diff options
37 files changed, 2099 insertions, 726 deletions
diff --git a/CommModule/server.pl b/CommModule/server.pl index eb5113a..c70bc9a 100755 --- a/CommModule/server.pl +++ b/CommModule/server.pl @@ -502,9 +502,28 @@ sub SignX509($$$$$$$$) { open OUT,">$wid/extfile"; print OUT "basicConstraints = critical, CA:FALSE\n"; + print OUT "keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement\n"; print OUT "extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC\n"; - print OUT "keyUsage = digitalSignature, keyEncipherment\n"; print OUT "authorityInfoAccess = OCSP;URI:$OCSPUrl\n"; + + my $CRLUrl=""; + if($root==0) + { + $CRLUrl="http://crl.cacert.org/revoke.crl"; + } + elsif($root==1) + { + $CRLUrl="http://crl.cacert.org/class3-revoke.crl"; + } + elsif($root==2) + { + $CRLUrl="http://crl.cacert.org/class3s-revoke.crl"; + } + else + { + $CRLUrl="http://crl.cacert.org/root${root}.crl"; + } + print OUT "crlDistributionPoints = URI:${CRLUrl}\n"; print OUT "subjectAltName = $san\n" if(length($san)); close OUT; $extfile=" -extfile $wid/extfile "; diff --git a/includes/account.php b/includes/account.php index 4f8ed03..ee5d3f8 100644 --- a/includes/account.php +++ b/includes/account.php @@ -17,6 +17,7 @@ */ require_once("../includes/loggedin.php"); require_once("../includes/lib/l10n.php"); + require_once('lib/check_weak_key.php'); loadem("account"); @@ -2165,9 +2166,9 @@ if($oldid == 29 && $process != "") { - $domain = mysql_real_escape_string(stripslashes(trim($domainname))); + $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname']))); - $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($_SESSION['_config']['domid'])."'"); + $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'"); $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0"); if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0) { @@ -2177,12 +2178,12 @@ } } - if(($oldid == 29 || $oldid == 30) && $process != _("Cancel")) + if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php { $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where `orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and - `orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'"; + `orgdomains`.`id`='".intval($domid)."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); @@ -2190,7 +2191,7 @@ $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where `orgemaillink`.`domid`=`orgdomains`.`id` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and - `orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'"; + `orgdomains`.`id`='".intval($domid)."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'"); @@ -2198,23 +2199,23 @@ if($oldid == 29 && $process != "") { - $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'")); - mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'"); + $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'")); + mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'"); showheader(_("My CAcert.org Account!")); printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain)); - echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue."); + echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue."); showfooter(); exit; } if($oldid == 30 && $process != "") { - $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'")); + $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'")); $domain = $row['domain']; - mysql_query("delete from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"); + mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'"); showheader(_("My CAcert.org Account!")); printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain)); - echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue."); + echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue."); showfooter(); exit; } @@ -2266,8 +2267,7 @@ $orgid = 0; } - if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 || - $id == 35 || $oldid == 35) + if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34) { $query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'"; $_macc = mysql_num_rows(mysql_query($query)); @@ -2280,6 +2280,19 @@ } } + if($id == 35 || $oldid == 35) + { + $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'"; + $is_orguser = mysql_num_rows(mysql_query($query)); + if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0) + { + showheader(_("My CAcert.org Account!")); + echo _("You don't have access to this area."); + showfooter(); + exit; + } + } + if($id == 33 && $_SESSION['profile']['orgadmin'] != 1) { $orgid = intval($_SESSION['_config']['orgid']); @@ -2309,8 +2322,21 @@ $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email'])); } else { $row = mysql_fetch_assoc($res); - mysql_query("insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."', - `masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'"); + if ( !is_assurer(intval($row['id'])) ) + { + $id = $oldid;
