?>: <a href="account.php?id=7&newdomain=<?=$row?>"><?=$row?></a><br> -<? } } ?> -<? if(is_array($_SESSION['_config']['rows']) || is_array($_SESSION['_config']['altrows'])) { ?> -<form method="post" action="account.php"> -<input type="submit" name="process" value="<?=_("Submit")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> -</form> -<? } else { ?> -<br><br><b><?=_("Unable to continue as no valid commonNames or subjectAltNames were present on your certificate request.")?></b> -<? } ?> +<?=_("No additional information will be included on certificates because it ". + "can not be automatically checked by the system.")?> </p> + +<p><? +if (array_key_exists('rejected',$_SESSION['_config']) && + is_array($_SESSION['_config']['rejected'])) { + echo _("The following hostnames were rejected because the system couldn't ". + "link them to your account, if they are valid please verify the ". + "domains against your account."), "<br>\n"; + + foreach ($_SESSION['_config']['rejected'] as $row) { + echo _("Rejected"); + echo ": <a href='account.php?id=7&newdomain=$row'>$row</a><br>\n"; + } +} +?></p> + +<? +if (is_array($_SESSION['_config']['rows']) || + is_array($_SESSION['_config']['altrows'])) { + ?> + <form method="post" action="account.php"> + <p> + <input type="submit" name="process" value="<?=_("Submit")?>"> + <input type="hidden" name="oldid" value="<?=$id?>"> + </p> + </form> + <? +} else { + ?> + <p> + <b><?=_("Unable to continue as no valid commonNames or ". + "subjectAltNames were present on your certificate request.")?></b> + </p> + <? +} diff --git a/pages/account/12.php b/pages/account/12.php index 6d85cdc..f4428aa 100644 --- a/pages/account/12.php +++ b/pages/account/12.php @@ -19,7 +19,7 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> @@ -34,17 +34,20 @@ $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`, UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`, - `domaincerts`.`expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`, + `domaincerts`.`expire`, + `domaincerts`.`revoked` as `revoke`, + UNIX_TIMESTAMP(`revoked`) as `revoked`, + if (`domaincerts`.`expire`=0,CURRENT_TIMESTAMP(),`domaincerts`.`modified`) as `modified`, + `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`, `domaincerts`.`description` from `domaincerts`,`domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` "; if($viewall != 1) { $query .= "AND `revoked`=0 AND `renewed`=0 "; - $query .= "HAVING `timeleft` > 0 "; + $query .= "HAVING `timeleft` > 0 or `expire` = 0 "; } - $query .= "ORDER BY `domaincerts`.`modified` desc"; + $query .= "ORDER BY `modified` desc"; //echo $query."<br>\n"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -69,23 +72,28 @@ ?> <tr> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td> + <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/></td> <? } else if($verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/></td> <? } else { ?> <td class="DataTD"> </td> <? } ?> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="account.php?id=15&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> + <td class="DataTD"><a href="account.php?id=15&cert=<?=intval($row['id'])?>"><?=htmlspecialchars($row['CN'])?></a></td> <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> - <td class="DataTD"><?=$row['expires']?></td> - <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> - <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> + <td class="DataTD"><?=$row['expire']?></td> + <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="8"> + <a href="account.php?id=12&viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> + </td> + </tr> + <tr> + <td class="DataTD" colspan="8"> <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?> </td> </tr> @@ -99,6 +107,6 @@ <td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td> </tr> </table> -<input type="hidden" name="oldid" value="<?=$id?>"/> +<input type="hidden" name="oldid" value="<?=intval($id)?>"/> <input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/> </form> diff --git a/pages/account/13.php b/pages/account/13.php index 1c1cfc6..ea28c0e 100644 --- a/pages/account/13.php +++ b/pages/account/13.php @@ -23,7 +23,8 @@ $year = intval(substr($user['dob'], 0, 4)); $month = intval(substr($user['dob'], 5, 2)); $day = intval(substr($user['dob'], 8, 2)); - $showdetails = array_key_exists('showdetails', $_REQUEST) && !!intval($_REQUEST['showdetails']); + $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0; + if($showdetails){ $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n"; $body .= _("You receive this automatic mail since you yourself or someone ". @@ -51,22 +52,22 @@ <? if($_SESSION['profile']['points'] == 0) { ?> <tr> <td class="DataTD" width="125"><?=_("First Name")?>: </td> - <td class="DataTD" width="125"><input type="text" name="fname" value="<?=$user['fname']?>"></td> + <td class="DataTD" width="125"><input type="text" name="fname" value="<?=sanitizeHTML($user['fname'])?>"></td> </tr> <tr> <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> (<?=_("optional")?>) </td> - <td class="DataTD"><input type="text" name="mname" value="<?=$user['mname']?>"></td> + <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($user['mname'])?>"></td> </tr> <tr> <td class="DataTD"><?=_("Last Name")?>: </td> - <td class="DataTD"><input type="text" name="lname" value="<?=$user['lname']?>"></td> + <td class="DataTD"><input type="text" name="lname" value="<?=sanitizeHTML($user['lname'])?>"></td> </tr> <tr> <td class="DataTD"><?=_("Suffix")?><br> (<?=_("optional")?>)</td> - <td class="DataTD"><input type="text" name="suffix" value="<?=$user['suffix']?>"></td> + <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($user['suffix'])?>"></td> </tr> <tr> <td class="DataTD"><?=_("Date of Birth")?><br> @@ -99,22 +100,22 @@ <? } else { ?> <tr> <td class="DataTD" width="125"><?=_("First Name")?>: </td> - <td class="DataTD" width="125"><?=$user['fname']?></td> + <td class="DataTD" width="125"><?=sanitizeHTML($user['fname'])?></td> </tr> <tr> <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> (<?=_("optional")?>) </td> - <td class="DataTD"><?=$user['mname']?></td> + <td class="DataTD"><?=sanitizeHTML($user['mname'])?></td> </tr> <tr> <td class="DataTD"><?=_("Last Name")?>: </td> - <td class="DataTD"><?=$user['lname']?></td> + <td class="DataTD"><?=sanitizeHTML($user['lname'])?></td> </tr> <tr> <td class="DataTD"><?=_("Suffix")?><br> (<?=_("optional")?>)</td> - <td class="DataTD"><?=$user['suffix']?></td> + <td class="DataTD"><?=sanitizeHTML($user['suffix'])?></td> </tr> <tr> <td class="DataTD"><?=_("Date of Birth")?><br> @@ -123,19 +124,12 @@ </tr> <? } ?> <tr> - <td colspan="2" class="title"><a href="account.php?id=13&showdetails=<?=!$showdetails?>"><?=_("View secret question & answers and OTP phrases")?></a></td> + <td colspan="2" class="title"><a href="account.php?id=59&oldid=13&userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td> </tr> - <? if($showdetails){ ?> <tr> - <td class="DataTD"><?=_("OTP Hash")?><br> - (<?=_("Not displayed")?>)</td> - <td class="DataTD"><input type="text" name="otphash"></td> - </tr> - <tr> - <td class="DataTD"><?=_("OTP PIN")?><br> - (<?=_("Not displayed")?>)</td> - <td class="DataTD"><input type="text" name="otppin"></td> + <td colspan="2" class="title"><a href="account.php?id=13&showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers")?></a></td> </tr> + <? if($showdetails){ ?> <tr> <td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td> </tr> @@ -160,10 +154,11 @@ <td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td> </tr> <tr> + <input type="hidden" name="showdetails" value="1" /> <? } ?> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> </tr> </table> <input type="hidden" name="csrf" value="<?=make_csrf('perschange')?>" /> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> </form> diff --git a/pages/account/16.php b/pages/account/16.php index 6f055d7..8783bc5 100644 --- a/pages/account/16.php +++ b/pages/account/16.php @@ -25,47 +25,101 @@ <tr> <td class="DataTD"><?=_("Add")?></td> <td class="DataTD"><?=_("Address")?></td> -<? if(array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) - foreach($_SESSION['_config']['emails'] as $val) { ?> +<? +if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) { + $i = 1; + foreach($_SESSION['_config']['emails'] as $val) { +?> <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"/></td> + <td class="DataTD"><label for="email<?=$i?>"><?=_("Email")?></label></td> + <td class="DataTD"><input type="text" id="email<?=$i?>" name="emails[]" value="<?=$val?>"/></td> </tr> -<? } ?> +<? + $i++; + } +} ?> <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><input type="text" name="emails[]"/></td> + <td class="DataTD"><label for="email0"><?=_("Email")?></td> + <td class="DataTD"><input type="text" id="email0" name="emails[]"/></td> </tr> <tr> - <td class="DataTD"><?=_("Name")?>:</td> - <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td> + <td class="DataTD"><label for="name"><?=_("Name")?></label></td> + <td class="DataTD"><input type="text" id="name" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td> </tr> <tr> - <td class="DataTD"><?=_("Department")?>:</td> - <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td> + <td class="DataTD"><label for="OU"><?=_("Department")?></label></td> + <td class="DataTD"><input type="text" id="OU" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?(sanitizeHTML($_SESSION['_config']['OU'])):''?>"/></td> </tr> - <tr> + + <tr name="expertoff" style="display:none"> + <td class="DataTD"> + <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" /> + </td> + <td class="DataTD"> + <label for="expertbox"><?=_("Show advanced options")?></label> + </td> + </tr> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br /> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br /> + <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 60))?> + </td> + </tr> + + <tr name="expert"> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br /> - <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br /> - <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?> + <?=_("Hash algorithm used when signing the certificate:")?><br /> + <? + foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { + ?> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br /> + <? + } + ?> </td> </tr> + <? if($_SESSION['profile']['codesign'] && $_SESSION['profile']['points'] >= 100) { ?> - <tr> - <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <input type="checkbox" id="codesign" name="codesign" value="1" /> + <label for="codesign"><?=_("Code Signing")?></label> + </td> </tr> <? } ?> - <tr> - <td class="DataTD" colspan="2" align="left"> - <?=_("Optional comment, only used in the certifictate overview")?><br /> - <input type="text" name="description" maxlength="80" size=80 /> - </td> + <tr> + <td class="DataTD" colspan="2" align="left"> + <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="80" size="80" /> + </td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>"> - <input type="submit" name="process" value="<?=_("Next")?>" /></td> + <td class="DataTD" colspan="2"> + <input type="submit" name="add_email" value="<?=_("Add Another Email Address")?>"> + <input type="submit" name="process" value="<?=_("Next")?>" /> + </td> </tr> </table> <input type="hidden" name="oldid" value="<?=$id?>"> </form> + +<script language="javascript"> +function showExpert(a) +{ + b=document.getElementsByName("expert"); + for(i=0;b.length>i;i++) + { + if(!a) {b[i].setAttribute("style","display:none"); } + else {b[i].removeAttribute("style");} + } + b=document.getElementsByName("expertoff"); + for(i=0;b.length>i;i++) + { + b[i].removeAttribute("style"); + } + +} +showExpert(false); +</script> diff --git a/pages/account/18.php b/pages/account/18.php index 2fbb8b4..ca0a3c8 100644 --- a/pages/account/18.php +++ b/pages/account/18.php @@ -14,62 +14,144 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?> +*/ + +$orgfilterid = array_key_exists('orgfilterid',$_SESSION['_config']) ? intval($_SESSION['_config']['orgfilterid']) : 0; +$sorting = array_key_exists('sorting',$_SESSION['_config']) ? intval($_SESSION['_config']['sorting']) : 0; +$status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_config']['status']) : 0; +?> <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="8" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="9" class="title"><?=_("Organisation Client Certificates")?> </td> </tr> <tr> - <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> - <td class="DataTD"><?=_("Status")?></td> - <td class="DataTD"><?=_("CommonName")?></td> - <td class="DataTD"><?=_("SerialNumber")?></td> - <td class="DataTD"><?=_("Comment")?></td> - <td class="DataTD"><?=_("Revoked")?></td> - <td class="DataTD"><?=_("Expires")?></td> + <td colspan="9" class="title"><?=_("Filter/Sorting")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Organisation")?></td> + <td colspan="8" class="DataTD" > + <select name="orgfilterid"> + <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $orgfilterid ? " selected" : "" ,_("All")) ?> +<? $query = "select `orginfo`.`O`, `orginfo`.`id` + from `org`, `orginfo` + where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid` + ORDER BY `orginfo`.`O` "; + $reso = mysql_query($query); + if(mysql_num_rows($reso) >= 1){ + while($row = mysql_fetch_assoc($reso)){ + printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']); + } + }?> + </select> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Sorting")?></td> + <td colspan="8" class="DataTD" > + <select name="sorting"> + <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $sorting ? " selected" : "" ,_("expire date (desc)")) ?> + <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $sorting ? " selected" : "" ,_("OU, expire date (desc)")) ?> + <?=sprintf('<option value="%d"%s>%s</option>',2, 2 == $sorting ? " selected" : "" ,_("Common name, expire date (desc)")) ?> + </select> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Certificate status")?></td> + <td colspan="8" class="DataTD" > + <select name="status"> + <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $status ? " selected" : "" ,_("Current/Active")) ?> + <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $status ? " selected" : "" ,_("All")) ?> + </select> + </td> + </tr> + <tr> + <td class="DataTD" colspan="9"><input type="submit" name="reset" value="<?=_("Reset")?>" /> + <input type="submit" name="filter" value="<?=_("Apply filter/sort")?>" /></td> + </tr> + <tr> + <td colspan="9" class="DataTD"> </td> + </tr> <? - $query = "select UNIX_TIMESTAMP(`oemail`.`created`) as `created`, - UNIX_TIMESTAMP(`oemail`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, - UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`, - `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`, - UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`, - `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`, - `oemail`.`description` - from `orgemailcerts` as `oemail`, `org` - where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and - `org`.`orgid`=`oemail`.`orgid` "; - if($viewall != 1) - { - $query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 "; - $query .= "HAVING `timeleft` > 0 AND `revoked`=0 "; - } - $query .= "ORDER BY `oemail`.`modified` desc"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - { + $query = "select UNIX_TIMESTAMP(`oemail`.`created`) as `created`, + UNIX_TIMESTAMP(`oemail`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, + UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`, + `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`, + UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`, + if (`oemail`.`expire`=0,CURRENT_TIMESTAMP(),`oemail`.`modified`) as `modified`, + `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`, + `oemail`.`description`, `oemail`.`ou`, `orginfo`.`O` + from `orgemailcerts` as `oemail`, `org`, `orginfo` + where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and + `org`.`orgid`=`oemail`.`orgid` and `orginfo`.`id` = `org`.`orgid`"; + if($orgfilterid>0) + { + $query .= "AND `org`.`orgid`=$orgfilterid "; + } + + if(0==$status) + { + $query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 "; + $query .= "HAVING `timeleft` > 0 AND `revoked`=0 or `expires` = 0 "; + } + switch ($sorting){ + case 0: + $query .= "ORDER BY `orginfo`.`O`, `modified` desc"; + break; + case 1: + $query .= "ORDER BY `orginfo`.`O`, `oemail`.`ou`, `modified` desc"; + break; + case 2: + $query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `modified` desc"; + break; + } + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { ?> + <tr> - <td colspan="8" class="DataTD"><?=_("No client certificates are currently listed.")?></td> + <td colspan="9" class="DataTD"><?=_("No client certificates are currently listed.")?></td> </tr> <? } else { - while($row = mysql_fetch_assoc($res)) - { - if($row['timeleft'] > 0) - $verified = _("Valid"); - if($row['timeleft'] < 0) - $verified = _("Expired"); - if($row['expired'] == 0) - $verified = _("Pending"); - if($row['revoked'] > 0) - $verified = _("Revoked"); - if($row['revoked'] == 0) - $row['revoke'] = _("Not Revoked"); + $orgname=''; + while($row = mysql_fetch_assoc($res)) + { + if ($row['O']<>$orgname) { + $orgname=$row['O'];?> + <tr> + <td colspan="9" class="title"></td> + </tr> + <tr> + <td colspan="9" class="title"><? printf(_("Certificates for %s"), $orgname)?> </td> + </tr> + <tr> + <td class="DataTD"><?=_("OU/Department")?></td> + <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=_("CommonName")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=_("Expires")?></td> + <td colspan="2" class="DataTD"><?=_("Comment *")?></td> + </tr> + <? + } + if($row['timeleft'] > 0) + $verified = _("Valid"); + if($row['timeleft'] < 0) + $verified = _("Expired"); + if($row['expired'] == 0) + $verified = _("Pending"); + if($row['revoked'] > 0) + $verified = _("Revoked"); + if($row['revoked'] == 0) + $row['revoke'] = _("Not Revoked"); ?> <tr> -<? if($verified == _("Valid") || $verified == _("Expired")) { ?> + <td class="DataTD"><?=$row['ou']?></td> + <? if($verified == _("Valid") || $verified == _("Expired")) { ?> <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> @@ -82,7 +164,7 @@ <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> <? } ?> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> @@ -90,18 +172,20 @@ </tr> <? } ?> <tr> - <td class="DataTD" colspan="8"> + <td class="DataTD" colspan="9"> <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?> </td> </tr> <tr> <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     - <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> + <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td> </tr> + <tr> + <td class="DataTD" colspan="9"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td> + </tr> <? } ?> </table> <input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" /> -</form> -<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> +</form>
\ No newline at end of file diff --git a/pages/account/20.php b/pages/account/20.php index 0187013..89bbc30 100644 --- a/pages/account/20.php +++ b/pages/account/20.php @@ -17,7 +17,7 @@ */ include_once("../includes/shutdown.php"); ?> -<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3> +<h3><?=_("CAcert Certificate Acceptable Use Policy")?></h3> <p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p> <p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p> @@ -27,13 +27,60 @@ <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> <form method="post" action="account.php"> -<input type="radio" name="rootcert" value="1" /> <?=_("Sign by class 1 root certificate")?><br /> -<input type="radio" name="rootcert" value="2" checked /> <?=_("Sign by class 3 root certificate")?><br /> -<p> <?=_("Optional comment, only used in the certifictate overview")?><br /> - <input type="text" name="description" maxlength="80" size=80 /></p> +<p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="80" size="80" /> +</p> +<p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br /> + <textarea id="CSR" name="CSR" cols="80" rows="15"></textarea> +</p> + +<fieldset> +<legend> + <input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" /> + <label for="expertbox"><?=_("Advanced Options")?></label> +</legend> +<div id="advanced_options"> +<ul class="no_indent"> + <li> + <input type="radio" id="root1" name="rootcert" value="1" /> + <label for="root1"><?=_("Sign by class 1 root certificate")?></label> + </li> + <li> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> + <label for="root2"><?=_("Sign by class 3 root certificate")?></label> + </li> +</ul> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> -<p><?=_("Paste your CSR below...")?></p> -<textarea name="CSR" cols="80" rows="15"></textarea><br /> + +<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p> +<ul class="no_indent"> +<? +foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { +?> + <li> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label> + </li> +<? +} +?> +</ul> + +</div> +</fieldset> + <input type="submit" name="process" value="<?=_("Submit")?>" /> <input type="hidden" name="oldid" value="<?=$id?>" /> -</form>
\ No newline at end of file +</form> + +<script language="javascript"> +function showExpert(a) +{ + var options=document.getElementById("advanced_options"); + options.style.display = (a) ? "" : "none"; + + var checkbox=document.getElementById("expertbox"); + checkbox.style.display = ""; +} +showExpert(false); +</script> diff --git a/pages/account/21.php b/pages/account/21.php index 6c3786b..c5832b9 100644 --- a/pages/account/21.php +++ b/pages/account/21.php @@ -14,41 +14,57 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? - $org = $_SESSION['_config']['row']; - if($org['id'] <= 0) - $org = $_SESSION['_config']['altrow']; +*/ + +$org = $_SESSION['_config']['row']; +if ($org['id'] <= 0) { + $org = $_SESSION['_config']['altrow']; +} ?> + <p> -<?=_("Please make sure the following details are correct before proceeding any further.")?> +<?=_("Please make sure the following details are correct before proceeding ". + "any further.")?> </p> -<p> -<? if(is_array($_SESSION['_config']['rows'])) - foreach($_SESSION['_config']['rows'] as $row) { ?> -<?=_("CommonName")?>: <?=$row?><br> -<? } ?> -<? if(is_array($_SESSION['_config']['altrows'])) - foreach($_SESSION['_config']['altrows'] as $row) { ?> -<?=_("subjectAltName")?>: <?=$row?><br> -<? } ?> -<?=_("Organisation")?>: <?=$org['O']?><br> -<?=_("Org. Unit")?>: <?=($_SESSION['_config']['OU'])?><br> -<?=_("Location")?>: <?=$org['L']?><br> -<?=_("State/Province")?>: <?=$org['ST']?><br> -<?=_("Country")?>: <?=$org['C']?><br> +<p><? +if (is_array($_SESSION['_config']['rows'])) { + foreach ($_SESSION['_config']['rows'] as $row) { + echo _("CommonName"), ": $row<br>\n"; + } +} +if (is_array($_SESSION['_config']['altrows'])) { + foreach ($_SESSION['_config']['altrows'] as $row) { + echo _("subjectAltName"), ": $row<br>\n"; + } +} -<form method="post" action="account.php"> -<input type="submit" name="process" value="<?=_("Submit")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> +echo _("Organisation"), ": {$org['O']}<br>\n"; +echo _("Org. Unit"), ": ", sanitizeHTML($_SESSION['_config']['OU']), "<br>\n"; +echo _("Location"), ": {$org['L']}<br>\n"; +echo _("State/Province"), ": {$org['ST']}<br>\n"; +echo _("Country"), ": {$org['C']}<br>\n"; +?> +<form method="post" action="account.php"> + <p> + <input type="submit" name="process" value="<?=_("Submit")?>"> + <input type="hidden" name="oldid" value="<?=$id?>"> + </p> -<? if($_SESSION['profile']['admin'] == 1) { ?> -<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> -<input type="checkbox" name="ocspcert" value="OCSPCert"/> <?=_("OCSP certificate")?> -<? } ?> + <? + if ($_SESSION['profile']['admin'] == 1) { + ?> + <p> + <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> + <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> + <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> + <input type="checkbox" name="ocspcert" value="OCSPCert"/> + <?=_("OCSP certificate")?> + </p> + <? + } + ?> </form> -</p> diff --git a/pages/account/22.php b/pages/account/22.php index cb40cf2..7b7db2d 100644 --- a/pages/account/22.php +++ b/pages/account/22.php @@ -14,12 +14,119 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?> +*/ + +$orgfilterid = array_key_exists('dorgfilterid',$_SESSION['_config']) ? intval($_SESSION['_config']['dorgfilterid']) : 0; +$sorting = array_key_exists('dsorting',$_SESSION['_config']) ? intval($_SESSION['_config']['dsorting']) : 0; +$status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_config']['dstatus']) : 0; +?> <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="8" class="title"><?=_("Organisation Server Certificates")?> </td> + </tr> + <tr> + <td colspan="8" class="title"><?=_("Filter/Sorting")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Organisation")?></td> + <td colspan="7" class="DataTD" > + <select name="dorgfilterid"> + <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $orgfilterid ? " selected" : "" ,_("All")) ?> +<? $query = "select `orginfo`.`O`, `orginfo`.`id` + from `org`, `orginfo` + where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid` + ORDER BY `orginfo`.`O` "; + $reso = mysql_query($query); + if(mysql_num_rows($reso) >= 1){ + while($row = mysql_fetch_assoc($reso)){ + printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']); + } + }?> + </select> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Sorting")?></td> + <td colspan="7" class="DataTD" > + <select name="dsorting"> + <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $sorting ? " selected" : "" ,_("expire date (desc)")) ?> + <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $sorting ? " selected" : "" ,_("Common name, expire date (desc)")) ?> + </select> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Certificate status")?></td> + <td colspan="7" class="DataTD" > + <select name="dstatus"> + <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $status ? " selected" : "" ,_("Current/Active")) ?> + <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $status ? " selected" : "" ,_("All")) ?> + </select> + </td> + </tr> + <tr> + <td class="DataTD" colspan="8"><input type="submit" name="reset" value="<?=_("Reset")?>" /> + <input type="submit" name="filter" value="<?=_("Apply filter/sort")?>" /></td> + </tr> + <tr> + <td colspan="9" class="DataTD"> </td> + </tr> + + +<? + $query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`, + UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, + UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`, + `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`, + UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoked`, + if (`orgdomaincerts`.`expire`=0,CURRENT_TIMESTAMP(),`orgdomaincerts`.`modified`) as `modified`, + `CN`, + `orgdomaincerts`.`serial`, + `orgdomaincerts`.`id` as `id`, + `orgdomaincerts`.`description`, `orginfo`.`O` + from `orgdomaincerts`,`org`, `orginfo` + where `org`.`memid`='".intval($_SESSION['profile']['id'])."' + and `orgdomaincerts`.`orgid`=`org`.`orgid` and `orginfo`.`id` = `org`.`orgid`"; + + if($orgfilterid>0) + { + $query .= "AND `org`.`orgid`=$orgfilterid "; + } + + if(0==$status) + { + $query .= "AND `revoked`=0 AND `renewed`=0 "; + $query .= "HAVING `timeleft` > 0 or `expires` = 0 "; + } + switch ($sorting){ + case 0: + $query .= "ORDER BY `orginfo`.`O`, `modified` desc"; + break; + case 1: + $query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`CN`, `modified` desc"; + break; + } + + +//echo $query."<br>\n"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { +?> + <tr> + <td colspan="8" class="DataTD"><?=_("No domains are currently listed.")?></td> + </tr> +<? } else { + $orgname=''; + while($row = mysql_fetch_assoc($res)) + { + if ($row['O']<>$orgname) { + $orgname=$row['O'];?> + <tr> + <td colspan="9" class="title"></td> + </tr> + <tr> + <td colspan="9" class="title"><? printf(_("Certificates for %s"), $orgname)?> </td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> @@ -29,42 +136,17 @@ <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> <td colspan="2" class="DataTD"><?=_("Comment *")?></td> -<? - $query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`, - UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, - UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`, - `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, - `orgdomaincerts`.`serial`, - `orgdomaincerts`.`id` as `id`, - `orgdomaincerts`.`description` - from `orgdomaincerts`,`org` - where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` "; - if($viewall != 1) - { - $query .= "AND `revoked`=0 AND `renewed`=0 "; - $query .= "HAVING `timeleft` > 0 "; - } - $query .= "ORDER BY `orgdomaincerts`.`modified` desc"; -//echo $query."<br>\n"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - { -?> - <tr> - <td colspan="8" class="DataTD"><?=_("No domains are currently listed.")?></td> </tr> -<? } else { - while($row = mysql_fetch_assoc($res)) - { - if($row['timeleft'] > 0) - $verified = _("Valid"); - if($row['timeleft'] < 0) - $verified = _("Expired"); - if($row['expired'] == 0) - $verified = _("Pending"); - if($row['revoked'] > 0) - $verified = _("Revoked"); + <? + } + if($row['timeleft'] > 0) + $verified = _("Valid"); + if($row['timeleft'] < 0) + $verified = _("Expired"); + if($row['expired'] == 0) + $verified = _("Pending"); + if($row['revoked'] > 0) + $verified = _("Revoked"); if($row['revoked'] == 0) $row['revoke'] = _("Not Revoked"); ?> @@ -92,12 +174,15 @@ </tr> <tr> <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>" />     - <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td> + <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td> <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td> </tr> + <tr> + <td class="DataTD" colspan="9"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td> + </tr> <? } ?> </table> <input type="hidden" name="oldid" value="<?=$id?>" /> <input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" /> </form> -<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> + diff --git a/pages/account/3.php b/pages/account/3.php index b760c11..cd62ce0 100644 --- a/pages/account/3.php +++ b/pages/account/3.php @@ -24,7 +24,7 @@ <p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/cps.php">http://www.cacert.org/cps.php</a></p> -<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed andwill not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> +<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> @@ -34,6 +34,7 @@ <tr> <td class="DataTD"><?=_("Add")?></td> <td class="DataTD"><?=_("Address")?></td> + </tr> <? $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''"; @@ -41,8 +42,8 @@ while($row = mysql_fetch_assoc($res)) { ?> <tr> - <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td> - <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> + <td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id'])?>" name="addid[]" value="<?=intval($row['id'])?>"></td> + <td class="DataTD" align="left"><label for="addid<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></label></td> </tr> <? } if($_SESSION['profile']['points'] >= 50) @@ -52,81 +53,120 @@ if($_SESSION['profile']['points'] >= 50) $lname = $_SESSION['profile']['lname']; $suffix = $_SESSION['profile']['suffix']; ?> - <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br /> - <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br /> - <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?> - </td> - </tr> <tr> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="incname" value="0" checked /> <?=_("No Name")?><br /> - <? if($fname && $lname) { ?><input type="radio" name="incname" value="1" /> <?=_("Include")?> '<?=$fname." ".$lname?>'<br /><? } ?> - <? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br /><? } ?> - <? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3" /> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br /><? } ?> - <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br /><? } ?> + <input type="radio" id="incname0" name="incname" value="0" checked="checked" /> + <label for="incname0"><?=_("No Name")?></label><br /> + <? if($fname && $lname) { ?> + <input type="radio" id="incname1" name="incname" value="1" /> + <label for="incname1"><?=_("Include")?> '<?=$fname." ".$lname?>'</label><br /> + <? } ?> + <? if($fname && $mname && $lname) { ?> + <input type="radio" id="incname2" name="incname" value="2" /> + <label for="incname2"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'</label><br /> + <? } ?> + <? if($fname && $lname && $suffix) { ?> + <input type="radio" id="incname3" name="incname" value="3" /> + <label for="incname3"><?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'</label><br /> + <? } ?> + <? if($fname && $mname && $lname && $suffix) { ?> + <input type="radio" id="incname4" name="incname" value="4" /> + <label for="incname4"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'</label><br /> + <? } ?> </td> </tr> <? } ?> -<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> + <tr> <td class="DataTD"> - <input type="checkbox" name="codesign" value="1" /> + <input type="checkbox" id="login" name="login" value="1" checked="checked" /> </td> <td class="DataTD" align="left"> - <?=_("Code Signing")?><br /> - <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> + <label for="login"><?=_("Enable certificate login with this certificate")?><br /> + <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?></label> </td> </tr> -<? } ?> - <tr> + <td class="DataTD" colspan="2" align="left"> + <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="100" size="100" /> + </td> + </tr> + + <tr name="expertoff" style="display:none"> <td class="DataTD"> - <input type="checkbox" name="login" value="1" checked="checked" /> + <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" /> </td> - <td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br /> - <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/> + <td class="DataTD" align="left"> + <label for="expertbox"><?=_("Show advanced options")?></label> </td> </tr> - <tr> - <td class="DataTD" colspan="2" align="left"> - <?=_("Optional comment, only used in the certifictate overview max. 100 characters")?><br /> - <input type="text" name="description" maxlength="100" size="100" /> - </td> + +<? +if($_SESSION['profile']['points'] >= 50) +{ +?> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br /> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br /> + <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 125))?> + </td> </tr> +<? } ?> - <tr name="expertoff" style="display:none"> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <?=_("Hash algorithm used when signing the certificate:")?><br /> + <? + foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { + ?> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br /> + <? + } + ?> + </td> + </tr> + +<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> + <tr name="expert"> <td class="DataTD"> - <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)" /> + <input type="checkbox" id="codesign" name="codesign" value="1" /> </td> + <td class="DataTD" align="left"> + <label for="codesign"><?=_("Code Signing")?><br /> + <?=_("Please note: By ticking this box you will automatically have your name included in the certificate.")?></label> + </td> + </tr> +<? } ?> + + <tr name="expert"> <td class="DataTD"> - <?=_("Show advanced options")?> + <input type="checkbox" id="SSO" name="SSO" value="1" /> + </td> + <td class="DataTD" align="left"> + <label for="SSO"><?=_("Add Single Sign On ID Information")?><br /> + <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?> + <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a></label> </td> </tr> <tr name="expert"> - <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="SSO" value="0" checked /> <?=_("No Single Sign On ID")?><br /> - <input type="radio" name="SSO" value="1" /> <?=_("Add Single Sign On ID Information")?><br /> - <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?> - <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a> + <td class="DataTD" colspan="2"> + <label for="optionalCSR"><?=_("Optional Client CSR, no information on the certificate will be used")?></label><br /> + <textarea id="optionalCSR" name="optionalCSR" cols="80" rows="5"></textarea> </td> </tr> - <tr name="expert"> - <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td> - </tr> - <tr name="expert"> - <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td> - </tr> - <tr> + <tr> <td class="DataTD"> - <input type="checkbox" name="CCA" /> + <input type="checkbox" id="CCA" name="CCA" /> </td> <td class="DataTD" align="left"> - <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> - <?=_("Please Note: You need to accept the CCA to proceed.")?> + <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please note: You need to accept the CCA to proceed.")?></label> </td> </tr> <tr> @@ -154,4 +194,3 @@ function showExpert(a) } showExpert(false); </script> - diff --git a/pages/account/43.php b/pages/account/43.php index a942f18..c889ce3 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -14,30 +14,30 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? +*/ + include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); +$ticketno=''; +$ticketvalidation=FALSE; - if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0) - { - $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); - $row = 0; - $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); - if ($res) { - $row = mysql_fetch_assoc($res); - } - mysql_query("delete from `notary` where `id`='$assurance'"); - if ($row) { - fix_assurer_flag($row['to']); - } - } +if (isset($_SESSION['ticketno'])) { + $ticketno = $_SESSION['ticketno']; + $ticketvalidation = valid_ticket_number($ticketno); +} +if (isset($_SESSION['ticketmsg'])) { + $ticketmsg = $_SESSION['ticketmsg']; +} else { + $ticketmsg = ''; +} - if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) - { + +// search for an account by email search, if more than one is found display list to choose +if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) +{ $_REQUEST['userid'] = 0; - $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email'])); + $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email'])); //Disabled to speed up the queries //if(!strstr($email, "%")) @@ -45,877 +45,1036 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); // bug-975 ted+uli changes --- begin if(preg_match("/^[0-9]+$/", $email)) { - // $email consists of digits only ==> search for IDs - // Be defensive here (outer join) if primary mail is not listed in email table - $query = "select `users`.`id` as `id`, `email`.`email` as `email` - from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) - where (`email`.`id`='$email' or `users`.`id`='$email') - and `users`.`deleted`=0 - group by `users`.`id` limit 100"; + // $email consists of digits only ==> search for IDs + // Be defensive here (outer join) if primary mail is not listed in email table + $query = "select `users`.`id` as `id`, `email`.`email` as `email` + from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) + where (`email`.`id`='$email' or `users`.`id`='$email') + and `users`.`deleted`=0 + group by `users`.`id` limit 100"; } else { - // $email contains non-digits ==> search for mail addresses - // Be defensive here (outer join) if primary mail is not listed in email table - $query = "select `users`.`id` as `id`, `email`.`email` as `email` - from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) - where (`email`.`email` like '$emailsearch' - or `users`.`email` like '$emailsearch') - and `users`.`deleted`=0 - group by `users`.`id` limit 100"; + // $email contains non-digits ==> search for mail addresses + // Be defensive here (outer join) if primary mail is not listed in email table + $query = "select `users`.`id` as `id`, `email`.`email` as `email` + from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) + where (`email`.`email` like '$emailsearch' + or `users`.`email` like '$emailsearch') + and `users`.`deleted`=0 + group by `users`.`id` limit 100"; } // bug-975 ted+uli changes --- end $res = mysql_query($query); - if(mysql_num_rows($res) > 1) { ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td> - </tr> - <tr> - <td class="DataTD"><?=_("User ID")?></td> - <td class="DataTD"><?=_("Email")?></td> - </tr> -<? - while($row = mysql_fetch_assoc($res)) - { ?> - <tr> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> - </tr> -<? } if(mysql_num_rows($res) >= 100) { ?> - <tr> - <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td> - </tr> -<? } else { ?> - <tr> - <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> - </tr> -<? } ?> -</table><br><br> -<? } elseif(mysql_num_rows($res) == 1) { - $row = mysql_fetch_assoc($res); - $_REQUEST['userid'] = $row['id']; - } else { - printf(_("No users found matching %s"), sanitizeHTML($email)); - } - } - - if(intval($_REQUEST['userid']) > 0) - { - $userid = intval($_REQUEST['userid']); - $query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - { - echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); - } else { - $row = mysql_fetch_assoc($res); - $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'")); + if(mysql_num_rows($res) > 1) { ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("First Name")?>:</td> - <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;"> - <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" /> - <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Middle Name")?>:</td> - <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Last Name")?>:</td> - <td class="DataTD"> <input type="hidden" name="oldid" value="43"> - <input type="hidden" name="action" value="updatedob"> - <input type="hidden" name="userid" value="<?=intval($userid)?>"> - <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Suffix")?>:</td> - <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Date of Birth")?>:</td> - <td class="DataTD"> -<? - $year = intval(substr($row['dob'], 0, 4)); - $month = intval(substr($row['dob'], 5, 2)); - $day = intval(substr($row['dob'], 8, 2)); - ?><nobr><select name="day"> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("User ID")?></td> + <td class="DataTD"><?=_("Email")?></td> + </tr> <? - for($i = 1; $i <= 31; $i++) + while($row = mysql_fetch_assoc($res)) { - echo "<option"; - if($day == $i) - echo " selected='selected'"; - echo ">$i</option>"; - } ?> - </select> - <select name="month"> + <tr> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> + </tr> <? - for($i = 1; $i <= 12; $i++) - { - echo "<option value='$i'"; - if($month == $i) - echo " selected='selected'"; - echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>"; } + + if(mysql_num_rows($res) >= 100) { ?> - </select> - <input type="text" name="year" value="<?=$year?>" size="4"> - <input type="submit" value="Go"></form></nobr></td> - </tr> - <tr> - <td class="DataTD"><?=_("CCA accepted")?>:</td> - <td class="DataTD"><a href="account.php?id=57&userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Trainings")?>:</td> - <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Is Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&assurer=<?=intval($row['id'])?>&csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Blocked Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Account Locking")?>:</td> - <td class="DataTD"><a href="account.php?id=43&locked=<?=$row['id']?>&csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Code Signing")?>:</td> - <td class="DataTD"><a href="account.php?id=43&codesign=<?=$row['id']?>&csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Org Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&orgadmin=<?=$row['id']?>&csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("TTP Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&ttpadmin=<?=$row['id']?>&csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Location Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&admin=<?=$row['id']?>&csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Ad Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td> - </tr> - <tr> - <td class="DataTD"><?=_("Tverify Account")?>:</td> - <td class="DataTD"><a href="account.php?id=43&tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("General Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&general=<?=$row['id']?>"><?=$alerts['general']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Country Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&country=<?=$row['id']?>"><?=$alerts['country']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Regional Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Within 200km Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Change Password")?>:</td> - <td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Delete Account")?>:</td> - <td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>&csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td> - </tr> + <tr> + <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td> + </tr> <? - // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!! - if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") { + } else { ?> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q1:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A1:</td> - <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q2:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A2:</td> - <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q3:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A3:</td> - <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q4:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A4:</td> - <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q5:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A5:</td> - <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td> - </tr> -<? } else { ?> - <tr> - <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td> - </tr> -<? } ?> - <tr> - <td class="DataTD"><?=_("Assurance Points")?>:</td> - <td class="DataTD"><?=intval($drow['points'])?></td> - </tr> -</table> -<br><? - $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`='' - and `email`!='".mysql_escape_string($row['email'])."'"; - $dres = mysql_query($query); - if(mysql_num_rows($dres) > 0) { ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td> - </tr><? - $rc = mysql_num_rows($dres); - while($drow = mysql_fetch_assoc($dres)) - { ?> - <tr> - <td class="DataTD"><?=_("Secondary Emails")?>:</td> - <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td> - </tr> -<? } ?> -</table> -<br><? } ?> + <tr> + <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> + </tr> <? - $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''"; - $dres = mysql_query($query); - if(mysql_num_rows($dres) > 0) { ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><?=_("Verified Domains")?></td> - </tr><? - $rc = mysql_num_rows($dres); - while($drow = mysql_fetch_assoc($dres)) - { ?> - <tr> - <td class="DataTD"><?=_("Domain")?>:</td> - <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td> - </tr> -<? } ?> -</table> -<br> -<? } ?> -<? // Begin - Debug infos ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="2" class="title"><?=_("Account State")?></td> - </tr> - -<? - // --- bug-975 begin --- - // potential db inconsistency like in a20110804.1 - // Admin console -> don't list user account - // User login -> impossible - // Assurer, assure someone -> user displayed - /* regular user account search with regular settings - - --- Admin Console find user query - $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` - where `users`.`id`=`email`.`memid` and - (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and - `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 - group by `users`.`id` limit 100"; - => requirements - 1. email.hash = '' - 2. email.deleted = 0 - 3. users.deleted = 0 - 4. email.email = primary-email (???) or'd - not covered by admin console find user routine, but may block users login - 5. users.verified = 0|1 - further "special settings" - 6. users.locked (setting displayed in display form) - 7. users.assurer_blocked (setting displayed in display form) - - --- User login user query - select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or - `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 - => requirements - 1. users.verified = 1 - 2. users.deleted = 0 - 3. users.locked = 0 - 4. users.email = primary-email - - --- Assurer, assure someone find user query - select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' - and `deleted`=0 - => requirements - 1. users.deleted = 0 - 2. users.email = primary-email - Admin User Assurer - bit Console Login assure someone - - 1. email.hash = '' Yes No No - 2. email.deleted = 0 Yes No No - 3. users.deleted = 0 Yes Yes Yes - 4. users.verified = 1 No Yes No - 5. users.locked = 0 No Yes No - 6. users.email = prim-email No Yes Yes - 7. email.email = prim-email Yes No No - - full usable account needs all 7 requirements fulfilled - so if one setting isn't set/cleared there is an inconsistency either way - if eg email.email is not avail, admin console cannot open user info - but user can login and assurer can display user info - if user verified is not set to 1, admin console displays user record - but user cannot login, but assurer can search for the user and the data displays - - consistency check: - 1. search primary-email in users.email - 2. search primary-email in email.email - 3. userid = email.memid - 4. check settings from table 1. - 5. - - */ - - $inconsistency = 0; - $inconsistencydisp = ""; - $inccause = ""; - // current userid intval($row['id']) - $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked` - from `users` where `id`='".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $uemail = $drow['uemail']; - $udeleted = $drow['udeleted']; - $uverified = $drow['verified']; - $ulocked = $drow['locked']; - - $query = "select `hash`, `email` as `eemail` from `email` - where `memid`='".intval($row['id'])."' and - `email` ='".$uemail."' and - `deleted` = 0"; - $dres = mysql_query($query); - if ($drow = mysql_fetch_assoc($dres)) { - $drow['edeleted'] = 0; - } else { - // try if there are deleted entries - $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email` - where `memid`='".intval($row['id'])."' and - `email` ='".$uemail."'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - } - - if ($drow) { - $eemail = $drow['eemail']; - $edeleted = $drow['edeleted']; - $ehash = $drow['hash']; - if ($udeleted!=0) { - $inconsistency += 1; - $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted"); - } - if ($uverified!=1) { - $inconsistency += 2; - $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set"); - } - if ($ulocked!=0) { - $inconsistency += 4; - $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set"); - } - if ($edeleted!=0) { - $inconsistency += 8; - $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); - } - if ($ehash!='') { - $inconsistency += 16; - $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); - } - } else { - $inconsistency = 32; - $inccause = _("Prim. email, Email record doesn't exist"); - } - if ($inconsistency>0) { - // $inconsistencydisp = _("Yes"); -?> - <tr> - <td class="DataTD"><?=_("Account inconsistency")?>:</td> - <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td> - </tr> - <tr> - <td colspan="2" class="DataTD" style="max-width: 75ex"> - <?=_("Account inconsistency can cause problems in daily account ". - "operations and needs to be fixed manually through arbitration/critical ". - "team.")?> - </td> - </tr> -<? } - - // --- bug-975 end --- + } ?> -</table> -<br> + </table><br><br> <? - // End - Debug infos -?> + } elseif(mysql_num_rows($res) == 1) { + $row = mysql_fetch_assoc($res); + $_REQUEST['userid'] = $row['id']; + } else { + printf(_("No users found matching %s"), sanitizeHTML($email)); + } +} + +// display user information for given user id +if(intval($_REQUEST['userid']) > 0) { + $userid = intval($_REQUEST['userid']); + $res =get_user_data($userid); + if(mysql_num_rows($res) <= 0) { + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); + } else { + $row = mysql_fetch_assoc($res); + $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0"; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $alerts =get_alerts(intval($row['id'])); -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="6" class="title"><?=_("Certificates")?></td> - </tr> - - <tr> - <td class="DataTD"><?=_("Cert Type")?>:</td> - <td class="DataTD"><?=_("Total")?></td> - <td class="DataTD"><?=_("Valid")?></td> - <td class="DataTD"><?=_("Expired")?></td> - <td class="DataTD"><?=_("Revoked")?></td> - <td class="DataTD"><?=_("Latest Expire")?></td> - </tr> - - <tr> - <td class="DataTD"><?=_("Server")?>:</td> - <? - $query = "select COUNT(*) as `total`, - MAX(`domaincerts`.`expire`) as `maxexpire` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - and `revoked` = '0000-00-00 00:00:00' - and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - and `revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> - - <tr> - <td class="DataTD"><?=_("Client")?>:</td> - <? - $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` - from `emailcerts` - where `memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `revoked` = '0000-00-00 00:00:00' - and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> - - <tr> - <td class="DataTD"><?=_("GPG")?>:</td> - <? - $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` - from `gpg` - where `memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `gpg` - where `memid` = '".intval($row['id'])."' - and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> - - <tr> - <td class="DataTD"><a href="account.php?id=58&userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td> - <? - $query = "select COUNT(*) as `total`, - MAX(`orgcerts`.`expire`) as `maxexpire` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` = '0000-00-00 00:00:00' - and `orgcerts`.`expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> - - <tr> - <td class="DataTD"><?=_("Org Client")?>:</td> - <? - $query = "select COUNT(*) as `total`, - MAX(`orgcerts`.`expire`) as `maxexpire` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` = '0000-00-00 00:00:00' - and `orgcerts`.`expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> - <tr> - <td colspan="6" class="title"> - <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> - <input type="hidden" name="action" value="revokecert"> - <input type="hidden" name="oldid" value="43"> - <input type="hidden" name="userid" value="<?=intval($userid)?>"> - <input type="submit" value="<?=_('revoke certificates')?>"> - </form> - </td> - </tr> -</table> -<br> - - -<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> - (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) -<br /> -<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby"><?=_("Show Assurances the user gave")?></a> - (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby15"><?=_("New calculation")?></a>) -<br /> +//display account data -<? -// if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") { +//deletes an assurance + if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true) + { + if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno)) { + $ticketmsg=_("Writing to the admin log failed. Can't continue."); + } else { + $assurance = intval($_REQUEST['assurance']); + $trow = 0; + $res = mysql_query("select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0"); + if ($res) { + $trow = mysql_fetch_assoc($res); + if ($trow) { + mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'"); + fix_assurer_flag($trow['to']); + } + } + } + } elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) { + $ticketmsg=_('No assurance revoked. Ticket number is missing!'); + } -function showassuredto() -{ -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="8" class="title"><?=_("Assurance Points")?></td> - </tr> - <tr> - <td class="DataTD"><b><?=_("ID")?></b></td> - <td class="DataTD"><b><?=_("Date")?></b></td> - <td class="DataTD"><b><?=_("Who")?></b></td> - <td class="DataTD"><b><?=_("Email")?></b></td> - <td class="DataTD"><b><?=_("Points")?></b></td> - <td class="DataTD"><b><?=_("Location")?></b></td> - <td class="DataTD"><b><?=_("Method")?></b></td> - <td class="DataTD"><b><?=_("Revoke")?></b></td> - </tr> -<? - $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'"; - $dres = mysql_query($query); - $points = 0; - while($drow = mysql_fetch_assoc($dres)) - { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'")); - $points += $drow['points']; +//Ticket number ?> - <tr> - <td class="DataTD"><?=$drow['id']?></td> - <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td> - <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> - <td class="DataTD"><?=intval($drow['points'])?></td> - <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> - <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> - </tr> -<? } ?> - <tr> - <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD" colspan="3"> </td> - </tr> -</table> -<? } ?> +<form method="post" action="account.php?id=43&userid=<?=intval($_REQUEST['userid'])?>"> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_('Ticket handling') ?></td> + </tr> + <tr> + <td class="DataTD"><?=_('Ticket no')?>:</td> + <td class="DataTD"><input type="text" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/></td> + </tr> + <tr> + <td colspan="2" class="DataTDError"><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?> + </tr> + <tr> + <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td> + </tr> + </table> +</form> +<br/> + + +<!-- display data table --> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("First Name")?>:</td> + <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;"> + <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" /> + <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Middle Name")?>:</td> + <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Last Name")?>:</td> + <td class="DataTD"> <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="action" value="updatedob"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Suffix")?>:</td> + <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Date of Birth")?>:</td> + <td class="DataTD"> + <? + $year = intval(substr($row['dob'], 0, 4)); + $month = intval(substr($row['dob'], 5, 2)); + $day = intval(substr($row['dob'], 8, 2)); + ?> + <nobr> + <select name="day"> + <? + for($i = 1; $i <= 31; $i++) { + echo "<option"; + if($day == $i) { + echo " selected='selected'"; + } + echo ">$i</option>"; + } + ?> + </select> + <select name="month"> + <? + for($i = 1; $i <= 12; $i++) { + echo "<option value='$i'"; + if($month == $i) + echo " selected='selected'"; + echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>"; + } + ?> + </select> + <input type="text" name="year" value="<?=$year?>" size="4"> + <input type="submit" value="Go"> + <input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/> + </form> + </nobr> + </td> + </tr> + + <? // list of flags ?> + <tr> + <td class="DataTD"><?=_("CCA accepted")?>:</td> + <td class="DataTD"><a href="account.php?id=57&userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'], 'CCA')) ? _("Yes") : _("No") ?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Trainings")?>:</td> + <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Is Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&assurer=<?=intval($row['id'])?>&csrf=<?=make_csrf('admsetassuret')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Blocked Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&assurer_blocked=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer_blocked'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Account Locking")?>:</td> + <td class="DataTD"><a href="account.php?id=43&locked=<?=intval($row['id'])?>&csrf=<?=make_csrf('admactlock')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['locked'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Code Signing")?>:</td> + <td class="DataTD"><a href="account.php?id=43&codesign=<?=intval($row['id'])?>&csrf=<?=make_csrf('admcodesign')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['codesign'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Org Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&orgadmin=<?=intval($row['id'])?>&csrf=<?=make_csrf('admorgadmin')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['orgadmin'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("TTP Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&ttpadmin=<?=intval($row['id'])?>&csrf=<?=make_csrf('admttpadmin')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['ttpadmin'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Location Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&locadmin=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=$row['locadmin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&admin=<?=intval($row['id'])?>&csrf=<?=make_csrf('admsetadmin')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['admin'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Ad Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&adadmin=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['adadmin'])?></a> (0 = none, 1 = submit, 2 = approve)</td> + </tr> + <!-- presently not needed + <tr> + <td class="DataTD"><?=_("Tverify Account")?>:</td> + <td class="DataTD"><a href="account.php?id=43&tverify=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['tverify'])?></a></td> + </tr> + --> + <tr> + <td class="DataTD"><?=_("General Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&general=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['general'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Country Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&country=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['country'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Regional Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&regional=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['regional'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Within 200km Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&radius=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['radius'])?></a></td> + </tr> + <? //change password, view secret questions and delete account section ?> + <tr> + <td class="DataTD"><?=_("Change Password")?>:</td> + <td class="DataTD"><a href="account.php?id=44&userid=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Change Password")?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Delete Account")?>:</td> + <td class="DataTD"><a href="account.php?id=50&userid=<?=intval($row['id'])?>&csrf=<?=make_csrf('admdelaccount')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Delete Account")?></a></td> + </tr> + <? + // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!! + if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) { + if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno)) { + ?> + <tr> + <td class="DataTD" colspan="2"><?=_("Writing to the admin log failed. Can't continue.")?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=intval($row['id'])?>&showlostpw=yes&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td> + </tr> + <? + } else { + ?> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q1:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A1:</td> + <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q2:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A2:</td> + <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q3:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A3:</td> + <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q4:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A4:</td> + <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q5:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A5:</td> + <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td> + </tr> + <? + } + } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) { + ?> + <tr> + <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=intval($row['id'])?>&showlostpw=yes&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td> + </tr> + <? + } else { + ?> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=intval($row['id'])?>&showlostpw=yes&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td> + </tr> + <? } + + // list assurance points + ?> + <tr> + <td class="DataTD"><?=_("Assurance Points")?>:</td> + <td class="DataTD"><?=intval($drow['points'])?></td> + </tr> + <? + // show account history + ?> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=59&oldid=43&userid=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_('Show account history')?></a></td> + </tr> + </table> + <br/> + <? + //list secondary email addresses + $dres = get_email_addresses(intval($row['id']),$row['email']); + if(mysql_num_rows($dres) > 0) { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td> + </tr> + <? + while($drow = mysql_fetch_assoc($dres)) { + ?> + <tr> + <td class="DataTD"><?=_("Secondary Emails")?>:</td> + <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td> + </tr> + <? + } + ?> + </table> + <br/> + <? + } + + // list of domains + $dres=get_domains(intval($row['id'])); + if(mysql_num_rows($dres) > 0) { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Verified Domains")?></td> + </tr> + <? + while($drow = mysql_fetch_assoc($dres)) { + ?> + <tr> + <td class="DataTD"><?=_("Domain")?>:</td> + <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td> + </tr> + <? + } + ?> + </table> + <br/> + <? + } + ?> + <? // Begin - Debug infos ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Account State")?></td> + </tr> + + <? + // --- bug-975 begin --- + // potential db inconsistency like in a20110804.1 + // Admin console -> don't list user account + // User login -> impossible + // Assurer, assure someone -> user displayed + /* regular user account search with regular settings + + --- Admin Console find user query + $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` + where `users`.`id`=`email`.`memid` and + (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and + `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + => requirements + 1. email.hash = '' + 2. email.deleted = 0 + 3. users.deleted = 0 + 4. email.email = primary-email (???) or'd + not covered by admin console find user routine, but may block users login + 5. users.verified = 0|1 + further "special settings" + 6. users.locked (setting displayed in display form) + 7. users.assurer_blocked (setting displayed in display form) + + --- User login user query + select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or + `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 + => requirements + 1. users.verified = 1 + 2. users.deleted = 0 + 3. users.locked = 0 + 4. users.email = primary-email + + --- Assurer, assure someone find user query + select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' + and `deleted`=0 + => requirements + 1. users.deleted = 0 + 2. users.email = primary-email + + Admin User Assurer + bit Console Login assure someone + + 1. email.hash = '' Yes No No + 2. email.deleted = 0 Yes No No + 3. users.deleted = 0 Yes Yes Yes + 4. users.verified = 1 No Yes No + 5. users.locked = 0 No Yes No + 6. users.email = prim-email No Yes Yes + 7. email.email = prim-email Yes No No + + full usable account needs all 7 requirements fulfilled + so if one setting isn't set/cleared there is an inconsistency either way + if eg email.email is not avail, admin console cannot open user info + but user can login and assurer can display user info + if user verified is not set to 1, admin console displays user record + but user cannot login, but assurer can search for the user and the data displays + + consistency check: + 1. search primary-email in users.email + 2. search primary-email in email.email + 3. userid = email.memid + 4. check settings from table 1. - 5. + + */ + + $inconsistency = 0; + $inconsistencydisp = ""; + $inccause = ""; + + // current userid intval($row['id']) + $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked` + from `users` where `id`='".intval($row['id'])."' "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $uemail = $drow['uemail']; + $udeleted = $drow['udeleted']; + $uverified = $drow['verified']; + $ulocked = $drow['locked']; + + $query = "select `hash`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and + `email` ='".$uemail."' and + `deleted` = 0"; + $dres = mysql_query($query); + if ($drow = mysql_fetch_assoc($dres)) { + $drow['edeleted'] = 0; + } else { + // try if there are deleted entries + $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and + `email` ='".$uemail."'"; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + } + + if ($drow) { + $eemail = $drow['eemail']; + $edeleted = $drow['edeleted']; + $ehash = $drow['hash']; + if ($udeleted!=0) { + $inconsistency += 1; + $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted"); + } + if ($uverified!=1) { + $inconsistency += 2; + $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set"); + } + if ($ulocked!=0) { + $inconsistency += 4; + $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set"); + } + if ($edeleted!=0) { + $inconsistency += 8; + $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); + } + if ($ehash!='') { + $inconsistency += 16; + $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); + } + } else { + $inconsistency = 32; + $inccause = _("Prim. email, Email record doesn't exist"); + } + if ($inconsistency>0) { + // $inconsistencydisp = _("Yes"); + ?> + <tr> + <td class="DataTD"><?=_("Account inconsistency")?>:</td> + <td class="DataTD"><?=$inccause?><br>code: <?=intval($inconsistency)?></td> + </tr> + <tr> + <td colspan="2" class="DataTD" style="max-width: 75ex;"> + <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?> + </td> + </tr> + <? + } + + // --- bug-975 end --- + ?> + </table> + <br /> + <? + // End - Debug infos + + // certificate overview + ?> + + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="6" class="title"><?=_("Certificates")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Cert Type")?>:</td> + <td class="DataTD"><?=_("Total")?></td> + <td class="DataTD"><?=_("Valid")?></td> + <td class="DataTD"><?=_("Expired")?></td> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=_("Latest Expire")?></td> + </tr> + <!-- server certificates --> + <tr> + <td class="DataTD"><?=_("Server")?>:</td> + <? + $query = " + select COUNT(*) as `total`, + MAX(`domaincerts`.`expire`) as `maxexpire` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + and `revoked` = '0000-00-00 00:00:00' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + and `revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- client certificates --> + <tr> + <td class="DataTD"><?=_("Client")?>:</td> + <? + $query = " + select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `revoked` = '0000-00-00 00:00:00' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- gpg certificates --> + <tr> + <td class="DataTD"><?=_("GPG")?>:</td> + <? + $query = " + select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` + from `gpg` + where `memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `gpg` + where `memid` = '".intval($row['id'])."' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `gpg` + where `memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- org server certificates --> + <tr> + <td class="DataTD"><a href="account.php?id=58&userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td> + <? + $query = " + select COUNT(*) as `total`, + MAX(`orgcerts`.`expire`) as `maxexpire` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` = '0000-00-00 00:00:00' + and `orgcerts`.`expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- org client certificates --> + <tr> + <td class="DataTD"><?=_("Org Client")?>:</td> + <? + $query = " + select COUNT(*) as `total`, + MAX(`orgcerts`.`expire`) as `maxexpire` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` = '0000-00-00 00:00:00' + and `orgcerts`.`expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <tr> + <td colspan="6" class="title"> + <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> + <input type="hidden" name="action" value="revokecert"> + <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="submit" value="<?=_('revoke certificates')?>"> + <input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/> + </form> + </td> + </tr> + </table> + <br /> + <? // list assurances ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"> + <a href="account.php?id=43&userid=<?=intval($row['id'])?>&shownotary=assuredto&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user got")?></a> + (<a href="account.php?id=43&userid=<?=intval($row['id'])?>&shownotary=assuredto15&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>) + </td> + </tr> + <tr> + <td class="DataTD"> + <a href="account.php?id=43&userid=<?=intval($row['id'])?>&shownotary=assuredby&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user gave")?></a> + (<a href="account.php?id=43&userid=<?=intval($row['id'])?>&shownotary=assuredby15&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>) + </td> + </tr> + </table> + <? + // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") { + + + function showassuredto($ticketno) + { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="8" class="title"><?=_("Assurance Points")?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_("ID")?></b></td> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Who")?></b></td> + <td class="DataTD"><b><?=_("Email")?></b></td> + <td class="DataTD"><b><?=_("Points")?></b></td> + <td class="DataTD"><b><?=_("Location")?></b></td> + <td class="DataTD"><b><?=_("Method")?></b></td> + <td class="DataTD"><b><?=_("Revoke")?></b></td> + </tr> + <? + $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0"; + $dres = mysql_query($query); + $points = 0; + while($drow = mysql_fetch_assoc($dres)) { + $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'")); + $points += $drow['points']; + ?> + <tr> + <td class="DataTD"><?=$drow['id']?></td> + <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> + <td class="DataTD"><?=intval($drow['points'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>&ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td> + </tr> + <? + } + ?> + <tr> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD"><?=intval($points)?></td> + <td class="DataTD" colspan="3"> </td> + </tr> + </table> + <? + } + + function showassuredby($ticketno) + { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_("ID")?></b></td> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Who")?></b></td> + <td class="DataTD"><b><?=_("Email")?></b></td> + <td class="DataTD"><b><?=_("Points")?></b></td> + <td class="DataTD"><b><?=_("Location")?></b></td> + <td class="DataTD"><b><?=_("Method")?></b></td> + <td class="DataTD"><b><?=_("Revoke")?></b></td> + </tr> + <? + $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0"; + $dres = mysql_query($query); + $points = 0; + while($drow = mysql_fetch_assoc($dres)) { + $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['to'])."'")); + $points += intval($drow['points']); + ?> + <tr> + <td class="DataTD"><?=intval($drow['id'])?></td> + <td class="DataTD"><?=$drow['date']?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['fname']." ".$fromuser['lname'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> + <td class="DataTD"><?=intval($drow['points'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>&ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td> + </tr> + <? + } + ?> + <tr> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD"><?=intval($points)?></td> + <td class="DataTD" colspan="3"> </td> + </tr> + </table> + <?} ?> +<br/><br/> <? -function showassuredby() -{ -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td> - </tr> - <tr> - <td class="DataTD"><b><?=_("ID")?></b></td> - <td class="DataTD"><b><?=_("Date")?></b></td> - <td class="DataTD"><b><?=_("Who")?></b></td> - <td class="DataTD"><b><?=_("Email")?></b></td> - <td class="DataTD"><b><?=_("Points")?></b></td> - <td class="DataTD"><b><?=_("Location")?></b></td> - <td class="DataTD"><b><?=_("Method")?></b></td> - <td class="DataTD"><b><?=_("Revoke")?></b></td> - </tr> -<? - $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'"; - $dres = mysql_query($query); - $points = 0; - while($drow = mysql_fetch_assoc($dres)) - { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'")); - $points += $drow['points']; -?> - <tr> - <td class="DataTD"><?=$drow['id']?></td> - <td class="DataTD"><?=$drow['date']?></td> - <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> - <td class="DataTD"><?=$drow['points']?></td> - <td class="DataTD"><?=$drow['location']?></td> - <td class="DataTD"><?=$drow['method']?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> - </tr> -<? } ?> - <tr> - <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD" colspan="3"> </td> - </tr> -</table> -<? } ?> -<br><br> -<? } } +} } if(isset($_GET['shownotary'])) { switch($_GET['shownotary']) { case 'assuredto': - showassuredto(); + showassuredto($ticketno); break; case 'assuredby': - showassuredby(); + showassuredby($ticketno); break; case 'assuredto15': - output_received_assurances(intval($_GET['userid']),1); + output_received_assurances(intval($_GET['userid']),1,$ticketno); break; case 'assuredby15': - output_given_assurances(intval($_GET['userid']),1); + output_given_assurances(intval($_GET['userid']),1, $ticketno); break; } } diff --git a/pages/account/44.php b/pages/account/44.php index fd34612..718f0e0 100644 --- a/pages/account/44.php +++ b/pages/account/44.php @@ -14,8 +14,28 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?> +*/ + +if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { + ?> + <div style="color: orange;">ERROR: <?=$_SESSION['_config']['error']?></div> + <? + unset($_SESSION['_config']['error']); +} + +$ticketno = ""; +if (array_key_exists('ticketno', $_SESSION)) { + $ticketno = $_SESSION['ticketno']; +} + +if (!valid_ticket_number($ticketno)) { + printf(_("I'm sorry, you did not enter a ticket number! %s You cannot reset the password."), '<br/>'); + echo '<br/><a href="account.php?id=43&userid='.intval($_REQUEST['userid']).'">'._('Back to previous page.').'</a>'; + showfooter(); + exit; + } +?> + <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> @@ -34,5 +54,6 @@ </tr> </table> <input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> +<input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/> </form> diff --git a/pages/account/5.php b/pages/account/5.php index 9607850..efed0ab 100644 --- a/pages/account/5.php +++ b/pages/account/5.php @@ -19,7 +19,7 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> @@ -34,23 +34,24 @@ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`, - `emailcerts`.`expire` as `expires`, + `emailcerts`.`expire`, `emailcerts`.`revoked` as `revoke`, UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, + if (`emailcerts`.`expire`=0,CURRENT_TIMESTAMP(),`emailcerts`.`modified`) as `modified` , `emailcerts`.`id`, `emailcerts`.`CN`, `emailcerts`.`serial`, `emailcerts`.`disablelogin` as `disablelogin`, `emailcerts`.`description` from `emailcerts` - where `emailcerts`.`memid`='".$_SESSION['profile']['id']."' + where `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."' "; if($viewall != 1) $query .= " AND `revoked`=0 AND `renewed`=0 "; $query .= " GROUP BY `emailcerts`.`id` "; if($viewall != 1) - $query .= " HAVING `timeleft` > 0 "; - $query .= " ORDER BY `emailcerts`.`modified` desc"; + $query .= " HAVING `timeleft` > 0 or `expire` = 0 "; + $query .= " ORDER BY `modified` desc"; // echo $query."<br>\n"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -75,32 +76,32 @@ ?> <tr> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"></td> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="account.php?id=6&cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td> + <td class="DataTD"><a href="account.php?id=6&cert=<?=intval($row['id'])?>"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></a></td> <? } else if($verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"></td> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td> <? } else { ?> <td class="DataTD"> </td> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td> <? } ?> - <td class="DataTD"><?=$row['serial']?></td> - <td class="DataTD"><?=$row['revoke']?></td> - <td class="DataTD"><?=$row['expires']?></td> + <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td> + <td class="DataTD"><?=sanitizeHTML($row['revoke'])?></td> + <td class="DataTD"><?=sanitizeHTML($row['expire'])?></td> <td class="DataTD"> - <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> - <input type="hidden" name="cert_<?=$row['id']?>" value="1" /> + <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/> + <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" /> </td> - <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> - <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> + <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="9"> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> + <a href="account.php?id=5&viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> </td> </tr> @@ -119,7 +120,7 @@ </tr> <? } ?> </table> -<input type="hidden" name="oldid" value="<?=$id?>" /> +<input type="hidden" name="oldid" value="<?=intval($id)?>" /> <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" /> </form> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> diff --git a/pages/account/52.php b/pages/account/52.php index 77a3bae..6c00c26 100644 --- a/pages/account/52.php +++ b/pages/account/52.php @@ -14,45 +14,51 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?> -<? +*/ + +if($_SESSION['profile']['tverify'] <= 0) { + echo _("You don't have access to this area."); +} else { $uid = intval($_GET['uid']); - $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; + $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0"; $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { + if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); $memid = intval($row['memid']); - $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; - $rc2 = mysql_num_rows(mysql_query($query2)); - if($rc2 > 0) - { + $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'"; + $rc2 = mysql_num_rows(mysql_query($query2)); + if($rc2 > 0) { showheader(_("My CAcert.org Account!")); echo _("You have already voted on this request."); showfooter(); exit; } - $query = "select sum(`points`) as `points` from `notary` where `to`='$memid'"; + $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0"; $notary = mysql_fetch_assoc(mysql_query($query)); - $query = "select * from `users` where `id`='$memid'"; + $query = "select * from `users` where `id`='".intval($memid)."'"; $user = mysql_fetch_assoc(mysql_query($query)); $tobe = 50 - $notary['points']; - if($row['URL'] != '' && $row['photoid'] != '') + if($row['URL'] != '' && $row['photoid'] != '') { $tobe = 150 - $notary['points']; - else if($row['URL'] != '') + } else if($row['URL'] != '') { $tobe = 90 - $notary['points']; - if(intval($tobe) <= 0) + } + if(intval($tobe) <= 0) { $tobe = 0; + } ?> <?=_("Request Details")?>:<br> -<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br> -<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br> -<?=_("Certificate Subject")?>: <?=$row['CN']?><br> -<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?> -<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?> +<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br> +<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br> +<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br> +<? if($row['URL'] != '') { ?> +<?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br> +<? } ?> +<? if($row['photoid'] != '') { ?> +<?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br> +<? } ?> <?=_("Current Points")?>: <?=intval($notary['points'])?><br> <?=_("Potential Points")?>: <?=intval($tobe)?><br> <?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br> @@ -63,40 +69,37 @@ <input type="submit" name="agree" value="<?=_("I agree with this Application")?>"> <input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>"> <input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>"> -<input type="hidden" name="uid" value="<?=$uid?>"> +<input type="hidden" name="uid" value="<?=intval($uid)?>"> </form> -<? } else { - $query = "select * from `tverify` where `id`='$uid' and `modified`=1"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { - echo _("This UID has already been voted on.")."<br/>"; +<? } else { - if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>"; - } - - // Search for open requests: - $query = "select * from `tverify` where `modified`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { - echo "<br/>"._("The following requests are still open:")."<br/><ul>"; - while($row = mysql_fetch_assoc($res)) - { - $uid=intval($row['id']); - $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; - $rc3 = mysql_num_rows(mysql_query($query3)); - if($rc3 <= 0) - { - echo "<li><a href='account.php?id=52&uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n"; + $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) { + echo _("This UID has already been voted on.")."<br/>"; + } else { + if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>"; + } + + // Search for open requests: + $query = "select * from `tverify` where `modified`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) { + echo "<br/>"._("The following requests are still open:")."<br/><ul>"; + while($row = mysql_fetch_assoc($res)) { + $uid=intval($row['id']); + $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'"; + $rc3 = mysql_num_rows(mysql_query($query3)); + if($rc3 <= 0) + { + echo "<li><a href='account.php?id=52&uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n"; + } } - } - echo "</ul>\n<br>\n"; - } - else - { - echo "<br/>"._("There are no pending requests where you haven't voted yet."); + echo "</ul>\n<br>\n"; + } else { + echo "<br/>"._("There are no pending requests where you haven't voted yet."); + } } +} - - } } ?> +?> diff --git a/pages/account/55.php b/pages/account/55.php index ec401a0..24cc86d 100644 --- a/pages/account/55.php +++ b/pages/account/55.php @@ -1,112 +1,122 @@ -<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
- $user_id = intval($_SESSION['profile']['id']);
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
- </tr>
-</table>
-<?
- } else {
- $user_id = intval($_REQUEST['userid']);
- $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
- } else {
- $row = mysql_fetch_assoc($res);
- }
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
- </tr>
-</table>
-
-<?
- }
-?>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Test")?></b></td>
- <td class="DataTD"><b><?=_("Variant")?></b></td>
- </tr>
-<?
- $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
- " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
- " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
- " ORDER BY `CP`.`pass_date`";
-
- $res = mysql_query($query);
-
- $HaveTest=0;
- while($row = mysql_fetch_array($res, MYSQL_NUM))
- {
- if ($row[1] == "Assurer Challenge") {
- $HaveTest=1;
- }
-?>
- <tr>
- <td class="DataTD"><?=$row[0]?></td>
- <td class="DataTD"><?=$row[1]?></td>
- <td class="DataTD"><?=$row[2]?></td>
- </tr>
-<? }
-?>
-</table>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
-<?
- if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
-?>
- <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=$user_id ?>">back</a></td></tr>
-<? } else {
- $query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
- ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '.
- ' GROUP BY `u`.id, `u`.`assurer`';
- $res = mysql_query($query);
- if (!$res) {
- print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
- } else {
- $row = mysql_fetch_array($res, MYSQL_NUM);
- if ($HaveTest && ($row[2]>=100)) {
- if (!$row[1]) {
- // This should not happen...
- fix_assurer_flag($_SESSION['profile']['id']);
- }
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td>
-<? } elseif (($row[2]>=100) && !$HaveTest) {
-?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td>
-<? } elseif ($HaveTest && ($row[2]<100)) {
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td>
-<? }
- }
- }
-?> </tr>
-</table>
-
+<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) { + $user_id = intval($_SESSION['profile']['id']); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Your passed Tests")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td> + </tr> +</table> +<? + } else { + $user_id = intval($_REQUEST['userid']); + $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); + } else { + $row = mysql_fetch_assoc($res); + } +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td> + </tr> +</table> + +<? + } +?> +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Test")?></b></td> + <td class="DataTD"><b><?=_("Variant")?></b></td> + </tr> +<? + $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ". + " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ". + " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'". + " ORDER BY `CP`.`pass_date`"; + + $res = mysql_query($query); + + $HaveTest=0; + while($row = mysql_fetch_array($res, MYSQL_NUM)) + { + if ($row[1] == "Assurer Challenge") { + $HaveTest=1; + } +?> + <tr> + <td class="DataTD"><?=sanitizeHTML($row[0])?></td> + <td class="DataTD"><?=sanitizeHTML($row[1])?></td> + <td class="DataTD"><?=sanitizeHTML($row[2])?></td> + </tr> +<? } +?> +</table> +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> +<? + if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) { +?> + <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=intval($user_id)?>">back</a></td></tr> +<? + } else { + $query = ' + SELECT `u`.`id`, + `u`.`assurer`, + SUM(`points`) + FROM `users` AS `u`, + `notary` AS `n` + WHERE `u`.`id` = \''.intval($_SESSION['profile']['id']).'\' + AND `n`.`to` = `u`.`id` + AND `expire` < NOW() + AND `n`.`deleted` = 0 + GROUP BY `u`.`id`, `u`.`assurer` + '; + $res = mysql_query($query); + if (!$res) { + print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n"; + } else { + $row = mysql_fetch_array($res, MYSQL_NUM); + if ($HaveTest && ($row[2]>=100)) { + if (!$row[1]) { + // This should not happen... + fix_assurer_flag($_SESSION['profile']['id']); + } +?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td> +<? } elseif (($row[2]>=100) && !$HaveTest) { +?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td> +<? } elseif ($HaveTest && ($row[2]<100)) { +?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td> +<? } + } + } +?> </tr> +</table> + diff --git a/pages/account/56.php b/pages/account/56.php index 348cc49..cabe8e0 100644 --- a/pages/account/56.php +++ b/pages/account/56.php @@ -1,41 +1,41 @@ -<? /*
-LibreSSL - CAcert web application
-Copyright (C) 2004-2008 CAcert Inc.
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; version 2 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?=_("List of Organisation Assurers:")?>
-
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="1" class="title"><?=_("Name")?></td>
- <td colspan="1" class="title"><?=_("Email")?></td>
- <td colspan="1" class="title"><?=_("Country")?></td>
- </tr>
- <?
- $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- {
- ?>
- <tr>
- <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td>
- <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td>
- <td><?=sanitizeHTML($row['name'])?></td>
- </tr>
- <?
- }
-?>
-</table>
-
+<? /* +LibreSSL - CAcert web application +Copyright (C) 2004-2008 CAcert Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<?=_("List of Organisation Assurers:")?> + +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="1" class="title"><?=_("Name")?></td> + <td colspan="1" class="title"><?=_("Email")?></td> + <td colspan="1" class="title"><?=_("Country")?></td> + </tr> + <? + $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + ?> + <tr> + <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td> + <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td> + <td><?=sanitizeHTML($row['name'])?></td> + </tr> + <? + } +?> +</table> + diff --git a/pages/account/57.php b/pages/account/57.php index 76eee27..9db7ccf 100644 --- a/pages/account/57.php +++ b/pages/account/57.php @@ -17,18 +17,18 @@ */ ?> <? include_once($_SESSION['_config']['filepath'].'/includes/notary.inc.php'); - + if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) { echo _('You do not have access to this page'); - } else { + } else { $user_id = intval($_REQUEST['userid']); $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { - echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); } else { $row = mysql_fetch_assoc($res); ?> @@ -38,7 +38,7 @@ </tr> </table> - + <br> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> @@ -48,21 +48,21 @@ <td class="DataTD"><b><?=_('Type')?></b></td> </tr> <? - $data=get_first_user_agreement($user_id,1); + $data=get_first_user_agreement($user_id, 'CCA', 1); if (!isset($data['active'])){ $type=''; - }else{ + }else{ $type=_('active'); - } + } ?> <tr> <td class="DataTD"><?=_('First active CCA')?></td> - <td class="DataTD"><?=$data['date']?></td> - <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td> + <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td> <td class="DataTD"><?=$type?></td> </tr> <? - $data=get_first_user_agreement($user_id,0); + $data=get_first_user_agreement($user_id, 'CCA', 0); if (!isset($data['active'])){ $type=""; }else{ @@ -71,35 +71,35 @@ ?> <tr> <td class="DataTD"><?=_('First passive CCA')?></td> - <td class="DataTD"><?=$data['date']?></td> - <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td> + <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td> <td class="DataTD"><?=$type?></td> </tr> <? - $data=get_last_user_agreement($user_id); + $data=get_last_user_agreement($user_id, 'CCA'); if (!isset($data['active'])){ - $type=""; - }elseif($data['active']==1){ - $type=_('active'); - }else{ - $type=_('passive'); - } + $type=""; + }elseif($data['active']==1){ + $type=_('active'); + }else{ + $type=_('passive'); + } ?> <tr> <td class="DataTD"><?=_('Last CCA')?></td> - <td class="DataTD"><?=$data['date']?></td> - <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td> + <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td> <td class="DataTD"><?=$type?></td> </tr> </table> <br> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> + <tr> <? if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) { ?> - <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=$user_id ?>">back</a></td></tr> -<? } + <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=intval($user_id)?>">back</a></td></tr> +<? } ?> </table> <? } diff --git a/pages/account/58.php b/pages/account/58.php index 1f6b1a0..af26b70 100644 --- a/pages/account/58.php +++ b/pages/account/58.php @@ -23,7 +23,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) != 1){ - echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); } else { if ($row = mysql_fetch_assoc($res)){ $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']); @@ -54,7 +54,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) } ?></table> <? }else{ - echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); } } } diff --git a/pages/account/59.php b/pages/account/59.php new file mode 100644 index 0000000..1c73ae5 --- /dev/null +++ b/pages/account/59.php @@ -0,0 +1,385 @@ +<?/* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ +include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); + + +$userid = intval($_REQUEST['userid']); + +$res = get_user_data($userid); +if (mysql_num_rows($res) <= 0) +{ + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); + exit; +} + +$user = mysql_fetch_assoc($res); + +$fname = $user['fname']; +$mname = $user['mname']; +$lname = $user['lname']; +$suffix = $user['suffix']; +$dob = $user['dob']; +$username = $fname." ".$mname." ".$lname." ".$suffix; +$email = $user['email']; +$alerts =get_alerts($userid); + +$ticketno = ""; +if (array_key_exists('ticketno', $_SESSION)) { + $ticketno = $_SESSION['ticketno']; +} + +$oldid = 0; +if (array_key_exists('oldid', $_REQUEST)) { + $oldid = intval($_REQUEST['oldid']); +} + +// Support Engineer access restrictions +$support=0; +if ($userid != $_SESSION['profile']['id']) { + // Check if support engineer + if (array_key_exists('admin', $_SESSION['profile']) && + $_SESSION['profile']['admin'] != 0) + { + $support=$_SESSION['profile']['admin']; + + } else { + echo _("You do not have access to this page."); + showfooter(); + exit; + } + + if (!valid_ticket_number($ticketno)) { + printf(_("I'm sorry, you did not enter a ticket number! %s Support is not allowed to view the account history without a ticket number."), '<br/>'); + echo '<br/><a href="account.php?id=43&userid='.intval($userid).'">'. _('Back to previous page.') .'</a>'; + showfooter(); + exit; + } + + if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $ticketno)) { + echo _("Writing to the admin log failed. Can't continue."); + echo '<br/><a href="account.php?id=43&userid='.intval($userid).'">'. _('Back to previous page.') .'</a>'; + showfooter(); + exit; + } +} + +// Account details +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?printf(_('Account history of %s'),$username)?></td> + </tr> + <tr> + <td colspan="2" class="title"><?=_('User actions')?></td> + </tr> + <tr> + <td class="DataTD"><?=_('User name')?></td> + <td class="DataTD"><?=sanitizeHTML($username)?></td> + </tr> + <tr> + <td class="DataTD"><?=_('Date of Birth')?></td> + <td class="DataTD"><?=sanitizeHTML($dob)?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Is Assurer")?>:</td> + <td class="DataTD"><?= ($user['assurer']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Blocked Assurer")?>:</td> + <td class="DataTD"><?= ($user['assurer_blocked']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Account Locking")?>:</td> + <td class="DataTD"><?= ($user['locked']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Code Signing")?>:</td> + <td class="DataTD"><?= ($user['codesign']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Org Assurer")?>:</td> + <td class="DataTD"><?= ($user['orgadmin']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("TTP Admin")?>:</td> + <td class="DataTD"><?= $user['ttpadmin']._(' - 0 = none, 1 = TTP Admin, 2 = TTP TOPUP admin')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Location Admin")?>:</td> + <td class="DataTD"><?= ($user['locadmin']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Admin")?>:</td> + <td class="DataTD"><?= ($user['admin']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Ad Admin")?>:</td> + <td class="DataTD"><?= $user['adadmin']._(' - 0 = none, 1 = submit, 2 = approve')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("General Announcements")?>:</td> + <td class="DataTD"><?= ($alerts['general']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Country Announcements")?>:</td> + <td class="DataTD"><?= ($alerts['country']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Regional Announcements")?>:</td> + <td class="DataTD"><?= ($alerts['regional']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Within 200km Announcements")?>:</td> + <td class="DataTD"><?= ($alerts['radius']==0)? _('No'):_('Yes')?></td> + </tr> +</table> +<br/> +<? + +// Email addresses +$dres = get_email_addresses($userid,'',1); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="3" class="title"><?=_('Email addresses')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_log_email_header(); + while ($drow = mysql_fetch_assoc($dres)) + { + output_log_email($drow,$email); + } +} else { + ?> + <tr> + <td colspan="3" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> +<? + +// Domains +$dres = get_domains($userid, 1); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="3" class="title"><?=_('Domains')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_log_domains_header(); + while ($drow = mysql_fetch_assoc($dres)) + { + output_log_domains($drow); + } +} else { + ?> + <tr> + <td colspan="3" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> + +<? +// Trainings +$dres = get_training_results($userid); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="3" class="title"><?=_('Trainings')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_log_training_header(); + while ($drow = mysql_fetch_assoc($dres)) + { + output_log_training($drow); + } +} else { + ?> + <tr> + <td colspan="3" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> + +<? +// User Agreements +$dres = get_user_agreements($userid); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="4" class="title"><?=_('User agreements')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_log_agreement_header(); + while ($drow = mysql_fetch_assoc($dres)) + { + output_log_agreement($drow); + } +} else { + ?> + <tr> + <td colspan="4" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> + +<? +// Client Certificates +$dres = get_client_certs($userid, 1); +$colspan=8; +if (1 == $support) { + $colspan=6; +} +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="<?=$colspan?>" class="title"><?=_('Client certificates')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_client_cert_header($support); + while ($drow = mysql_fetch_assoc($dres)) + { + output_client_cert($drow,$support); + } +} else { + ?> + <tr> + <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> + +<? +// Server Certificates +$dres = get_server_certs($userid,1); +$colspan = 7; +if (1 == $support) { + $colspan = 5; +} +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="<?=$colspan?>" class="title"><?=_('Server certificates')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_server_certs_header($support); + while ($drow = mysql_fetch_assoc($dres)) + { + output_server_certs($drow,$support); + } +} else { + ?> + <tr> + <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> + +<? +// GPG Certificates +$dres = get_gpg_certs($userid,1); +$colspan = 6; +if (1 == $support) { + $colspan = 4; +} +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="<?=$colspan?>" class="title"><?=_('GPG/PGP certificates')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_gpg_certs_header($support); + while ($drow = mysql_fetch_assoc($dres)) + { + output_gpg_certs($drow, $support); + } +} else { + ?> + <tr> + <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td> + </tr> + <? +}?> +</table> +<br/> + +<? + +output_given_assurances($userid, $support, $ticketno, 1); +?><br/><? + +output_received_assurances($userid, $support, $ticketno, 1); +?><br/><? + +$dres = get_se_log($userid); +$colspan = 2; +if (1 == $support) { + $colspan = 4; +} +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="<?=$colspan?>" class="title"><?=_('Admin log')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_log_se_header($support); + while ($drow = mysql_fetch_assoc($dres)) + { + output_log_se($drow,$support); + } +} else { + ?> + <tr> + <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +<tr> + <td colspan="<?=$colspan?>" > + <a href="account.php?id=<?=$oldid?intval($oldid):($support?43:13)?>&userid=<?=intval($userid)?>"><?= _('Back to previous page.')?></a> + </td> +</tr> + +</table> diff --git a/pages/account/6.php b/pages/account/6.php index 0054b7a..305fccb 100644 --- a/pages/account/6.php +++ b/pages/account/6.php @@ -25,7 +25,7 @@ if(array_key_exists('cert',$_REQUEST)) { $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`, - `emailcerts`.`expire` as `expires`, + `emailcerts`.`expire`, `emailcerts`.`revoked` as `revoke`, UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, `emailcerts`.`id`, @@ -115,7 +115,6 @@ if (array_key_exists('format', $_REQUEST)) { echo "<pre>$cert</pre>"; ?> -<form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="2" class="title"><?=_("Information about the certificate")?></td> @@ -133,26 +132,16 @@ if (array_key_exists('format', $_REQUEST)) { $row['revoke'] = _("Not Revoked"); ?> <tr> - <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> -<? if($verified != _("Pending") && $verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="revokeid[<?=$row['id']?>]" ></td> -<? } else if($verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="delid[<?=$row['id']?>]"></td> -<? } else { ?> - <td class="DataTD"> </td> -<? } ?> - </tr> - <tr> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=$verified?></td> </tr> <tr> <td class="DataTD"><?=_("Email Address")?></td> - <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td> </tr> <tr> <td class="DataTD"><?=_("SerialNumber")?></td> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td> </tr> <tr> <td class="DataTD"><?=_("Revoked")?></td> @@ -160,26 +149,19 @@ if (array_key_exists('format', $_REQUEST)) { </tr> <tr> <td class="DataTD"><?=_("Expires")?></td> - <td class="DataTD"><?=$row['expires']?></td> + <td class="DataTD"><?=$row['expire']?></td> </tr> <tr> <td class="DataTD"><?=_("Login")?></td> <td class="DataTD"> - <input type="checkbox" name="disablelogin" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> + <input type="checkbox" name="disablelogin" disabled="disabled" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> </td> </tr> <tr> <td class="DataTD"><?=_("Comment")?></td> - <td class="DataTD"><input type="text" name="description" maxlength="100" size=100 value="<?=htmlspecialchars($row['description'])?>"></td> - </tr> - <tr> - <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td> + <td class="DataTD"><?=htmlspecialchars($row['description'])?></td> </tr> </table> -<input type="hidden" name="oldid" value="6"> -<input type="hidden" name="certid" value="<?=$certid?>"> -</form> - <? showfooter(); exit; diff --git a/pages/gpg/0.php b/pages/gpg/0.php index f490511..a11c4bf 100644 --- a/pages/gpg/0.php +++ b/pages/gpg/0.php @@ -19,7 +19,7 @@ ?> <p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p> <form method="post" action="gpg.php"> -<p><?=_("Optional comment, only used in the certifictate overview")?><br /> +<p><?=_("Optional comment, only used in the certificate overview")?><br /> <input type="text" name="description" maxlength="80" size=80 /></p> <textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br /> <p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> diff --git a/pages/gpg/2.php b/pages/gpg/2.php index cc8a872..84e11d2 100644 --- a/pages/gpg/2.php +++ b/pages/gpg/2.php @@ -30,7 +30,7 @@ $query = "select UNIX_TIMESTAMP(`issued`) as `issued`, UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`expire`) as `expired`, - `expire` as `expires`, `id`, `level`, + `expire`, `id`, `level`, `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."' ORDER BY `issued` desc"; $res = mysql_query($query); @@ -43,6 +43,7 @@ <? } else { while($row = mysql_fetch_assoc($res)) { + $verified = ''; if($row['timeleft'] > 0) $verified = _("Valid"); if($row['timeleft'] < 0) @@ -53,18 +54,18 @@ <tr> <? if($verified == _("Valid")) { ?> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['email']?></a></td> + <td class="DataTD"><a href="gpg.php?id=3&cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> <? } else if($verified == _("Pending")) { ?> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><?=$row['email']?></td> + <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> <? } else { ?> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['email']?></a></td> + <td class="DataTD"><a href="gpg.php?id=3&cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> <? } ?> - <td class="DataTD"><?=$row['expires']?></td> - <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['keyid']?></a></td> - <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> - <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> + <td class="DataTD"><?=$row['expire']?></td> + <td class="DataTD"><a href="gpg.php?id=3&cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['keyid'])?></a></td> + <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td> </tr> <? } ?> <? } ?> @@ -77,5 +78,5 @@ <td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td> </tr> </table> -<input type="hidden" name="oldid" value="<?=$id?>" /> +<input type="hidden" name="oldid" value="<?=intval($id)?>" /> </form> diff --git a/pages/index/0.php b/pages/index/0.php index b1359f6..c5301d3 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -17,7 +17,11 @@ */ ?> <h3><?=_("Are you new to CAcert?")?></h3> -<p><?=sprintf(_("If you want to have free certificates issued to you, join the %s CAcert Community %s."),"<a href=\"https://www.cacert.org/index.php?id=1\">","</a>")?></p> +<p><?=_("CAcert.org is a community-driven Certificate Authority that issues certificates to the public at large for free.")?></p> + +<p><?=_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer Protocol (SSL or TLS) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.")?></p> + +<p><?=sprintf(_("If you want to have free certificates issued to you, %s join the CAcert Community %s."),'<a href="https://www.cacert.org/index.php?id=1">', '</a>')?></p> <p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Root Distribution License %s."),'<a href="/policy/RootDistributionLicense.php">',"</a>")?> <?=sprintf(_("This license applies to using the CAcert %s root keys %s."),'<a href="/index.php?id=3">','</a>')?></p> diff --git a/pages/index/1.php b/pages/index/1.php index a60a242..3315d69 100644 --- a/pages/index/1.php +++ b/pages/index/1.php @@ -15,9 +15,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<p><?=_("By joining CAcert and becoming a Member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p> +<p><?=_("By joining CAcert and becoming a member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p> <p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p> <p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"> +<b><?=_("Note: Please enter your date of birth and names as they are written in your official documents.")?></b><br /><br /> +<?=_("Because CAcert is a certificate authority (CA) people rely on us knowing about the identity of the users of our certificates. So even as we value privacy very much, we need to collect at least some basic information about our members. This is especially the case for everybody who wants to take part in our web of trust.")?> +<?=_("Your private information will be used for internal procedures only and will not be shared with third parties.")?> +</p> +<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"> <?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br> <b><?=_("Note: White spaces at the beginning and end of a password will be removed.")?></b> </p> @@ -30,7 +35,7 @@ <tr> <td class="DataTD" width="125"><?=_("First Name")?>: </td> - <td class="DataTD" width="125"><input type="text" name="fname" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td> + <td class="DataTD" width="125"><input type="text" name="fname" size="30" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td> <td rowspan="4" class="DataTD" width="125"><? printf(_("Help on Names %sin the wiki%s"),'<a href="//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm" target="_blank">','</a>')?></td> </tr> @@ -38,18 +43,18 @@ <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> (<?=_("optional")?>) </td> - <td class="DataTD"><input type="text" name="mname" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td> + <td class="DataTD"><input type="text" name="mname" size="30" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td> </tr> <tr> <td class="DataTD"><?=_("Last Name")?>: </td> - <td class="DataTD"><input type="text" name="lname" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td> + <td class="DataTD"><input type="text" name="lname" size="30" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td> </tr> <tr> <td class="DataTD"><?=_("Suffix")?><br> (<?=_("optional")?>)</td> - <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td> + <td class="DataTD"><input type="text" name="suffix" size="30" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td> </tr> <tr> @@ -84,18 +89,18 @@ <tr> <td class="DataTD"><?=_("Email Address")?>: </td> - <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"></td> + <td class="DataTD"><input type="text" name="email" size="30" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"></td> <td class="DataTD"><?=_("I own or am authorised to control this email address")?></td> </tr> <tr> <td class="DataTD"><?=_("Pass Phrase")?><font color="red">*</font>: </td> - <td class="DataTD"><input type="password" name="pword1" autocomplete="off"></td> + <td class="DataTD"><input type="password" name="pword1" size="30" autocomplete="off"></td> <td class="DataTD" rowspan="2"> </td> </tr> <tr> <td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td> - <td class="DataTD"><input type="password" name="pword2" autocomplete="off"></td> + <td class="DataTD"><input type="password" name="pword2" size="30" autocomplete="off"></td> </tr> <tr> @@ -107,29 +112,39 @@ </tr> <tr> - <td class="DataTD">1) <input type="text" name="Q1" size="15" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td> - <td class="DataTD"><input type="text" name="A1" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td> - <td class="DataTD" rowspan="5"> </td> + <td class="DataTD"> </td> + <td class="DataTD"><?=_("Question")?></td> + <td class="DataTD"><?=_("Answer")?></td> + </tr> + + <tr> + <td class="DataTD">1)</td> + <td class="DataTD"><input type="text" name="Q1" size="30" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td> + <td class="DataTD"><input type="text" name="A1" size="30" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td> </tr> <tr> - <td class="DataTD">2) <input type="text" name="Q2" size="15" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td> - <td class="DataTD"><input type="text" name="A2" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td> + <td class="DataTD">2)</td> + <td class="DataTD"><input type="text" name="Q2" size="30" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td> + <td class="DataTD"><input type="text" name="A2" size="30" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td> </tr> <tr> - <td class="DataTD">3) <input type="text" name="Q3" size="15" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td> - <td class="DataTD"><input type="text" name="A3" value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td> + <td class="DataTD">3)</td> + <td class="DataTD"><input type="text" name="Q3" size="30" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td> + <td class="DataTD"><input type="text" name="A3" size="30"value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td> </tr> <tr> - <td class="DataTD">4) <input type="text" name="Q4" size="15" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td> - <td class="DataTD"><input type="text" name="A4" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td> + <td class="DataTD">4)</td> + <td class="DataTD"><input type="text" name="Q4" size="30"" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td> + <td class="DataTD"><input type="text" name="A4" size="30" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td> </tr> <tr> - <td class="DataTD">5) <input type="text" name="Q5" size="15" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td> - <td class="DataTD"><input type="text" name="A5" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td> + <td class="DataTD">5)</td> + <td class="DataTD"><input type="text" name="Q5" size="30" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td> + <td class="DataTD"><input type="text" name="A5" size="30" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td> </tr> <tr> diff --git a/pages/wot/1.php b/pages/wot/1.php index a45b5df..9047f27 100644 --- a/pages/wot/1.php +++ b/pages/wot/1.php @@ -14,9 +14,9 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? - $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries")); +*/ + + $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries")); $total1 =$res['summe']; $locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0; @@ -91,7 +91,7 @@ { $query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and `ccid`='".$ccid."' and `regid`='".$regid."' and - `locid`='".$locid."' and `users`.`id`=`notary`.`to` + `locid`='".$locid."' and `users`.`id`=`notary`.`to` and `notary`.`deleted`=0 group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc"; $list = mysql_query($query); if(mysql_num_rows($list) > 0) @@ -104,19 +104,19 @@ <td class="title"><?=_("Contact Details")?></td> <td class="title"><?=_("Email Assurer")?></td> <td class="title"><?=_("Assurer Challenge")?></td> - </tr> -<? while($row = mysql_fetch_assoc($list)) { ?> + +<? while($row = mysql_fetch_assoc($list)) { ?> <tr> - <td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td> + <td class="DataTD" width="100"><nobr><?=sanitizeHTML($row['fname'])?> <?=substr($row['lname'], 0, 1)?>.</nobr></td> <td class="DataTD"><?=maxpoints($row['id'])?></td> - <td class="DataTD"><?=$row['contactinfo']?></td> + <td class="DataTD"><?=sanitizeHTML($row['contactinfo'])?></td> <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td> <td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td> - </tr> -<? } - } +<? + } + } ?> </table> <br> diff --git a/pages/wot/10.php b/pages/wot/10.php index bc76a86..b5e146c 100644 --- a/pages/wot/10.php +++ b/pages/wot/10.php @@ -24,7 +24,7 @@ <td colspan="5" class="title"><?=_("Assurer Ranking")?></td> </tr> <tr> -<? +<?// the rank calculation is not adjusted to the new deletion method $query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary` WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to` AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`"; @@ -36,8 +36,8 @@ WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to` GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC"; */ - $query = "SELECT count(*) AS `list` FROM `users` - inner join `notary` on `users`.`id` = `notary`.`from` + $query = "SELECT count(*) AS `list` FROM `users` + inner join `notary` on `users`.`id` = `notary`.`from` GROUP BY `notary`.`from` HAVING count(*) > '$rc'"; $rank = mysql_num_rows(mysql_query($query)) + 1; @@ -64,18 +64,18 @@ <td class="DataTD"><b><?=_("Method")?></b></td> </tr> <? - $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'"; + $query = "select `id`, `date`, `from`, `points`, `location`, `method` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'")); + $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'")); ?> <tr> - <td class="DataTD"><?=$row['id']?></td> + <td class="DataTD"><?=intval($row['id'])?></td> <td class="DataTD"><?=$row['date']?></td> - <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($row['from'])?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> - <td class="DataTD"><?=$row['points']?></td> - <td class="DataTD"><?=$row['location']?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($row['from'])?>"><?=sanitizeHTML(trim($fromuser['fname']." ".$fromuser['lname']))?></td> + <td class="DataTD"><?=intval($row['points'])?></td> + <td class="DataTD"><?=sanitizeHTML($row['location'])?></td> <td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td> </tr> <? @@ -114,30 +114,30 @@ if ($thawte) </tr> <? $points = 0; - $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'"; + $query = "select `id`, `date`, `points`, `to`, `location`, `method` from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."' and `deleted`=0" ; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'")); - $points += $row['points']; + $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'")); + $points += intval($row['points']); $name = trim($fromuser['fname']." ".$fromuser['lname']); if($name == "") $name = _("Deleted before Verification"); else - $name = "<a href='wot.php?id=9&userid=".intval($row['to'])."'>$name</a>"; + $name = "<a href='wot.php?id=9&userid=".intval($row['to'])."'>".sanitizeHTML($name)."</a>"; ?> <tr> <td class="DataTD"><?=intval($row['id'])?></td> <td class="DataTD"><?=$row['date']?></td> <td class="DataTD"><?=$name?></td> <td class="DataTD"><?=intval($row['points'])?></td> - <td class="DataTD"><?=$row['location']?></td> + <td class="DataTD"><?=sanitizeHTML($row['location'])?></td> <td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="3"><b><?=_("Total Points Issued")?>:</b></td> - <td class="DataTD"><?=$points?></td> + <td class="DataTD"><?=intval($points)?></td> <td class="DataTD" colspan="2"> </td> </tr> </table> diff --git a/pages/wot/15.php b/pages/wot/15.php index cca2702..c1f3e0f 100644 --- a/pages/wot/15.php +++ b/pages/wot/15.php @@ -14,7 +14,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ +*/ require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); diff --git a/pages/wot/5.php b/pages/wot/5.php index c1a6438..565dd6a 100644 --- a/pages/wot/5.php +++ b/pages/wot/5.php @@ -18,14 +18,24 @@ include_once("../includes/shutdown.php"); require_once("../includes/lib/l10n.php"); ?> -<? - if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") +<? + if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><font color="orange" size="+1"> <? echo _("ERROR").": ".$_SESSION['_config']['error'] ?> </font> <?unset($_SESSION['_config']['error']); - } + } + + if (!isset($_SESSION['assuresomeone']['year'])) { + $_SESSION['assuresomeone']['year'] = 0; + } + if (!isset($_SESSION['assuresomeone']['month'])) { + $_SESSION['assuresomeone']['month'] = 0; + } + if (!isset($_SESSION['assuresomeone']['day'])) { + $_SESSION['assuresomeone']['day'] = 0; + } ?> <? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?> <form method="post" action="wot.php"> @@ -60,6 +70,37 @@ <td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td> <? } ?> </tr> + <tr> + <td class="DataTD"> + <?=_("Date of Birth")?><br/> + (<?=_("yyyy/mm/dd")?>)</td> + <td class="DataTD"> + <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['year']) >= 1900 ? intval($_SESSION['assuresomeone']['year']):''?>" size="4" autocomplete="off"></nobr> + <select name="month"> +<? +for($i = 1; $i <= 12; $i++) +{ + echo "<option value='$i'"; + if(array_key_exists('month',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['month']) === $i) + echo " selected=\"selected\""; + echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n"; +} +?> + </select> + <select name="day"> +<? +for($i = 1; $i <= 31; $i++) +{ + echo "<option"; + if(array_key_exists('day',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['day']) === $i) + echo " selected=\"selected\""; + echo ">$i</option>"; +} +?> + </select> + </td> + </tr> + <tr> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> </tr> diff --git a/pages/wot/6.php b/pages/wot/6.php index 1031090..4094a18 100644 --- a/pages/wot/6.php +++ b/pages/wot/6.php @@ -24,6 +24,9 @@ } $row = $_SESSION['_config']['notarise']; + $_SESSION['assuresomeone']['year'] = 0; + $_SESSION['assuresomeone']['month'] = 0; + $_SESSION['assuresomeone']['day'] = 0; if($_SESSION['profile']['ttpadmin'] == 1) // $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP"); @@ -32,28 +35,54 @@ else $methods = array("Face to Face Meeting"); - $fname = $row['fname']; - $mname = $row['mname']; - $lname = $row['lname']; - $suffix = $row['suffix']; + $mnames = array( + '01' => _('January'), + '02' => _('February'), + '03' => _('March'), + '04' => _('April'), + '05' => _('May'), + '06' => _('June'), + '07' => _('July'), + '08' => _('August'), + '09' => _('September'), + '10' => _('October'), + '11' => _('November'), + '12' => _('December') + ); + + $fname = sanitizeHTML($row['fname']); + $mname = sanitizeHTML($row['mname']); + $lname = sanitizeHTML($row['lname']); + $suffix = sanitizeHTML($row['suffix']); $dob = $row['dob']; + + $dob_date = explode('-', $dob, 3); + $dob_print = sprintf( + '<tt class="accountdetail">%s-%s-%s</tt> (%d %s %d)', + $dob_date[0], $dob_date[1], $dob_date[2], + intval($dob_date[2], 10), $mnames[$dob_date[1]], intval($dob_date[0], 10) + ); + $name = $fname." ".$mname." ".$lname." ".$suffix; $_SESSION['_config']['wothash'] = md5($name."-".$dob); require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); - AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname)); - AssureTextLine(_("Name"),$name); - AssureTextLine(_("Date of Birth"),$dob." ("._("YYYY-MM-DD").")"); + AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s %s %s %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname, $mname, $lname, $suffix)); + AssureTextLine(_("Name"), sprintf( + "<tt><span class=\"accountdetail name\"><span class=\"accountdetail fname\">%s</span> <span class=\"accountdetail mname\">%s</span> <span class=\"accountdetail lname\">%s</span> <span class=\"accountdetail suffix\">%s</span></span></tt>", + $fname, $mname, $lname, $suffix + )); + AssureTextLine(_("Date of Birth"),$dob_print); AssureMethodLine(_("Method"),$methods,''); - AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person."), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); - AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1); - AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"",""); - AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); + AssureBoxLine("certify",sprintf(_("I certify that %s %s %s %s has appeared in person."), $fname, $mname, $lname, $suffix),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); + AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname, $suffix),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1); + AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['location']):"",""); + AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['date']):date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); AssureTextLine("",_("Only tick the next box if the Assurance was face to face.")); AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); - AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); + AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")"); AssureFoot($id,_("I confirm this Assurance")); ?> diff --git a/pages/wot/9.php b/pages/wot/9.php index bfa7a98..20f2c6d 100644 --- a/pages/wot/9.php +++ b/pages/wot/9.php @@ -15,9 +15,9 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ - + require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); - + $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'"); if(mysql_num_rows($res) <= 0) @@ -26,11 +26,10 @@ } else { $user = mysql_fetch_array($res); - $userlang = $user['language']; + $userlang = L10n::normalise_translation($user['language']); $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` - where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); - if($points <= 0) - { + where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0")); + if($points <= 0) { echo _("Sorry, I was unable to locate that user."); } else { @@ -38,31 +37,31 @@ ?> <? if($_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?> <form method="post" action="wot.php"> -<input type="hidden" name="userid" value="<?=$user['id']?>"> +<input type="hidden" name="userid" value="<?=intval($user['id'])?>"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="2" class="title"><?=_("Contact Assurer")?></td> </tr> <tr> <td class="DataTD"><?=_("To")?>:</td> - <td class="DataTD" align="left"><?=$user['fname']?> <?=substr($user['lname'], 0, 1)?></td> + <td class="DataTD" align="left"><?=sanitizeHTML(trim($user['fname'].' '.substr($user['lname'], 0, 1)))?></td> </tr> <? if($userlang != "") { ?> <tr> <td class="DataTD"><?=_("Language")?>:</td> - <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], L10n::$translations[$userlang]) ?></td> + <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), sanitizeHTML($user['fname']), L10n::$translations[$userlang]) ?></td> </tr> <? } ?> <? - $query = "select * from `addlang` where `userid`='".$user['id']."'"; + $query = "select * from `addlang` where `userid`='".intval($user['id'])."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'")); + $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'")); ?> <tr> <td class="DataTD"><?=_("Additional Language")?>:</td> - <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), $user['fname'], $lang['lang'], $lang['country']) ?></td> + <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), $lang['lang'], $lang['country']) ?></td> </tr> <? } ?> <tr> @@ -79,7 +78,7 @@ </table> <input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>"> <input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> </form> <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> <? } } ?> diff --git a/scripts/21de-ate-essen-email.txt b/scripts/21de-ate-essen-email.txt deleted file mode 100644 index bfeea13..0000000 --- a/scripts/21de-ate-essen-email.txt +++ /dev/null @@ -1,97 +0,0 @@ -CAcert Assurer Training Event Essen [Deutsch]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen:
-
-- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ?
-- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ?
-- Unter welchen Umstaenden koennen z.Bsp. niederlaendische Rufnamen akzeptiert werden?
-
-Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs).
-
-Die kommende Veranstaltung in deiner Naehe findet statt am:
-
-Dienstag den 28. September 2010
-Zeit: 19:00 - 22:00
-
-Unperfekthaus Essen
-Friedrich-Ebert-Str. 18
-45127 Essen-City
-
-Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
-
-Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
-Wiki [https://wiki.cacert.org/events/2010_09_28-ATE-Essen]
-Blog [https://blog.cacert.org/2010/09/483.html]
-
-Unverbindliche Anmeldung und Registrierung:
-Rueckantwort mit 'Ich moechte teilnehmen: ATE-Essen'
-
-Kontakt: events@cacert.org
-
-
-
-CAcert Assurer Training Event Essen [Dutch]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Er is veel gebeurd de afgelopen 3 jaar. De oude manier van mondelink doorgegeven procedures is nu verdwenen, en onze regels zijn uitgebracht in formeel beleid. Nieuwe procedures (bijvoorbeeld de Assurer Challenge) en verplichtingen (bv in de CAcert Community Agreement) zijn goedgekeurd. De Assurer Training evenementen brengen dit alles naar u, de Gemeenschap:
-
-- Wat heb je aan toe te voegen aan het CAP formulier bij het waarmerken van jongere leden die nog geen 18+ zijn?
-- Wat zijn de 2 essentiële thema's van de CCA als u die presenteert aan iemand?
-- Wanneer kun je een Nederlandse "roepnaam" accepteren?
-
-Antwoorden op deze, en vele andere vragen worden gegeven op Assurer Training Evenementen (ATE).
-
-ATE-Essen vindt plaats op: Dinsdag 28 September 2010, 19:00 - 22:00
-
-Unperfekthaus Essen
-Friedrich-Ebert-Str. 18
-45127 Essen-City
-
-Het Event-Team kijkt er naar uit om van u te horen.
-
-Details over locatie en vervoer vindt u onder
-Wiki [https://wiki.cacert.org/events/2010_09_28-ATE-Essen]
-Blog [https://blog.cacert.org/2010/09/483.html]
-
-Voor registratie van ATE-Essen kunt u reageren met
- 'Ik zal aanwezig zijn: ATE-Essen'
-gericht aan events@cacert.org
-
-Voor andere vragen of opmerkingen kunt u ook terecht bij events@cacert.org
-
-
-
-CAcert Assurer Training Event Essen [English]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Much has happened during the past 3 years. The old way of
-orally-transmitted procedures has now gone, and our rules have been cast
-into formal policies. New procedures (e.g. the Assurer Challenge) and
-obligations (e.g. in the CAcert Community Agreement) have been approved.
-The Assurer Training Events bring all this to you, the Community:
-
-- What you have to add onto the CAP form if you assure U18 people ?
-- What are the 2 essential topics regarding CCA you have to present an Assuree ?
-- When you can accept i.e. a Dutch "roepnaam" ?
-
-Answers to these and many other questions are given at the Assurer
-Training Events (ATEs).
-
-ATE-Essen takes place on:
-Tuesday, Sept 28, 2010, 19:00 - 22:00
-
-Unperfekthaus Essen
-Friedrich-Ebert-Str. 18
-45127 Essen-City
-
-The Event-Team is looking forward to hearing from you.
-
-Details on Location and Transportation you will find under
-Wiki [https://wiki.cacert.org/events/2010_09_28-ATE-Essen]
-Blog [https://blog.cacert.org/2010/09/483.html]
-
-Registration for ATE-Essen: please reply
-'I will attend: ATE-Essen'
-
-Contact: events@cacert.org
diff --git a/scripts/21de-ate-essen-mail.php.txt b/scripts/21de-ate-essen-mail.php.txt deleted file mode 100644 index 18437d2..0000000 --- a/scripts/21de-ate-essen-mail.php.txt +++ /dev/null @@ -1,135 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("21de-ate-essen-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin - -// Software Freedom Day 19. Sept 2009 -// $locid = 715191; // Hamburg - -// LISA2009 Baltimore, 1.11.2009 -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States -// $city = "Baltimore, MD - Nov. 3rd 2009"; - -// OpenSourceTreffen-Muenchen, 20.11.2009 -// $locid = 1260319; // Muenchen -// $city = "Muenchen - 20. Nov 2009"; - -// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009 -// $locid = 1486658; // Potsdam -// $eventname = "Brandenburger Linux-Infotag (BLIT2009)"; -// $city = "Potsdam - 21. Nov 2009"; - -// ATE-Goteborg, 16.12.2009 -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $eventname = "ATE-Goteborg"; -// $city = "Goteborg - Dec 16th 2009"; - -// Assurance Event Mission Hills CA, 15.01.2010 -// $locid = 2094781; // Mission Hills (Los Angeles), California, United States -// $eventname = "Assurance Event"; -// $city = "Mission Hills CA - Jan 15th 2010"; - -// Assurance Event OSD Copenhagen DK, 5.03.2010 -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "Assurance Event OpenSource-Days 2010"; -// $city = "Copenhagen DK - March 5th/6th 2010"; - -// SCALE 8x Los Angeles, CA, Feb 19-21 2010 -// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "SCALE 8x 2010"; -// $city = "Los Angeles, CA - February 19-21 2010"; - -// ATE Sydney, AU, Mar 24 2010 -// $locid = 2257312; // Sydney, New South Wales, Australia -// $eventname = "ATE-Sydney"; -// $city = "March 24, 2010"; - -// ATE Essen, DE, Sept 28 2010 - $locid = 572764; // Essen, Nordrhein-Westfalen, Germany - $eventname = "ATE-Essen"; - $city = "September 28, 2010"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - echo "invitation sent to $xrows recipients.\n"; -?> diff --git a/scripts/22de-ate-aachen-email.txt b/scripts/22de-ate-aachen-email.txt deleted file mode 100644 index a93ba8d..0000000 --- a/scripts/22de-ate-aachen-email.txt +++ /dev/null @@ -1,133 +0,0 @@ -CAcert Assurer Training Event Aachen [Deutsch]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen:
-
-- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ?
-- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ?
-- Unter welchen Umstaenden koennen z.Bsp. niederlaendische Rufnamen akzeptiert werden?
-
-Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs).
-
-Die kommende Veranstaltung in deiner Naehe findet statt am:
-
-Montag den 04. Oktber 2010
-in den Seminarraeumen (Madrid and Lissabon)
-
-Jugendherberge Aachen
-- Euregionales Jugendgaestehaus -
-Maria-Theresia-Allee 260
-52074 Aachen
-
-Es finden 2 Veranstaltungen statt. Eine am Nachmittag, eine am Abend:
-Unverbindliche Anmeldung und Registrierung:
-
-Nachmittag 14:00 - 17:00 (I)
-Rueckantwort mit 'Ich moechte am ATE-Aachen am Nachmittag teilnehmen'
-
-oder
-
-Abend: 19:00 - 22:00 (II)
-Rueckantwort mit 'Ich moechte am ATE-Aachen am Abend teilnehmen'
-
-Zur Durchfuehrung der jeweiligen Veranstaltung ist eine Mindestteilnehmerzahl von 6 Personen erforderlich.
-
-Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
-
-Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
-Wiki [https://wiki.cacert.org/Events/2010_10_04-ATE-Aachen]
-Blog [https://blog.cacert.org/2010/08/482.html]
-and [https://blog.cacert.org/2010/09/484.html]
-
-Kontakt: events@cacert.org
-
-
-
-CAcert Assurer Training Event Aachen [Dutch]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Er is veel gebeurd de afgelopen 3 jaar. De oude manier van mondeling doorgegeven procedures is nu verdwenen, en onze regels zijn uitgebracht in formeel beleid. Nieuwe procedures (bijvoorbeeld de Assurer Challenge) en verplichtingen (bv in de CAcert Community Agreement) zijn goedgekeurd. De Assurer Training evenementen brengen dit alles naar u, de Gemeenschap:
-
-- Wat heb je toe te voegen aan het CAP formulier bij het waarmerken van jongere leden die nog geen 18+ zijn?
-- Wat zijn de 2 essentiële thema's van de CCA als u die presenteert aan iemand?
-- Wanneer kun je een Nederlandse "roepnaam" accepteren?
-
-Antwoorden op deze, en vele andere vragen worden gegeven op Assurer Training Evenementen (ATE).
-
-ATE-Aken vindt plaats op: maandag 04 october 2010
-In de hoorzalen (Madrid en Lissabon) van
-
-Jugendherberge Aken
-- Euregionales Jugendgaestehaus -
-Maria-Theresia-Allee 260
-52074 Aachen
-
-Er zullen 2 bijeenkomsten plaatsvinden. Een 's middags, de ander 's avonds.
-U kunt uw aanmelding/registratie ten alle tijden wijzigen.
-
-'s middags 14:00--17:00 (I)
-Reactie met "Ik wil graag 's middags deelnemen aan ATE-Aken (!)." gericht aan events@cacert.org.
-
-of
-
-'s avonds 19:00--22:00 (II)
-Reactie met "Ik wil graag 's avonds deelnemen aan ATE-Aken (II)." gericht aan events@cacert.org.
-
-(Om een bijeenkomst door te laten gaan hebben wij graag 6 of meer deelnemers.)
-
-Het Event-Team kijkt er naar uit om van u te horen.
-
-Details over locatie en vervoer vindt u onder
-Wiki [https://wiki.cacert.org/Events/2010_10_04-ATE-Aachen]
-Blog [https://blog.cacert.org/2010/08/482.html]
-en [https://blog.cacert.org/2010/09/484.html]
-
-Voor andere vragen of opmerkingen kunt u ook terecht bij events@cacert.org
-
-
-
-CAcert Assurer Training Event Aachen [English]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Much has happened during the past 3 years. The old way of
-orally-transmitted procedures has now gone, and our rules have been cast
-into formal policies. New procedures (e.g. the Assurer Challenge) and
-obligations (e.g. in the CAcert Community Agreement) have been approved.
-The Assurer Training Events bring all this to you, the Community:
-
-- What you have to add onto the CAP form if you assure U18 people ?
-- What are the 2 essential topics regarding CCA you have to present an Assuree ?
-- When you can accept i.e. a Dutch "roepnaam" ?
-
-Answers to these and many other questions are given at the Assurer
-Training Events (ATEs).
-
-ATE-Aachen takes place on:
-Monday, Oct 4th, 2010
-Lecture Rooms (Madrid and Lissabon)
-
-Jugendherberge Aachen
-- Euregionales Jugendgaestehaus -
-Maria-Theresia-Allee 260
-52074 Aachen
-
-We have scheduled two events: one in the afternoon, one in the evening:
-
-Afternoon 14:00-17:00 (I):
-For Registration please reply: 'I will attend ATE-Aachen in the afternoon'
-
-or
-
-Evening 19:00-22:00 (II):
-For Registration please reply: 'I will attend ATE-Aachen in the evening'
-
-For each of the events to take place, we will need at least 6 attendees.
-
-The Event-Team is looking forward to hearing from you.
-
-Details on Location and Transportation you will find under
-Wiki [https://wiki.cacert.org/Events/2010_10_04-ATE-Aachen]
-Blog [https://blog.cacert.org/2010/08/482.html]
-and [https://blog.cacert.org/2010/09/484.html]
-
-Contact: events@cacert.org
diff --git a/scripts/22de-ate-aachen-mail.php.txt b/scripts/22de-ate-aachen-mail.php.txt deleted file mode 100644 index fa60d74..0000000 --- a/scripts/22de-ate-aachen-mail.php.txt +++ /dev/null @@ -1,141 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("22de-ate-aachen-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin - -// Software Freedom Day 19. Sept 2009 -// $locid = 715191; // Hamburg - -// LISA2009 Baltimore, 1.11.2009 -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States -// $city = "Baltimore, MD - Nov. 3rd 2009"; - -// OpenSourceTreffen-Muenchen, 20.11.2009 -// $locid = 1260319; // Muenchen -// $city = "Muenchen - 20. Nov 2009"; - -// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009 -// $locid = 1486658; // Potsdam -// $eventname = "Brandenburger Linux-Infotag (BLIT2009)"; -// $city = "Potsdam - 21. Nov 2009"; - -// ATE-Goteborg, 16.12.2009 -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $eventname = "ATE-Goteborg"; -// $city = "Goteborg - Dec 16th 2009"; - -// Assurance Event Mission Hills CA, 15.01.2010 -// $locid = 2094781; // Mission Hills (Los Angeles), California, United States -// $eventname = "Assurance Event"; -// $city = "Mission Hills CA - Jan 15th 2010"; - -// Assurance Event OSD Copenhagen DK, 5.03.2010 -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "Assurance Event OpenSource-Days 2010"; -// $city = "Copenhagen DK - March 5th/6th 2010"; - -// SCALE 8x Los Angeles, CA, Feb 19-21 2010 -// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "SCALE 8x 2010"; -// $city = "Los Angeles, CA - February 19-21 2010"; - -// ATE Sydney, AU, Mar 24 2010 -// $locid = 2257312; // Sydney, New South Wales, Australia -// $eventname = "ATE-Sydney"; -// $city = "March 24, 2010"; - -// ATE Essen, DE, Sept 28 2010 -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Essen"; -// $city = "September 28, 2010"; - -// ATE Aachen, DE, Oct 4th 2010 - $locid = 78; // Aachen, Nordrhein-Westfalen, Germany - $eventname = "ATE-Aachen"; - $city = "October 4th, 2010"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - echo "invitation sent to $xrows recipients.\n"; -?> diff --git a/scripts/23au-ate-canberra-email.txt b/scripts/23au-ate-canberra-email.txt deleted file mode 100644 index 58d4e55..0000000 --- a/scripts/23au-ate-canberra-email.txt +++ /dev/null @@ -1,31 +0,0 @@ -CAcert Assurer Training Event -- Canberra -:::::::::::::::::::::::::::::::::::::::::::::::::: - -Dear Member of the CAcert Community, - -Much has happened during recent years. The old way of orally-transmitted procedures has now gone, and our rules have been cast into formal policies. New procedures (e.g. the Assurer Challenge) and obligations (e.g. in the CAcert Community Agreement) have been approved. - -The Assurer Training Events bring all this to you, the Assurer, and the Community: - -- What do you have to add onto the CAP form if you assure minors ? -- What are the 2 essential CCA points you have to present an Assuree ? -- Who can access the Member's privacy information? - -Answers to these and many other questions typically faced by Assurers are given at the Assurer Training Events (ATEs). - -ATE-Canberra takes place at: -* Tuesday, Oct 12th, 2010 -* Grant Cameron Community Centre, 27-29 Mulley St, Holder -* 7:00pm - -For Registration please reply: 'I will attend ATE-Canberra' - -We are looking forward to hearing from you. - - -- Best regards from the Event Team! - - -PS: Contact: events@cacert.org -Location, Transportation and other event details at -[https://wiki.cacert.org/events/20101012Canberra] diff --git a/scripts/23au-ate-canberra-mail.php.txt b/scripts/23au-ate-canberra-mail.php.txt deleted file mode 100644 index b7293cc..0000000 --- a/scripts/23au-ate-canberra-mail.php.txt +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("23au-ate-canberra-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin - -// Software Freedom Day 19. Sept 2009 -// $locid = 715191; // Hamburg - -// LISA2009 Baltimore, 1.11.2009 -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States -// $city = "Baltimore, MD - Nov. 3rd 2009"; - -// OpenSourceTreffen-Muenchen, 20.11.2009 -// $locid = 1260319; // Muenchen -// $city = "Muenchen - 20. Nov 2009"; - -// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009 -// $locid = 1486658; // Potsdam -// $eventname = "Brandenburger Linux-Infotag (BLIT2009)"; -// $city = "Potsdam - 21. Nov 2009"; - -// ATE-Goteborg, 16.12.2009 -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $eventname = "ATE-Goteborg"; -// $city = "Goteborg - Dec 16th 2009"; - -// Assurance Event Mission Hills CA, 15.01.2010 -// $locid = 2094781; // Mission Hills (Los Angeles), California, United States -// $eventname = "Assurance Event"; -// $city = "Mission Hills CA - Jan 15th 2010"; - -// Assurance Event OSD Copenhagen DK, 5.03.2010 -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "Assurance Event OpenSource-Days 2010"; -// $city = "Copenhagen DK - March 5th/6th 2010"; - -// SCALE 8x Los Angeles, CA, Feb 19-21 2010 -// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "SCALE 8x 2010"; -// $city = "Los Angeles, CA - February 19-21 2010"; - -// ATE Sydney, AU, Mar 24 2010 -// $locid = 2257312; // Sydney, New South Wales, Australia -// $eventname = "ATE-Sydney"; -// $city = "March 24, 2010"; - -// ATE Essen, DE, Sept 28 2010 -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Essen"; -// $city = "September 28, 2010"; - -// ATE Canberra, AU, Oct 12 2010 - $locid = 2255408; // Canberra, Australian Capital Territory, Australia - $eventname = "ATE-Canberra"; - $city = "Tuesday 12th October"; - - - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - echo "invitation sent to $xrows recipients.\n"; -?> diff --git a/scripts/24de-blit2010-email.txt b/scripts/24de-blit2010-email.txt deleted file mode 100644 index 8c186cd..0000000 --- a/scripts/24de-blit2010-email.txt +++ /dev/null @@ -1,15 +0,0 @@ -7. Brandenburger Linux-Infotag 2010 -- Helfer Gesucht -::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: - -Hallo CAcerties, - -am Samstag, dem 6. November 2010 moechte sich CAcert mit einem Stand auf dem 7. Brandenburger Linux-Infotag 2010 praesentieren. Hierzu wurde nun im Wiki eine Organisationsseite eingerichtet, auf der Ihr Euch als Helfer eintragen koennt (http://wiki.cacert.org/events/blit2010). Sofern Ihr aus Berlin, Potsdam sowie Umgebung oder von woanders kommt und Zeit wie auch Lust habt, dann tragt Euch bitte ein. Wer im vergangenen Jahr dabei war, weiss vieviel Spass es allen gemacht hat! - -Auf der Veranstaltung sind Professoren, wissenschaftliche Mitarbeiter und in jedem Fall viele Studenten zu erwarten. Es waere daher super, wenn wir dort moeglichst viele von CAcert ueberzeugen koennen, um eine neue Keimzelle entstehen lassen zu koennen. Daher benoetigen wir mindestens drei Assurer, um 100 Punkte vergeben zu koennen. - -Wir freuen uns auf Eure Mithilfe. - - -Wiki Organisationsseite: [http://wiki.cacert.org/events/blit2010] - -Kontakt: events@cacert.org diff --git a/scripts/24de-blit2010-mail.php.txt b/scripts/24de-blit2010-mail.php.txt deleted file mode 100644 index fbc5342..0000000 --- a/scripts/24de-blit2010-mail.php.txt +++ /dev/null @@ -1,147 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("24de-blit2010-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin - -// Software Freedom Day 19. Sept 2009 -// $locid = 715191; // Hamburg - -// LISA2009 Baltimore, 1.11.2009 -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States -// $city = "Baltimore, MD - Nov. 3rd 2009"; - -// OpenSourceTreffen-Muenchen, 20.11.2009 -// $locid = 1260319; // Muenchen -// $city = "Muenchen - 20. Nov 2009"; - -// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009 -// $locid = 1486658; // Potsdam -// $eventname = "Brandenburger Linux-Infotag (BLIT2009)"; -// $city = "Potsdam - 21. Nov 2009"; - -// ATE-Goteborg, 16.12.2009 -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $eventname = "ATE-Goteborg"; -// $city = "Goteborg - Dec 16th 2009"; - -// Assurance Event Mission Hills CA, 15.01.2010 -// $locid = 2094781; // Mission Hills (Los Angeles), California, United States -// $eventname = "Assurance Event"; -// $city = "Mission Hills CA - Jan 15th 2010"; - -// Assurance Event OSD Copenhagen DK, 5.03.2010 -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "Assurance Event OpenSource-Days 2010"; -// $city = "Copenhagen DK - March 5th/6th 2010"; - -// SCALE 8x Los Angeles, CA, Feb 19-21 2010 -// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "SCALE 8x 2010"; -// $city = "Los Angeles, CA - February 19-21 2010"; - -// ATE Sydney, AU, Mar 24 2010 -// $locid = 2257312; // Sydney, New South Wales, Australia -// $eventname = "ATE-Sydney"; -// $city = "March 24, 2010"; - -// ATE Essen, DE, Sept 28 2010 -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Essen"; -// $city = "September 28, 2010"; - -// ATE Canberra, AU, Oct 12 2010 -// $locid = 2255408; // Canberra, Australian Capital Territory, Australia -// $eventname = "ATE-Canberra"; -// $city = "Tuesday 12th October"; - -// BLIT2010, 7. Brandenburger Linux-Infotag, 6.11.2010 - $locid = 1486658; // Potsdam, Brandenburg, Germany - $eventname = "7. Brandenburger Linux-Infotag (BLIT2010)"; - $city = "Potsdam - 6. Nov 2010"; - - - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - echo "invitation sent to $xrows recipients.\n"; -?> diff --git a/scripts/25de-ate-hamburg-mail.php.txt b/scripts/25de-ate-hamburg-mail.php.txt deleted file mode 100644 index 64c43b0..0000000 --- a/scripts/25de-ate-hamburg-mail.php.txt +++ /dev/null @@ -1,143 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("25de-ate-hamburg-mail.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin - -// Software Freedom Day 19. Sept 2009 -// $locid = 715191; // Hamburg - -// LISA2009 Baltimore, 1.11.2009 -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States -// $city = "Baltimore, MD - Nov. 3rd 2009"; - -// OpenSourceTreffen-Muenchen, 20.11.2009 -// $locid = 1260319; // Muenchen -// $city = "Muenchen - 20. Nov 2009"; - -// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009 -// $locid = 1486658; // Potsdam -// $eventname = "Brandenburger Linux-Infotag (BLIT2009)"; -// $city = "Potsdam - 21. Nov 2009"; - -// ATE-Goteborg, 16.12.2009 -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $eventname = "ATE-Goteborg"; -// $city = "Goteborg - Dec 16th 2009"; - -// Assurance Event Mission Hills CA, 15.01.2010 -// $locid = 2094781; // Mission Hills (Los Angeles), California, United States -// $eventname = "Assurance Event"; -// $city = "Mission Hills CA - Jan 15th 2010"; - -// Assurance Event OSD Copenhagen DK, 5.03.2010 -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "Assurance Event OpenSource-Days 2010"; -// $city = "Copenhagen DK - March 5th/6th 2010"; - -// SCALE 8x Los Angeles, CA, Feb 19-21 2010 -// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "SCALE 8x 2010"; -// $city = "Los Angeles, CA - February 19-21 2010"; - -// ATE Sydney, AU, Mar 24 2010 -// $locid = 2257312; // Sydney, New South Wales, Australia -// $eventname = "ATE-Sydney"; -// $city = "March 24, 2010"; - -// ATE Essen, DE, Sept 28 2010 -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Essen"; -// $city = "September 28, 2010"; - -// ATE Hamburg, DE, Nov 05 2010 - $locid = 715191; // Hamburg - $eventname = "ATE-Hamburg"; - $city = "Nov 05, 2010"; - - - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "ate-hh@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to ate-hh@cacert.org - sendmail("ate-hh@cacert.org", "[CAcert.org] $eventname - $city", $lines, "ate-hh@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - echo "invitation sent to $xrows recipients.\n"; -?> - diff --git a/scripts/25de-ate-hamburg-mail.txt b/scripts/25de-ate-hamburg-mail.txt deleted file mode 100644 index 41786d5..0000000 --- a/scripts/25de-ate-hamburg-mail.txt +++ /dev/null @@ -1,67 +0,0 @@ -CAcert Assurer Training Event Hamburg [Deutsch] -:::::::::::::::::::::::::::::::::::::::::::::::::: - -Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen: - -- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ? -- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ? -- Unter welchen Umstaenden koennen z.Bsp. niederlaendische Rufnamen akzeptiert werden? - -Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs). - -Die kommende Veranstaltung in deiner Naehe findet statt am: - -Freitag den 05. November 2010, 19:00 - 22:00 - -Attraktor e.V. -Mexikoring 21 -22297 Hamburg - -Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme. - -Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im -Wiki [https://wiki.cacert.org/events/2010-11-05-ATE-Hamburg] -Blog [https://blog.cacert.org/2010/10/491.html] - - - -Unverbindliche Anmeldung und Registrierung: -Rueckantwort mit 'Ich moechte teilnehmen: ATE-Hamburg' - -Kontakt: ate-hh@cacert.org - - -CAcert Assurer Training Event Hamburg [English] -:::::::::::::::::::::::::::::::::::::::::::::::::: - -Much has happened during the past 3 years. The old way of -orally-transmitted procedures has now gone, and our rules have been cast -into formal policies. New procedures (e.g. the Assurer Challenge) and -obligations (e.g. in the CAcert Community Agreement) have been approved. -The Assurer Training Events bring all this to you, the Community: - -- What you have to add onto the CAP form if you assure U18 people ? -- What are the 2 essential topics regarding CCA you have to present an Assuree ? -- When you can accept i.e. a Dutch "roepnaam" ? - -Answers to these and many other questions are given at the Assurer -Training Events (ATEs). - -ATE-Hamburg takes place on: -Friday, Nov 05, 2010, 19:00 - 22:00 - -Attraktor e.V. -Mexikoring 21 -22297 Hamburg - -The Event-Team is looking forward to hearing from you. - -Details on Location and Transportation you will find under -Wiki [https://wiki.cacert.org/events/2010-11-05-ATE-Hamburg] -Blog [https://blog.cacert.org/2010/10/491.html] - -Registration for ATE-Hamburg: please reply -'I will attend: ATE-Hamburg' - -Contact: ate-hh@cacert.org - diff --git a/scripts/26us-lisa2010-email.txt b/scripts/26us-lisa2010-email.txt deleted file mode 100644 index 15cdc56..0000000 --- a/scripts/26us-lisa2010-email.txt +++ /dev/null @@ -1,26 +0,0 @@ -Dear CAcert Assurer,
-
-If you are attending the LISA'2010 conference in San Jose, CA, or if you live in the area, please consider attending the BoF (Birds of a Feather) sessions on Tuesday evening, 11/09/2010. I will be leading two seperate hour long BoF sessions. Both will be held in the Blossom Hill room of the San Jose Convention Center. The first is a GPG key signing event at 8:00pm. The second is a CAcert BoF, where we hope to educate and enroll some new assurers.
-
-I presented these same two BoF sessions at the LISA'09 conference in Baltimore. In order to bring any new assurers up to the 100 point level, we will need a few other assurers to help them earn their first trust points. I will also encourage them to them assurer each other on paper. They can then go on-line after the event and once they complete the Assurer Challenge, they start earning experience points.
-
-I can't pull off a successful CAcert event without a few other assurers. I am qualified to give out 35 points. I have one other assurer who has already contacted me and he is good for up to 15 points (and looking to earn more experience points himself). There were a few assurers who showed up to help last year, but I did not know in advance who was coming. If you can help, please reply to this e-mail letting me know you can attend and how many points you are qualified to assign.
-
-For more details on the events, please visit the following web pages or contact Ken. I don't really need help with the GPG key signing BoF, but you are certainly welcome to join us.
-
-[http://www.usenix.org/events/lisa10/bofs.html#gpg]
-[http://www.usenix.org/events/lisa10/bofs.html#cacert]
-
-I have updated the Event entry on the CAcert Wiki. The listing is found at:
-[https://wiki.cacert.org/events/LISA2010]
-Feel free to add your own information if you can attend, or I can add your information if you like.
-
-Ken Schumacher
-My own CAcert Assurance web page at [http://wiki.cacert.org/KenSchumacher]
-
-CAcert Bof Session, Tues Nov 9, 2010 9:00pm till 10:00pm
-Blossom Hill Room at the San Jose Marriott Hotel
-Free Admission to BoFs, no badge or ticket required
-
-
-Contact: events@cacert.org
diff --git a/scripts/26us-lisa2010-mail.php.txt b/scripts/26us-lisa2010-mail.php.txt deleted file mode 100644 index 95f07c7..0000000 --- a/scripts/26us-lisa2010-mail.php.txt +++ /dev/null @@ -1,151 +0,0 @@ -#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("26us-lisa2010-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
- $maxdist = 50;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Canberra, AU, Oct 12 2010
-// $locid = 2255408; // Canberra, Australian Capital Territory, Australia
-// $eventname = "ATE-Canberra";
-// $city = "Tuesday 12th October";
-
-// BLIT2010, 7. Brandenburger Linux-Infotag, 6.11.2010
-// $locid = 1486658; // Potsdam, Brandenburg, Germany
-// $eventname = "7. Brandenburger Linux-Infotag (BLIT2010)";
-// $city = "Potsdam - 6. Nov 2010";
-
-// LISA2010, Nov 7-12, 2010
- $locid = 2096344; // San Jose (Santa Clara), California, United States
- $eventname = "LISA2010";
- $city = "San Jose, CA - Nov 7-12, 2010";
-
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- echo "invitation sent to $xrows recipients.\n";
-?>
diff --git a/scripts/27au-ate-melbourne-email.txt b/scripts/27au-ate-melbourne-email.txt deleted file mode 100644 index 4b3e525..0000000 --- a/scripts/27au-ate-melbourne-email.txt +++ /dev/null @@ -1,31 +0,0 @@ -CAcert Assurer Training Event -- Melbourne -:::::::::::::::::::::::::::::::::::::::::::::::::: - -Dear Member of the CAcert Community, - -Much has happened during recent years. The old way of orally-transmitted procedures has now gone, and our rules have been cast into formal policies. New procedures (e.g. the Assurer Challenge) and obligations (e.g. in the CAcert Community Agreement) have been approved. - -The Assurer Training Events bring all this to you, the Assurer, and the Community: - -- What do you have to add onto the CAP form if you assure minors ? -- What are the 2 essential CCA points you have to present an Assuree ? -- Who can access the Member's privacy information? - -Answers to these and many other questions typically faced by Assurers are given at the Assurer Training Events (ATEs). Bring your ID for assurances. Especially note that Tverify/Thawte people need to boost up their Assurance Points. - -ATE-Melbourne takes place at: -* Thursday, 16th Dec, 2010 -* Readify P/L; Level 4, Life.Lab Building, 198 Harbour Esplanade, Docklands -* 6:00pm - -For Registration please reply: 'I will attend ATE-Melbourne' Don't forget your ID! - -We are looking forward to hearing from you. - - -- Best regards from the Event Team! - - -PS: Contact: events@cacert.org -Location, Transportation and other event details at -https://wiki.cacert.org/events/20101216Melbourne diff --git a/scripts/27au-ate-melbourne-mail.php.txt b/scripts/27au-ate-melbourne-mail.php.txt deleted file mode 100644 index 55870bf..0000000 --- a/scripts/27au-ate-melbourne-mail.php.txt +++ /dev/null @@ -1,156 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("27au-ate-melbourne-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); - $maxdist = 50; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin - -// Software Freedom Day 19. Sept 2009 -// $locid = 715191; // Hamburg - -// LISA2009 Baltimore, 1.11.2009 -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States -// $city = "Baltimore, MD - Nov. 3rd 2009"; - -// OpenSourceTreffen-Muenchen, 20.11.2009 -// $locid = 1260319; // Muenchen -// $city = "Muenchen - 20. Nov 2009"; - -// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009 -// $locid = 1486658; // Potsdam -// $eventname = "Brandenburger Linux-Infotag (BLIT2009)"; -// $city = "Potsdam - 21. Nov 2009"; - -// ATE-Goteborg, 16.12.2009 -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $eventname = "ATE-Goteborg"; -// $city = "Goteborg - Dec 16th 2009"; - -// Assurance Event Mission Hills CA, 15.01.2010 -// $locid = 2094781; // Mission Hills (Los Angeles), California, United States -// $eventname = "Assurance Event"; -// $city = "Mission Hills CA - Jan 15th 2010"; - -// Assurance Event OSD Copenhagen DK, 5.03.2010 -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "Assurance Event OpenSource-Days 2010"; -// $city = "Copenhagen DK - March 5th/6th 2010"; - -// SCALE 8x Los Angeles, CA, Feb 19-21 2010 -// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "SCALE 8x 2010"; -// $city = "Los Angeles, CA - February 19-21 2010"; - -// ATE Sydney, AU, Mar 24 2010 -// $locid = 2257312; // Sydney, New South Wales, Australia -// $eventname = "ATE-Sydney"; -// $city = "March 24, 2010"; - -// ATE Essen, DE, Sept 28 2010 -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Essen"; -// $city = "September 28, 2010"; - -// ATE Canberra, AU, Oct 12 2010 -// $locid = 2255408; // Canberra, Australian Capital Territory, Australia -// $eventname = "ATE-Canberra"; -// $city = "Tuesday 12th October"; - -// BLIT2010, 7. Brandenburger Linux-Infotag, 6.11.2010 -// $locid = 1486658; // Potsdam, Brandenburg, Germany -// $eventname = "7. Brandenburger Linux-Infotag (BLIT2010)"; -// $city = "Potsdam - 6. Nov 2010"; - -// LISA2010, Nov 7-12, 2010 -// $locid = 2096344; // San Jose (Santa Clara), California, United States -// $eventname = "LISA2010"; -// $city = "San Jose, CA - Nov 7-12, 2010"; - -// ATE Melbourne, AU, Dec 16 2010 - $locid = 2262656; // Melbourne, VIC, Australia - $eventname = "ATE-Melbourne"; - $city = "Thursday 16th December"; - - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - echo "invitation sent to $xrows recipients.\n"; -?> diff --git a/scripts/28au-ate-melbourne-email.txt b/scripts/28au-ate-melbourne-email.txt deleted file mode 100644 index 5685d52..0000000 --- a/scripts/28au-ate-melbourne-email.txt +++ /dev/null @@ -1,17 +0,0 @@ -Hi there from CAcert Education Team! - -Just a reminder for the Assurer Training Event, this Thursday evening: - -- Time: 6:00pm to 10:00pm -- Date: Thursday 16th December. -- Location: Readify offices in Docklands, Melbourne - -- Info: http://wiki.cacert.org/events/20101216Melbourne - -RSVP to events@cacert.org: I will attend ATE-Melbourne so we know to let -you in the door! - -Bring your ID docs. Essential info for the Assurer, highly recommended -event. - -See you there, iang. diff --git a/scripts/28au-ate-melbourne-mail.php.txt b/scripts/28au-ate-melbourne-mail.php.txt deleted file mode 100644 index 9466d32..0000000 --- a/scripts/28au-ate-melbourne-mail.php.txt +++ /dev/null @@ -1,156 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("28au-ate-melbourne-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); - $maxdist = 50; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin - -// Software Freedom Day 19. Sept 2009 -// $locid = 715191; // Hamburg - -// LISA2009 Baltimore, 1.11.2009 -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States -// $city = "Baltimore, MD - Nov. 3rd 2009"; - -// OpenSourceTreffen-Muenchen, 20.11.2009 -// $locid = 1260319; // Muenchen -// $city = "Muenchen - 20. Nov 2009"; - -// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009 -// $locid = 1486658; // Potsdam -// $eventname = "Brandenburger Linux-Infotag (BLIT2009)"; -// $city = "Potsdam - 21. Nov 2009"; - -// ATE-Goteborg, 16.12.2009 -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $eventname = "ATE-Goteborg"; -// $city = "Goteborg - Dec 16th 2009"; - -// Assurance Event Mission Hills CA, 15.01.2010 -// $locid = 2094781; // Mission Hills (Los Angeles), California, United States -// $eventname = "Assurance Event"; -// $city = "Mission Hills CA - Jan 15th 2010"; - -// Assurance Event OSD Copenhagen DK, 5.03.2010 -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "Assurance Event OpenSource-Days 2010"; -// $city = "Copenhagen DK - March 5th/6th 2010"; - -// SCALE 8x Los Angeles, CA, Feb 19-21 2010 -// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "SCALE 8x 2010"; -// $city = "Los Angeles, CA - February 19-21 2010"; - -// ATE Sydney, AU, Mar 24 2010 -// $locid = 2257312; // Sydney, New South Wales, Australia -// $eventname = "ATE-Sydney"; -// $city = "March 24, 2010"; - -// ATE Essen, DE, Sept 28 2010 -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Essen"; -// $city = "September 28, 2010"; - -// ATE Canberra, AU, Oct 12 2010 -// $locid = 2255408; // Canberra, Australian Capital Territory, Australia -// $eventname = "ATE-Canberra"; -// $city = "Tuesday 12th October"; - -// BLIT2010, 7. Brandenburger Linux-Infotag, 6.11.2010 -// $locid = 1486658; // Potsdam, Brandenburg, Germany -// $eventname = "7. Brandenburger Linux-Infotag (BLIT2010)"; -// $city = "Potsdam - 6. Nov 2010"; - -// LISA2010, Nov 7-12, 2010 -// $locid = 2096344; // San Jose (Santa Clara), California, United States -// $eventname = "LISA2010"; -// $city = "San Jose, CA - Nov 7-12, 2010"; - -// ATE Melbourne, AU, Dec 16 2010 - $locid = 2262656; // Melbourne, VIC, Australia - $eventname = "ATE-Melbourne"; - $city = "Thursday 16th December"; - - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - echo "invitation sent to $xrows recipients.\n"; -?> diff --git a/scripts/29au-ate-brisbane-email.txt b/scripts/29au-ate-brisbane-email.txt deleted file mode 100644 index 71ab3f0..0000000 --- a/scripts/29au-ate-brisbane-email.txt +++ /dev/null @@ -1,38 +0,0 @@ -CAcert Assurer Training Event -- Brisbane -:::::::::::::::::::::::::::::::::::::::::::::::::: - -Dear Member of the CAcert Community, - -Much has happened during recent years. The old way of orally-transmitted procedures has now gone, and our rules have been cast into formal policies. New procedures (e.g. the Assurer Challenge) and obligations (e.g. in the CAcert Community Agreement) have been approved. - -The Assurer Training Events bring all this to you, the Assurer, and the Community: - -- What do you have to add onto the CAP form if you assure minors ? -- What are the 2 essential CCA points you have to present an Assuree ? -- Who can access the Member's privacy information? - -Answers to these and many other questions typically faced by Assurers are given at the Assurer Training Events (ATEs). Bring your ID for assurances. Especially note that Tverify/Thawte people need to boost up their Assurance Points. - -ATE-Brisbane takes place at: -* Monday, 24th Jan, 2011 -* Z-Block in Queensland's University of Technology (QUT) Gardens Point Campus -* Registration is essential, otherwise you cannot get in! -* 14:20 - 17:30 - -Alternative time/location if you cannot make Monday Afternoon: -* Sunday 23rd Jan Evening -* The Marquis Brisbane, 103 George St. - -For Registration please reply: 'I will attend ATE-Brisbane' - -Don't forget your ID! - -We are looking forward to hearing from you. - - -- Best regards from the Event Team! - - -PS: Contact: events@cacert.org -Location, Transportation and other event details at -https://wiki.cacert.org/events/20110124Brisbane diff --git a/scripts/29au-ate-brisbane-mail.php.txt b/scripts/29au-ate-brisbane-mail.php.txt deleted file mode 100644 index dcb7ccd..0000000 --- a/scripts/29au-ate-brisbane-mail.php.txt +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("29au-ate-brisbane-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); - $maxdist = 100; - -// ATE Brisbane, AU, 24 Jan 2011 - $locid = 2258704; // Brisbane, QLD, Australia - $eventname = "ATE-Brisbane"; - $city = "Monday 24th January"; - - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/30de-ate-muenchen-email.txt b/scripts/30de-ate-muenchen-email.txt deleted file mode 100644 index ea30421..0000000 --- a/scripts/30de-ate-muenchen-email.txt +++ /dev/null @@ -1,46 +0,0 @@ -Das Thema "Sicherheit" war schon einige Male Gegenstand der Muenchner OpenSourceTreffen.
-
-So wurde im November 2009 eine Einfuehrung in die freie Certification Authority CAcert gegeben,
-gefolgt von einer Uebersicht in die Struktur der CAcert-Community im Maerz 2010.
-Im April 2010 gab es Informationen ueber den Aufbau eines sicheren privaten Netzes
-und im Mai 2010 hiess es Digitally Signing email - Why, how ?
-
-Jetzt ist ein gemeinsamer Workshop geplant, ein CAcert Assurer Training Event (ATE).
-
-Was ist ein ATE ?
-
-Ein ATE ist eine Veranstaltung zur Qualitaetssicherung des CAcert Web-of-Trusts, denn im Gegensatz zu vielen kommerziellen Zertifikats-Ausstellern findet bei CAcert keine zentralisierte Identitaetsueberpruefung beim Aussteller statt.
-
-Statt dessen gibt es ein Netzwerk aus Freiwilligen (Assurern), gegenueber denen sich ein Interessent (Assuree) ausweisen kann, um sich seine Identitaet bestaetigen zu lassen.
-Diese Bestaetigung ist Voraussetzung dafuer, dass sich der Interessent spaeter Zertifikate generieren lassen kann, die seinen Namen enthalten.
-
-Fuer das Web-of-Trust gibt es ein Regelwerk, CAcert Community Agreement (CCA), Assurance Policy und Assurance Handbook seien beispielhaft genannt.
-
-Das ATE schult die CAcert Assurer ueber Neuerungen im Regelwerk und hilft, Kenntnisse aufzufrischen:
-
-- Was hast du auf dem CAcert Assurance Program (CAP)-Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ?
-- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ?
-- Unter welchen Umstaenden koennen z.B. niederlaendische Rufnamen akzeptiert werden?
-
-Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung trainiert und auditiert, um die Qualitaet der Assurances in der taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, wie diese vermieden werden koennen.
-
-Das CAcert ATE ist geplant fuer den 2. April 2011.
-
-- Datum: Sonnabend, 2. April 2011
-- Zeit: 13:00 - ca. 17:00 Uhr
-- Ort:
-- Cafe Netzwerk
-- Luisenstr. 11
-- 80333 Muenchen
-- Telefon: (089) 54 83 27 00
-
-
-Weitere Details dazu findet man unter https://www.xing.com/events/assurer-training-event-718128
-sowie http://wiki.cacert.org/Events/2011-04-02-ATE-Munich .
-
-Teilnehmer Registrierung mit Rueckantwort: 'Ich moechte am ATE-Muenchen teilnehmen'
-
-Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
-
-Kontakt: events@cacert.org
-
diff --git a/scripts/30de-ate-muenchen-mail.php.txt b/scripts/30de-ate-muenchen-mail.php.txt deleted file mode 100644 index 3c9a4be..0000000 --- a/scripts/30de-ate-muenchen-mail.php.txt +++ /dev/null @@ -1,146 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("30de-ate-muenchen-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin - -// Software Freedom Day 19. Sept 2009 -// $locid = 715191; // Hamburg - -// LISA2009 Baltimore, 1.11.2009 -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States -// $city = "Baltimore, MD - Nov. 3rd 2009"; - -// OpenSourceTreffen-Muenchen, 20.11.2009 -// $locid = 1260319; // Muenchen -// $city = "Muenchen - 20. Nov 2009"; - -// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009 -// $locid = 1486658; // Potsdam -// $eventname = "Brandenburger Linux-Infotag (BLIT2009)"; -// $city = "Potsdam - 21. Nov 2009"; - -// ATE-Goteborg, 16.12.2009 -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $eventname = "ATE-Goteborg"; -// $city = "Goteborg - Dec 16th 2009"; - -// Assurance Event Mission Hills CA, 15.01.2010 -// $locid = 2094781; // Mission Hills (Los Angeles), California, United States -// $eventname = "Assurance Event"; -// $city = "Mission Hills CA - Jan 15th 2010"; - -// Assurance Event OSD Copenhagen DK, 5.03.2010 -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "Assurance Event OpenSource-Days 2010"; -// $city = "Copenhagen DK - March 5th/6th 2010"; - -// SCALE 8x Los Angeles, CA, Feb 19-21 2010 -// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "SCALE 8x 2010"; -// $city = "Los Angeles, CA - February 19-21 2010"; - -// ATE Sydney, AU, Mar 24 2010 -// $locid = 2257312; // Sydney, New South Wales, Australia -// $eventname = "ATE-Sydney"; -// $city = "March 24, 2010"; - -// ATE Essen, DE, Sept 28 2010 -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Essen"; -// $city = "September 28, 2010"; - -// ATE Aachen, DE, Oct 4th 2010 -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Aachen"; -// $city = "October 4th, 2010"; - -// ATE Muenchen, DE, Apr 2nd 2011 - $locid = 1260319; // Muenchen - $eventname = "ATE-Muenchen"; - $city = "2. April, 2011"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - echo "invitation sent to $xrows recipients.\n"; -?> diff --git a/scripts/31de-lt2011-berlin-email.txt b/scripts/31de-lt2011-berlin-email.txt deleted file mode 100644 index 85b0ff5..0000000 --- a/scripts/31de-lt2011-berlin-email.txt +++ /dev/null @@ -1,20 +0,0 @@ -Hallo CAcert Assurers, - -Der diesjaehrige Linuxtag hat begonnen. - -Leider ohne CAcert Teilnahme mit einem leeren Stand .... - -Wir suchen noch haenderingend Assurer rund um Berlin die Donnerstag und Freitag noch auf dem Stand aushelfen koennen. - -Der Stand ist in bester Lage (Mozilla hatte abgesagt, und wir haben deren Stand bekommen). Der leere Stand wirft natuerlich kein gutes Licht auf CAcert. - -Aus dem Grund benoetigen wir jede Hilfe, die wir noch bekommen koennen. Auch wenn es vielleicht nur fuer einen halben Tag ist. - -Bis zu 7 Karten koennen wir noch zur Verfuegung stellen, sofern ihr eure Mithilfe angebietet. - -Hierzu eine kurze Rueckantwort an events@cacert.org - -Vielen Dank fuer Eure Unterstuetzung im Vorraus. - - -Kontakt: events@cacert.org diff --git a/scripts/31de-lt2011-berlin-mail.php.txt b/scripts/31de-lt2011-berlin-mail.php.txt deleted file mode 100644 index 96a6241..0000000 --- a/scripts/31de-lt2011-berlin-mail.php.txt +++ /dev/null @@ -1,152 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("31de-lt2011-berlin-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - $maxdist = 50; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin - -// Software Freedom Day 19. Sept 2009 -// $locid = 715191; // Hamburg - -// LISA2009 Baltimore, 1.11.2009 -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States -// $city = "Baltimore, MD - Nov. 3rd 2009"; - -// OpenSourceTreffen-Muenchen, 20.11.2009 -// $locid = 1260319; // Muenchen -// $city = "Muenchen - 20. Nov 2009"; - -// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009 -// $locid = 1486658; // Potsdam -// $eventname = "Brandenburger Linux-Infotag (BLIT2009)"; -// $city = "Potsdam - 21. Nov 2009"; - -// ATE-Goteborg, 16.12.2009 -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $eventname = "ATE-Goteborg"; -// $city = "Goteborg - Dec 16th 2009"; - -// Assurance Event Mission Hills CA, 15.01.2010 -// $locid = 2094781; // Mission Hills (Los Angeles), California, United States -// $eventname = "Assurance Event"; -// $city = "Mission Hills CA - Jan 15th 2010"; - -// Assurance Event OSD Copenhagen DK, 5.03.2010 -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "Assurance Event OpenSource-Days 2010"; -// $city = "Copenhagen DK - March 5th/6th 2010"; - -// SCALE 8x Los Angeles, CA, Feb 19-21 2010 -// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "SCALE 8x 2010"; -// $city = "Los Angeles, CA - February 19-21 2010"; - -// ATE Sydney, AU, Mar 24 2010 -// $locid = 2257312; // Sydney, New South Wales, Australia -// $eventname = "ATE-Sydney"; -// $city = "March 24, 2010"; - -// ATE Essen, DE, Sept 28 2010 -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Essen"; -// $city = "September 28, 2010"; - -// ATE Aachen, DE, Oct 4th 2010 -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Aachen"; -// $city = "October 4th, 2010"; - -// ATE Muenchen, DE, Apr 2nd 2011 -// $locid = 1260319; // Muenchen -// $eventname = "ATE-Muenchen"; -// $city = "2. April, 2011"; - - -// Linuxtag, Berlin, May 11, 2011, - $locid = 228950; // Berlin - $eventname = "Linuxtag Berlin"; - $city = "11.-14. Mai, 2011"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - echo "invitation sent to $xrows recipients.\n"; -?> diff --git a/scripts/32de-ate-bonn-email.txt b/scripts/32de-ate-bonn-email.txt deleted file mode 100644 index 5c830a6..0000000 --- a/scripts/32de-ate-bonn-email.txt +++ /dev/null @@ -1,38 +0,0 @@ -Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen: - -Ein ATE ist eine Veranstaltung zur Qualitaetssicherung des CAcert Web-of-Trusts, denn im Gegensatz zu vielen kommerziellen Zertifikats-Ausstellern findet bei CAcert keine zentralisierte Identitaetsueberpruefung beim Aussteller statt. - -Statt dessen gibt es ein Netzwerk aus Freiwilligen (Assurern), gegenueber denen sich ein Interessent (Assuree) ausweisen kann, um sich seine Identitaet bestaetigen zu lassen. -Diese Bestaetigung ist Voraussetzung dafuer, dass sich der Interessent spaeter Zertifikate generieren lassen kann, die seinen Namen enthalten. - -Fuer das Web-of-Trust gibt es ein Regelwerk, CAcert Community Agreement (CCA), Assurance Policy und Assurance Handbook seien beispielhaft genannt. - -Das ATE schult die CAcert Assurer ueber Neuerungen im Regelwerk und hilft, Kenntnisse aufzufrischen: - -- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ? -- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ? -- Unter welchen Umstaenden koennen z.Bsp. niederlaendische Rufnamen akzeptiert werden? - -Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs). - -Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung trainiert und auditiert, um die Qualitaet der Assurances in der taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, wie diese vermieden werden koennen. - -As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers, and include parts which contribute directly to our audit. Come and find out how you can also contribute. - -Die kommende Veranstaltung in deiner Naehe findet statt am: - -- Mittwoch den 08. Juni 2011 -- in der Zeit von: 19:00 - ca. 22:00 Uhr -- im Jugendzentrum St. Martin -- Heilsbachstr. 4 -- 53123 Bonn - -Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im -Wiki [http://wiki.cacert.org/Events/2011-06-08-ATE-Bonn] -Blog [http://blog.cacert.org/2011/05/514.html] - -Teilnehmer Registrierung mit Rueckantwort: 'Ich moechte am ATE-Bonn teilnehmen' - -Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme. - -Kontakt: events@cacert.org diff --git a/scripts/32de-ate-bonn-mail.php.txt b/scripts/32de-ate-bonn-mail.php.txt deleted file mode 100644 index ea8c579..0000000 --- a/scripts/32de-ate-bonn-mail.php.txt +++ /dev/null @@ -1,151 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("32de-ate-bonn-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin - -// Software Freedom Day 19. Sept 2009 -// $locid = 715191; // Hamburg - -// LISA2009 Baltimore, 1.11.2009 -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States -// $city = "Baltimore, MD - Nov. 3rd 2009"; - -// OpenSourceTreffen-Muenchen, 20.11.2009 -// $locid = 1260319; // Muenchen -// $city = "Muenchen - 20. Nov 2009"; - -// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009 -// $locid = 1486658; // Potsdam -// $eventname = "Brandenburger Linux-Infotag (BLIT2009)"; -// $city = "Potsdam - 21. Nov 2009"; - -// ATE-Goteborg, 16.12.2009 -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $eventname = "ATE-Goteborg"; -// $city = "Goteborg - Dec 16th 2009"; - -// Assurance Event Mission Hills CA, 15.01.2010 -// $locid = 2094781; // Mission Hills (Los Angeles), California, United States -// $eventname = "Assurance Event"; -// $city = "Mission Hills CA - Jan 15th 2010"; - -// Assurance Event OSD Copenhagen DK, 5.03.2010 -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "Assurance Event OpenSource-Days 2010"; -// $city = "Copenhagen DK - March 5th/6th 2010"; - -// SCALE 8x Los Angeles, CA, Feb 19-21 2010 -// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark -// $eventname = "SCALE 8x 2010"; -// $city = "Los Angeles, CA - February 19-21 2010"; - -// ATE Sydney, AU, Mar 24 2010 -// $locid = 2257312; // Sydney, New South Wales, Australia -// $eventname = "ATE-Sydney"; -// $city = "March 24, 2010"; - -// ATE Essen, DE, Sept 28 2010 -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Essen"; -// $city = "September 28, 2010"; - -// ATE Aachen, DE, Oct 4th 2010 -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Aachen"; -// $city = "October 4th, 2010"; - -// ATE Muenchen, DE, Apr 2nd 2011 -// $locid = 1260319; // Muenchen -// $eventname = "ATE-Muenchen"; -// $city = "2. April, 2011"; - -// ATE Bonn, DE, Jun 8th 2011 - $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany - $eventname = "ATE-Bonn"; - $city = "8. Juni, 2011"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/33us-ate-wdc-email.txt b/scripts/33us-ate-wdc-email.txt deleted file mode 100644 index 6547347..0000000 --- a/scripts/33us-ate-wdc-email.txt +++ /dev/null @@ -1,40 +0,0 @@ -CAcert Assurer Training Event -- Washington DC / Chantilly -:::::::::::::::::::::::::::::::::::::::::::::::::: - -Dear Member of the CAcert Community, - -Much has happened during recent years. The old way of orally-transmitted -procedures has now gone, and our rules have been cast into formal -policies. New procedures (e.g. the Assurer Challenge) and obligations -(e.g. in the CAcert Community Agreement) have been approved. - -The Assurer Training Events bring all this to you, the Assurer, and the -Community: - -- What do you have to add onto the CAP form if you assure minors ? -- What are the 2 essential CCA points you have to present an Assuree ? -- Who can access the Member's privacy information? - -Answers to these and many other questions typically faced by Assurers -are given at the Assurer Training Events (ATEs). Bring your ID for -assurances. Especially note that Tverify/Thawte people need to boost up -their Assurance Points. - -ATE-WDC takes place at: -* Saturday, June 18th, 2011 -* Eggspectations Restaurant, Westone Plaza, Chantilly VA. -* 12:00 - 16:30 - -For Registration please reply: 'I will attend ATE-Washington' - -Don't forget your ID! - -We are looking forward to hearing from you. - - -- Best regards from the Event Team! - - -PS: Contact: events@cacert.org -Location, Transportation and other event details at -[https://wiki.cacert.org/Events/20110618ATE-WashingtonDC] diff --git a/scripts/33us-ate-wdc-mail.php.txt b/scripts/33us-ate-wdc-mail.php.txt deleted file mode 100644 index 117fadb..0000000 --- a/scripts/33us-ate-wdc-mail.php.txt +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("33us-ate-wdc-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US -// $locid = 1486658; // Potsdam -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $locid = 2094781; // Mission Hills (Los Angeles), California, US -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $locid = 2257312; // Sydney, New South Wales, Australia -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany - -// ATE Bonn, DE, Jun 8th 2011 -// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Bonn"; -// $city = "8. Juni, 2011"; - -// ATE Washington DC, US, Jun 18th 2011 - $locid = 2102723; // Washington (District of Columbia, ..., US - $eventname = "ATE-Washington-DC"; - $city = "June 18th, 2011"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/34us-ate-wdc-email.txt b/scripts/34us-ate-wdc-email.txt deleted file mode 100644 index 7735ed8..0000000 --- a/scripts/34us-ate-wdc-email.txt +++ /dev/null @@ -1,21 +0,0 @@ -Dear Member of the CAcert Community,
-
-Just a quick final reminder that we will hold an ATE - Assurer Training Event - in Chantilly, VA this coming Saturday, 12:00.
-
-It's a lunch time event in a private room, so come hungry to the Eggspectations Restaurant in Westone Plaza.
-
-Assurers and prospective Assurers are the intended audience. We also invite those who just want the chance to get assured. (Note that old Tverify / Thawte points are gone, and if you haven't done our fabulously entertaining *Assurer Challenge* you are not an Assurer anymore.)
-
-Bring your ID documents and some CAP forms!
-
-- Best regards from the Event Team!
-
-ATE-WDC takes place at:
-* Saturday, June 18th, 2011
-* Eggspectations Restaurant, Westone Plaza, Chantilly VA.
-* 12:00 - 16:30
-* more: [http://wiki.cacert.org/Events/20110618ATE-WashingtonDC]
-
-For Registration please reply: 'I will attend ATE-Washington'
-
-Contact: events@cacert.org
diff --git a/scripts/34us-ate-wdc-mail.php.txt b/scripts/34us-ate-wdc-mail.php.txt deleted file mode 100644 index 6478d45..0000000 --- a/scripts/34us-ate-wdc-mail.php.txt +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("34us-ate-wdc-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US -// $locid = 1486658; // Potsdam -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $locid = 2094781; // Mission Hills (Los Angeles), California, US -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $locid = 2257312; // Sydney, New South Wales, Australia -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany - -// ATE Bonn, DE, Jun 8th 2011 -// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany -// $eventname = "ATE-Bonn"; -// $city = "8. Juni, 2011"; - -// ATE Washington DC, US, Jun 18th 2011 - $locid = 2102723; // Washington (District of Columbia, ..., US - $eventname = "ATE-Washington-DC getting closer"; - $city = "June 18th, 2011"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/35us-ate-ny-email.txt b/scripts/35us-ate-ny-email.txt deleted file mode 100644 index 7ee95bf..0000000 --- a/scripts/35us-ate-ny-email.txt +++ /dev/null @@ -1,22 +0,0 @@ -Dear Member of the CAcert Community,
-
-We have a possibility to run an Assurer Training Event in New York in the period June 20th to 26. One of our co-auditor-presenters is in Washington DC for the ATE on the 18th, and is willing to make the trip.
-
- - Can you help? Can you attend?
-
-If you are interested in attending, please reply to this email with "I want to attend an ATE in New York, I prefer XXXXX dates."
-
-*If you can help then please contact us*. We need some combination of these things:
-
- * on-ground contact person
- * venue good for everyone to get to, about 3 hours access
- * accomodation
-
-To read more about our popular tour of ATEs:
- * https://wiki.cacert.org/ATE
- * https://wiki.cacert.org/Events/20110618ATE-WashingtonDC
-
-- Best regards from the Event Team!
-
-
-PS: Contact: events@cacert.org
diff --git a/scripts/35us-ate-ny-mail.php.txt b/scripts/35us-ate-ny-mail.php.txt deleted file mode 100644 index 01b2d5d..0000000 --- a/scripts/35us-ate-ny-mail.php.txt +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("35us-ate-ny-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US -// $locid = 1486658; // Potsdam -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $locid = 2094781; // Mission Hills (Los Angeles), California, US -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $locid = 2257312; // Sydney, New South Wales, Australia -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany -// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany - -// ATE Washington DC, US, Jun 18th 2011 -// $locid = 2102723; // Washington (District of Columbia, ..., US -// $eventname = "ATE-Washington-DC getting closer"; -// $city = "June 18th, 2011"; - -// ATE Washington DC, US, Jun 18th 2011 - $locid = 2177566; // New York (Bronx), New York, United States - $eventname = "ATE-New York"; - $city = "period June 20th to 26, 2011"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/36us-ate-ny-email.txt b/scripts/36us-ate-ny-email.txt deleted file mode 100644 index 6cd1ef1..0000000 --- a/scripts/36us-ate-ny-email.txt +++ /dev/null @@ -1,34 +0,0 @@ -CAcert Assurer Training Event -- New York / Rutgers / Piscataway, NJ
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Dear Member of the CAcert Community,
-
-Much has happened during recent years. The old way of orally-transmitted procedures has now gone, and our rules have been cast into formal policies. New procedures (e.g. the Assurer Challenge) and obligations (e.g. in the CAcert Community Agreement) have been approved.
-
-The Assurer Training Events bring all this to you, the Assurer, and the Community:
-
-- What do you have to add onto the CAP form if you assure minors ?
-- What are the 2 essential CCA points you have to present an Assuree ?
-- Who can access the Member's privacy information?
-
-Answers to these and many other questions typically faced by Assurers are given at the Assurer Training Events (ATEs). Bring your ID for assurances. Especially note that Tverify/Thawte people need to boost up their Assurance Points.
-
-ATE-NY takes place at:
-* Monday, June 20th, 2011
-* Rutgers Department of Computer Science, Piscataway, NJ
-* 1pm - 4pm
-
-For Registration please reply: 'I will attend ATE-NY'
-
-Don't forget your ID!
-
-We are looking forward to hearing from you.
-
-
-- Best regards from the Event Team!
-
-
-PS: Contact: events@cacert.org
-Location, Transportation and other event details at
-[https://wiki.cacert.org/Events/20110620ATE-NewYork]
-
diff --git a/scripts/36us-ate-ny-mail.php.txt b/scripts/36us-ate-ny-mail.php.txt deleted file mode 100644 index 1f75bb1..0000000 --- a/scripts/36us-ate-ny-mail.php.txt +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("36us-ate-ny-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US -// $locid = 1486658; // Potsdam -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $locid = 2094781; // Mission Hills (Los Angeles), California, US -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $locid = 2257312; // Sydney, New South Wales, Australia -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany -// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany - -// ATE Washington DC, US, Jun 18th 2011 -// $locid = 2102723; // Washington (District of Columbia, ..., US -// $eventname = "ATE-Washington-DC getting closer"; -// $city = "June 18th, 2011"; - -// ATE Washington DC, US, Jun 18th 2011 - $locid = 2177566; // New York (Bronx), New York, United States - $eventname = "ATE-New York / Rutgers / Piscataway, NJ"; - $city = "June 20th, 2011"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/37de-blit2011-email.txt b/scripts/37de-blit2011-email.txt deleted file mode 100644 index 365bd5b..0000000 --- a/scripts/37de-blit2011-email.txt +++ /dev/null @@ -1,18 +0,0 @@ -8. Brandenburger Linux-Infotag 2011 -- Helfer Gesucht -::::::::::::::::::::::::::::::::::::::::::::::::::::: - -Hallo CAcerties, - -am Samstag, dem 5. November 2011 moechte sich CAcert mit einem Stand auf dem 8. Brandenburger Linux-Infotag 2011 (Motto: "Freie Gedanken - Freie Systeme") praesentieren. Hierzu wurde nun im Wiki eine Organisationsseite eingerichtet, auf der Ihr Euch als Helfer eintragen koennt - http://wiki.cacert.org/events/BLIT2011 -Sofern Ihr aus Berlin, Potsdam sowie Umgebung oder von woanders kommt und Zeit wie auch Lust habt, dann tragt Euch bitte, gerne auch nur fuer einen -bestimmten Zeitraum, ein. Wer in den vergangenen Jahren dabei war, weiss vieviel Spass es allen gemacht hat! - -Auf der Veranstaltung sind Professoren, wissenschaftliche Mitarbeiter und in jedem Fall viele Studenten zu erwarten. Es waere daher super, wenn wir dort moeglichst viele von CAcert ueberzeugen koennen, um dort eine neue Keimzelle entstehen lassen zu koennen. Daher benoetigen wir mindestens drei Assurer, um 100 Punkte vergeben zu koennen. - -Wir freuen uns auf Eure Mithilfe. - - -Wiki Organisationsseite: [http://wiki.cacert.org/events/BLIT2011] - -Kontakt: events@cacert.org diff --git a/scripts/37de-blit2011-mail.php.txt b/scripts/37de-blit2011-mail.php.txt deleted file mode 100644 index e0ecead..0000000 --- a/scripts/37de-blit2011-mail.php.txt +++ /dev/null @@ -1,106 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("37de-blit2011-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US -// $locid = 1486658; // Potsdam -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $locid = 2094781; // Mission Hills (Los Angeles), California, US -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $locid = 2257312; // Sydney, New South Wales, Australia -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany -// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany -// $locid = 2102723; // Washington (District of Columbia, ..., US -// $locid = 2177566; // New York (Bronx), New York, United States - -// BLIT2011 - $locid = 1486658; // Potsdam - $eventname = "8. Brandenburger Linux-Infotag 2011 - Potsdam"; - $city = "5. Nov 2011"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/38us-fudcon2012-email.txt b/scripts/38us-fudcon2012-email.txt deleted file mode 100644 index afb3387..0000000 --- a/scripts/38us-fudcon2012-email.txt +++ /dev/null @@ -1,17 +0,0 @@ -Hi, - -I'm a Fedora developer and sysadmin (and a CAcert Assurer), and am going to be attending the Fedora Users and Developers Conference which will be held at Virginia Tech from January 13 - 15, 2012. - -We have a GPG/PGP keysigning party planned, and I'm interested in getting some people together to offer CAcert assurances. This is especially important since CAcert will be removing all points formerly obtained by Thawte Point Transfer very soon. - -Would you be interested in helping with a CAcert assurance event at FUDCon? I'm not sure of the date yet, but it would be somewhere between the 13th and 15th. - -Please contact me at either nb@fedoraproject.org or nb@cacert.org if you might be interested in helping with this. - -Nick - -Further infos: - * [https://wiki.cacert.org/Events/FUDConBlacksburg] CAcert organizing wiki page - * [http://fedoraproject.org/wiki/FUDCon:Blacksburg_2012] has more information about FUDCon. - -Contact: events@cacert.org diff --git a/scripts/38us-fudcon2012-mail.php.txt b/scripts/38us-fudcon2012-mail.php.txt deleted file mode 100644 index d90f5a2..0000000 --- a/scripts/38us-fudcon2012-mail.php.txt +++ /dev/null @@ -1,107 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("38us-fudcon2012-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - $maxdist = 250; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US -// $locid = 1486658; // Potsdam -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $locid = 2094781; // Mission Hills (Los Angeles), California, US -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $locid = 2257312; // Sydney, New South Wales, Australia -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany -// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany -// $locid = 2102723; // Washington (District of Columbia, ..., US -// $locid = 2177566; // New York (Bronx), New York, United States -// $locid = 1486658; // Potsdam BLIT2011 - -// FUDcon 2012 - $locid = 2237836; // Blacksburg (Montgomery), Virginia, United States - $eventname = "FUDCon 2012"; - $city = "Blacksburg, VA"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/39uk-ate-manchester-email.txt b/scripts/39uk-ate-manchester-email.txt deleted file mode 100644 index 6c709bf..0000000 --- a/scripts/39uk-ate-manchester-email.txt +++ /dev/null @@ -1,40 +0,0 @@ -CAcert Assurer Training Event -- Crewe/Manchester, UK -::::::::::::::::::::::::::::::::::::::::::::::::::::: - -Dear Member of the CAcert Community, - -Much has happened during recent years. The old way of orally-transmitted procedures has now gone, and our rules have been cast into formal policies. New procedures (e.g. the Assurer Challenge) and obligations (e.g. in the CAcert Community Agreement) have been approved. - -The Assurer Training Events bring all this to you, the Assurer, and the Community: - -- What is the difference in Thawte notary and CAcert Assurance? -- What do you have to add onto the CAP form if you assure minors? -- What are the 2 essential CCA points you have to present an Assuree? -- Who can access the Member's privacy information? - -Answers to these and many other questions typically faced by Assurers are given at the Assurer Training Events (ATEs). Bring your ID for assurances. Especially note that Tverify/Thawte people need to boost up their Assurance Points. - -ATE-Manchester takes place at: -* Saturday, January 14th, 2012 -* The Venue -* Belong Village -* Brookhouse Drive -* Crewe -* Cheshire CW2 6NA -* 11:30am - 3pm - -The venue is near to and easily accessible from the train station (Crewe is a major rail junction within 3-4 hours of most of the major cities!) - -For Registration please reply: 'I will attend ATE-Manchester' - -Don't forget your ID! - -We are looking forward to hearing from you. - - -- Best regards from the Event Team! - - -PS: Contact: events@cacert.org -Location, Transportation and other event details at -[https://wiki.cacert.org/Events/20120114ATE-Manchester] diff --git a/scripts/39uk-ate-manchester-mail.php.txt b/scripts/39uk-ate-manchester-mail.php.txt deleted file mode 100644 index 5c5d0d9..0000000 --- a/scripts/39uk-ate-manchester-mail.php.txt +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("39uk-ate-manchester-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - changed to 350 to include glasgow + london - $maxdist = 350; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US -// $locid = 1486658; // Potsdam -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $locid = 2094781; // Mission Hills (Los Angeles), California, US -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $locid = 2257312; // Sydney, New South Wales, Australia -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany -// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany -// $locid = 2102723; // Washington (District of Columbia, ..., US -// $locid = 2177566; // New York (Bronx), New York, United States -// $locid = 1486658; // Potsdam BLIT2011 -// $locid = 2237836; // Blacksburg (Montgomery), Virginia, United States - -// ATE Manchester 2012 - $locid = 1161640; // Manchester, Manchester, United Kingdom - $eventname = "ATE-Manchester"; - $city = "Manchester/Crewe UK"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/40de-ate-hamburg-email.txt b/scripts/40de-ate-hamburg-email.txt deleted file mode 100644 index ddf7c0f..0000000 --- a/scripts/40de-ate-hamburg-email.txt +++ /dev/null @@ -1,66 +0,0 @@ -CAcert Assurer Training Event Hamburg [Deutsch] -:::::::::::::::::::::::::::::::::::::::::::::::::: - -Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen: - -- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ? -- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ? -- Unter welchen Umstaenden koennen z.Bsp. niederlaendische Rufnamen akzeptiert werden? - -Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs). - -Die kommende Veranstaltung in deiner Naehe findet statt am: - -Dienstag den 14. Februar 2012, 19:00 - 22:00 - -Attraktor e.V. -Mexikoring 21 -22297 Hamburg - -Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme. - -Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im -Wiki [https://wiki.cacert.org/events/20120214-ATE-Hamburg-3] -Blog [http://blog.cacert.org/2012/02/547.html] - - - -Unverbindliche Anmeldung und Registrierung: -Rueckantwort mit 'Ich moechte teilnehmen: ATE-Hamburg' - -Kontakt: events@cacert.org - - -CAcert Assurer Training Event Hamburg [English] -:::::::::::::::::::::::::::::::::::::::::::::::::: - -Much has happened during the past 3 years. The old way of -orally-transmitted procedures has now gone, and our rules have been cast -into formal policies. New procedures (e.g. the Assurer Challenge) and -obligations (e.g. in the CAcert Community Agreement) have been approved. -The Assurer Training Events bring all this to you, the Community: - -- What you have to add onto the CAP form if you assure U18 people ? -- What are the 2 essential topics regarding CCA you have to present an Assuree ? -- When you can accept i.e. a Dutch "roepnaam" ? - -Answers to these and many other questions are given at the Assurer -Training Events (ATEs). - -ATE-Hamburg takes place on: -Tuesday, Feb 14, 2012, 19:00 - 22:00 - -Attraktor e.V. -Mexikoring 21 -22297 Hamburg - -The Event-Team is looking forward to hearing from you. - -Details on Location and Transportation you will find under -Wiki [https://wiki.cacert.org/events/20120214-ATE-Hamburg-3] -Blog [http://blog.cacert.org/2012/02/547.html] - -Registration for ATE-Hamburg: please reply -'I will attend: ATE-Hamburg' - -Contact: events@cacert.org diff --git a/scripts/40de-ate-hamburg-mail.php.txt b/scripts/40de-ate-hamburg-mail.php.txt deleted file mode 100644 index 54ec1b8..0000000 --- a/scripts/40de-ate-hamburg-mail.php.txt +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("40de-ate-hamburg-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - changed to 350 to include glasgow + london - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US -// $locid = 1486658; // Potsdam -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $locid = 2094781; // Mission Hills (Los Angeles), California, US -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $locid = 2257312; // Sydney, New South Wales, Australia -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany -// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany -// $locid = 2102723; // Washington (District of Columbia, ..., US -// $locid = 2177566; // New York (Bronx), New York, United States -// $locid = 1486658; // Potsdam BLIT2011 -// $locid = 2237836; // Blacksburg (Montgomery), Virginia, United States - -// ATE Manchester 2012 -// $locid = 1161640; // Manchester, Manchester, United Kingdom -// $eventname = "ATE-Manchester"; -// $city = "Manchester/Crewe UK"; - -// ATE Hamburg, DE, Feb 14 2012 - $locid = 715191; // Hamburg - $eventname = "ATE-Hamburg"; - $city = "Feb 14, 2012"; - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/41de-ate-jena-email.txt b/scripts/41de-ate-jena-email.txt deleted file mode 100644 index f70dc85..0000000 --- a/scripts/41de-ate-jena-email.txt +++ /dev/null @@ -1,33 +0,0 @@ -CAcert Assurer Training Event Jena [Deutsch] -:::::::::::::::::::::::::::::::::::::::::::: - -Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen: - -- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ? -- Warum solltest du dir R/L/O einpraegen ? -- Wie verhaelst du dich, wenn du ein fremdes Ausweis Dokument das erste mal pruefst ? - -Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs). - -Die kommende Veranstaltung in deiner Naehe findet statt am: - -Donnerstag den 29. Maerz 2012, 19:00 - 22:00 - -Adresse: Am Johannisfriedhof 2, Jena -Gebaeude: Universitaetsrechenzentrum der Friedrich-Schiller-Universitaet Jena -OSM: [http://osm.org/go/0MAe9XhNp-] -Webseite: [http://www.uni-jena.de/URZ.html] - - -Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme. - -Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im -Wiki [https://wiki.cacert.org/Events/2012-03-29ATE-Jena] -Blog [http://blog.cacert.org/2012/03/550.html] - - - -Unverbindliche Anmeldung und Registrierung: -Rueckantwort mit 'Ich moechte teilnehmen: ATE-Jena' - -Kontakt: events@cacert.org diff --git a/scripts/41de-ate-jena-mail.php.txt b/scripts/41de-ate-jena-mail.php.txt deleted file mode 100644 index 5691f63..0000000 --- a/scripts/41de-ate-jena-mail.php.txt +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("41de-ate-jena-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - changed to 350 to include glasgow + london - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US -// $locid = 1486658; // Potsdam -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $locid = 2094781; // Mission Hills (Los Angeles), California, US -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $locid = 2257312; // Sydney, New South Wales, Australia -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany -// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany -// $locid = 2102723; // Washington (District of Columbia, ..., US -// $locid = 2177566; // New York (Bronx), New York, United States -// $locid = 1486658; // Potsdam BLIT2011 -// $locid = 2237836; // Blacksburg (Montgomery), Virginia, United States -// $locid = 1161640; // Manchester, Manchester, United Kingdom - -// ATE Jena, DE, Mar 29 2012 - $locid = 803095; // Jena, Thueringen, Germany - $eventname = "ATE-Jena"; - $city = "Mar 29, 2012"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/42de-ate-leipzig-email.txt b/scripts/42de-ate-leipzig-email.txt deleted file mode 100644 index ea08a75..0000000 --- a/scripts/42de-ate-leipzig-email.txt +++ /dev/null @@ -1,39 +0,0 @@ -CAcert Assurer Training Event Leipzig -:::::::::::::::::::::::::::::::::::::::::::::::::: - -Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen: - -- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ? -- Warum solltest du dir R/L/O einpraegen ? -- Wie verhaelst du dich, wenn du ein fremdes Ausweis Dokument das erste mal pruefst ? - -Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs). - -Die kommende Veranstaltung in deiner Naehe findet statt am: - -Dienstag den 10. April 2012, 19:00 - 22:00 -(Dienstag nach Ostern) - -Adresse: - Universtität Leipzig / Institut für Informatik - Johannisgasse 26 / Raum 1-40 - 04103 Leipzig -Webseite: - [http://www.informatik.uni-leipzig.de/ifi/] -Lageplan: - [http://www.fmi.uni-leipzig.de/cms/service/lageplan.html] - - - -Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme. - -Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im -Wiki [https://wiki.cacert.org/Events/2012-04-10ATE-Leipzig] -Blog [http://blog.cacert.org/2012/03/555.html] - - - -Unverbindliche Anmeldung und Registrierung: -Rueckantwort mit 'Ich moechte teilnehmen: ATE-Leipzig' - -Kontakt: events@cacert.org diff --git a/scripts/42de-ate-leipzig-mail.php.txt b/scripts/42de-ate-leipzig-mail.php.txt deleted file mode 100644 index d0c02b7..0000000 --- a/scripts/42de-ate-leipzig-mail.php.txt +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/php -q -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2009 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - include_once("../includes/mysql.php"); - - $lines = ""; - $fp = fopen("42de-ate-leipzig-email.txt", "r"); - while(!feof($fp)) - { - $line = trim(fgets($fp, 4096)); - $lines .= wordwrap($line, 75, "\n")."\n"; - } - fclose($fp); - - -// $locid = intval($_REQUEST['location']); -// $maxdist = intval($_REQUEST['maxdist']); -// maxdist in [Km] - changed to 350 to include glasgow + london - $maxdist = 200; - - -// location location.ID -// verified: 29.4.09 u.schroeter -// $locid = 7902857; // Paris -// $locid = 238568; // Bielefeld -// $locid = 715191; // Hamburg -// $locid = 1102495; // London -// $locid = 520340; // Duesseldorf -// $locid = 1260319; // Muenchen -// $locid = 606058; // Frankfurt -// $locid = 1775784; // Stuttgart -// $locid = 228950; // Berlin -// $locid = 606058; // Frankfurt -// $locid = 599389; // Flensburg -// $locid = 61065; // Amsterdam, Eemnes -// $locid = 228950; // Berlin -// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US -// $locid = 1486658; // Potsdam -// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden -// $locid = 2094781; // Mission Hills (Los Angeles), California, US -// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark -// $locid = 2257312; // Sydney, New South Wales, Australia -// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany -// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany -// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany -// $locid = 2102723; // Washington (District of Columbia, ..., US -// $locid = 2177566; // New York (Bronx), New York, United States -// $locid = 1486658; // Potsdam BLIT2011 -// $locid = 2237836; // Blacksburg (Montgomery), Virginia, United States -// $locid = 1161640; // Manchester, Manchester, United Kingdom - -// ATE Jena, DE, Mar 29 2012 -// $locid = 803095; // Jena, Thueringen, Germany -// $eventname = "ATE-Jena"; -// $city = "Mar 29, 2012"; - -// ATE Leipzig, DE, Apr 10 2012 - $locid = 1067965; // Leipzig, Sachsen, Germany - $eventname = "ATE-Leipzig"; - $city = "Apr 10, 2012"; - - - $query = "select * from `locations` where `id`='$locid'"; - $loc = mysql_fetch_assoc(mysql_query($query)); - - $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + - (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * - COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* - FROM `locations` - inner join `users` on `users`.`locid` = `locations`.`id` - inner join `alerts` on `users`.`id`=`alerts`.`memid` - inner join `notary` on `users`.`id`=`notary`.`to` - WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) - GROUP BY `users`.`id` - HAVING `distance` <= '$maxdist' - ORDER BY `distance` "; - echo $query; - - // comment next line when starting to send mail not only to me - // $query = "select * from `users` where `email` like 'cacerttest%'"; - - $res = mysql_query($query); - $xrows = mysql_num_rows($res); - - while($row = mysql_fetch_assoc($res)) - { - // uncomment next line to send mails ... - sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - } - // 1x cc to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - // 1x mailing report to events.cacert.org - sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - - // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 - sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); - echo "invitation sent to $xrows recipients.\n"; - -?> diff --git a/scripts/43de-ate-karlsruhe-email.txt b/scripts/43de-ate-karlsruhe-email.txt deleted file mode 100644 index 26af21c..0000000 --- a/scripts/43de-ate-karlsruhe-email.txt +++ /dev/null @@ -1,103 +0,0 @@ -[Deutsch]
-
-Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher
-eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen.
-Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen:
-
-- Welcher Satz fehlt auf alten CAP Formularen?
-- Warum soll ich mir R/L/O einpraegen?
-- Wie verhaelst du dich, wenn du ein fremdes Ausweis Dokument das erste mal pruefst?
-
-Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs).
-
-Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung trainiert und auditiert, um die Qualitaet der Assurances in der taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, wie diese vermieden werden koennen.
-
-As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers, and include parts which contribute directly to our audit. Come and find out how you can also contribute.
-
-Die kommende Veranstaltung in deiner Naehe findet statt am:
-
-- Dienstag, den 15. Mai 2012
-- in der Zeit von: 19:00 - ca. 22:00 Uhr
-- Raum: New York
-- im FZI Forschungszentrum Informatik
-- Haid-und-Neu-Str. 10-14
-- 76131 Karlsruhe
-
-Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
-Wiki [http://wiki.cacert.org/Events/2012-05-15ATE-Karlsruhe]
-Blog [http://blog.cacert.org/2012/04/559.html]
-
-Teilnehmer Registrierung mit Rueckantwort:
- 'Ich moechte am ATE-Karlsruhe teilnehmen'
-
-Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
-
-Kontakt: events@cacert.org
-
-
-[French]
-
-Bon nombre de changements ont eu lieu au cours de la derniere annee au sein de CAcert. Beaucoup de regles "orales" ont ete transformees en reglements ("Policies"). De nouvelles procedures (par exemple le Challenge Assureur) et devoirs (par exemple le CAcert Community Agreement) ont ete activees. Les Assurer Training Events essaient de propager ces informations :
-
-- Que manque-t-il sur les "anciens" formulaires CAP ?
-- Pourquoi dois-je me souvenir de R/L/O ?
-- Que faire si une personne vous montre un document d'identite qui vous est inconnu ?
-
-Durant les Assurer Training Events (ATEs) vous recevrez les reponses a ces questions et a plein d'autres.
-
-De plus, les ATE vous permettent de vous entrainer a verifier les identites. Ceci sera audite afin de mesurer la qualite des assurances effectuees dans la routine quotidienne. On essaiera de vous induire en erreur. Vous aurez ainsi la possibilite de voir les problemes et d'apprendre a dejouer les pieges.
-
-Comme IanG l'a dit : il est fortement recommande aux assureurs de participer aux ATE. Le programmme contient des parties qui entrent directement en ligne de compte pour le succes de notre audit. Venez et decouvrez comment contribuer.
-
-Le prochain ATE qui aura lieu pres de chez vous sera :
-- Mardi le 15 mai 2012
-- de 19:00 a environ 22:00
-- Chambre: New York
-- dans le FZI Forschungszentrum Informatik
-- Haid-und-Neu-Str. 10-14
-- 76131 Karlsruhe
-
-NB : les exposes auront lieu en Allemand
-
-Plus de renseignements sur le lieu :
-Wiki [http://wiki.cacert.org/Events/2012-05-15ATE-Karlsruhe]
-Blog [http://blog.cacert.org/2012/04/559.html]
-
-Pour participer, repondez a ce courriel : 'Je viendrais au ATE-Karlsruhe'
-
-Le comite d'organisation se rejouit de votre venue.
-
-Contact: events@cacert.org
-
-[English]
-
-During the last year many changes took place inside CAcert. Many "oral" rules have been put into Policies. New procedures (e.g. Assurer Challenge) and obligations (e.g. CAcert Community Agreement) have been put into live. The Assurer Training Events (ATE) try to spread this information:
-
-- What is missing on the "old" CAP forms?
-- Why should I remember R/L/O?
-- What can you do if an Assuree shows an ID document unknown to you?
-
-These and more questions will be answered during the Assurer Training Events (ATEs)
-
-Furthermore, the ATE trains how to do assurances and audits assurances, to measure the quality of assurances in the daily routine. Here are some possible errors and pitfalls which need to be found. Assurers have the opportunity to see those errors and how to avoid them.
-
-As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers and includes parts which contribute directly to our audit. Come and find out how you can also contribute.
-
-The next event held in your area will be:
-
-- Tuesday 15th Mai 2012
-- during 19:00 - ca. 22:00
-- Room: New York
-- in the FZI Forschungszentrum Informatik
-- Haid-und-Neu-Str. 10-14
-- 76131 Karlsruhe
-
-Details to the location can be found:
-Wiki [http://wiki.cacert.org/Events/2012-05-15ATE-Karlsruhe]
-Blog [http://blog.cacert.org/2012/04/559.html]
-
-User reply for registration: 'I will attend the ATE-Karlsruhe'
-
-The event team is looking forward for your attendance:
-
-Contact: events@cacert.org
diff --git a/scripts/43de-ate-karlsruhe-mail.php.txt b/scripts/43de-ate-karlsruhe-mail.php.txt deleted file mode 100644 index afea2f2..0000000 --- a/scripts/43de-ate-karlsruhe-mail.php.txt +++ /dev/null @@ -1,155 +0,0 @@ -#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("43de-ate-karlsruhe-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
-// maxdist in [Km]
- $maxdist = 200;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Aachen, DE, Oct 4th 2010
-// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Aachen";
-// $city = "October 4th, 2010";
-
-// ATE Muenchen, DE, Apr 2nd 2011
-// $locid = 1260319; // Muenchen
-// $eventname = "ATE-Muenchen";
-// $city = "2. April, 2011";
-
-// ATE Bonn, DE, Jun 8th 2011
-// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Bonn";
-// $city = "8. Juni, 2011";
-
-// ATE Karlsruhe, DE, May 15th 2012
- $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
- $eventname = "ATE-Karlsruhe";
- $city = "15. May 2012";
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- echo "invitation sent to $xrows recipients.\n";
-
-?>
diff --git a/scripts/44de-ate-duesseldorf-email.txt b/scripts/44de-ate-duesseldorf-email.txt deleted file mode 100644 index b4b3708..0000000 --- a/scripts/44de-ate-duesseldorf-email.txt +++ /dev/null @@ -1,104 +0,0 @@ -[Deutsch] - -Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher -eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. -Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen: - -- Welcher Satz fehlt auf alten CAP Formularen? -- Warum soll ich mir R/L/O einpraegen? -- Wie verhaelst du dich, wenn du ein fremdes Ausweis Dokument das erste mal pruefst? - -Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs). - -Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung trainiert und auditiert, um die Qualitaet der Assurances in der taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, wie diese vermieden werden koennen. - -As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers, and include parts which contribute directly to our audit. Come and find out how you can also contribute. - -Die kommende Veranstaltung in deiner Naehe findet statt am: - -- Montag, den 09. Juli 2012 -- in der Zeit von: 19:00 - ca. 22:00 Uhr -- in der Heinrich-Heine-Universitaet Duesseldorf -- Raum: 25 -- Universitaetsstraße 1 -- 40225 Duesseldorf - - -Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im -Wiki [http://wiki.cacert.org/events/ATE-Duesseldorf] -Blog [http://blog.cacert.org/2012/06/559.html] - -Teilnehmer Registrierung mit Rueckantwort: - 'Ich moechte am ATE-Duesseldorf teilnehmen' - -Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme. - -Kontakt: events@cacert.org - - -[French] - -Bon nombre de changements ont eu lieu au cours de la derniere annee au sein de CAcert. Beaucoup de regles "orales" ont ete transformees en reglements ("Policies"). De nouvelles procedures (par exemple le Challenge Assureur) et devoirs (par exemple le CAcert Community Agreement) ont ete activees. Les Assurer Training Events essaient de propager ces informations : - -- Que manque-t-il sur les "anciens" formulaires CAP ? -- Pourquoi dois-je me souvenir de R/L/O ? -- Que faire si un |