+ $oldid=0;
+ $_SESSION['_config']['errmsg'] = + _("The user is not an Assurer yet"); + } else { + mysql_query( + "insert into `org` + set `memid`='".intval($row['id'])."', + `orgid`='".intval($_SESSION['_config']['orgid'])."', + `masteracc`='$masteracc', + `OU`='$OU', + `comments`='$comments'"); + } } } @@ -2987,6 +3013,4 @@ $_SESSION['_config']['orgid'] = intval($orgid); if(intval($memid) > 0) $_SESSION['_config']['memid'] = intval($memid); - if(intval($domid) > 0) - $_SESSION['_config']['domid'] = intval($domid); ?> diff --git a/includes/account_stuff.php b/includes/account_stuff.php index 108bd57..148a0ac 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -209,7 +209,7 @@ function hideall() { <ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul> </div> <? } ?> -<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?> +<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?> <div class="relatedLinks"> <h3 class="pointer" onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3> <ul class="menu" id="orgadmin"><? if($_SESSION['profile']['orgadmin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul> @@ -284,361 +284,3 @@ function hideall() { </body> </html><? } - - /** - * Produces a log entry with the error message with log level E_USER_WARN - * and a random ID an returns a message that can be displayed to the user - * including the generated ID - * - * @param $errormessage string - * The error message that should be logged - * @return string containing the generated ID that can be displayed to the - * user - */ - function failWithId($errormessage) { - $errorId = rand(); - trigger_error("$errormessage. ID: $errorId", E_USER_WARNING); - return sprintf(_("Something went wrong when processing your request. ". - "Please contact %s for help and provide them with the ". - "following ID: %d"), - "<a href='mailto:support@cacert.org?subject=System%20Error%20-%20". - "ID%3A%20$errorId'>support@cacert.org</a>", - $errorId); - } - - /** - * Checks whether the given CSR contains a vulnerable key - * - * @param $csr string - * The CSR to be checked - * @param $encoding string [optional] - * The encoding the CSR is in (for the "-inform" parameter of OpenSSL, - * currently only "PEM" (default) or "DER" allowed) - * @return string containing the reason if the key is considered weak, - * empty string otherwise - */ - function checkWeakKeyCSR($csr, $encoding = "PEM") - { - // non-PEM-encodings may be binary so don't use echo - $descriptorspec = array( - 0 => array("pipe", "r"), // STDIN for child - 1 => array("pipe", "w"), // STDOUT for child - ); - $encoding = escapeshellarg($encoding); - $proc = proc_open("openssl req -inform $encoding -text -noout", - $descriptorspec, $pipes); - - if (is_resource($proc)) - { - fwrite($pipes[0], $csr); - fclose($pipes[0]); - - $csrText = ""; - while (!feof($pipes[1])) - { - $csrText .= fread($pipes[1], 8192); - } - fclose($pipes[1]); - - if (($status = proc_close($proc)) !== 0 || $csrText === "") - { - return _("I didn't receive a valid Certificate Request, hit ". - "the back button and try again."); - } - } else { - return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL"); - } - - - return checkWeakKeyText($csrText); - } - - /** - * Checks whether the given X509 certificate contains a vulnerable key - * - * @param $cert string - * The X509 certificate to be checked - * @param $encoding string [optional] - * The encoding the certificate is in (for the "-inform" parameter of - * OpenSSL, currently only "PEM" (default), "DER" or "NET" allowed) - * @return string containing the reason if the key is considered weak, - * empty string otherwise - */ - function checkWeakKeyX509($cert, $encoding = "PEM") - { - // non-PEM-encodings may be binary so don't use echo - $descriptorspec = array( - 0 => array("pipe", "r"), // STDIN for child - 1 => array("pipe", "w"), // STDOUT for child - ); - $encoding = escapeshellarg($encoding); - $proc = proc_open("openssl x509 -inform $encoding -text -noout", - $descriptorspec, $pipes); - - if (is_resource($proc)) - { - fwrite($pipes[0], $cert); - fclose($pipes[0]); - - $certText = ""; - while (!feof($pipes[1])) - { - $certText .= fread($pipes[1], 8192); - } - fclose($pipes[1]); - - if (($status = proc_close($proc)) !== 0 || $certText === "") - { - return _("I didn't receive a valid Certificate Request, hit ". - "the back button and try again."); - } - } else { - return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL"); - } - - - return checkWeakKeyText($certText); - } - - /** - * Checks whether the given SPKAC contains a vulnerable key - * - * @param $spkac string - * The SPKAC to be checked - * @param $spkacname string [optional] - * The name of the variable that contains the SPKAC. The default is - * "SPKAC" - * @return string containing the reason if the key is considered weak, - * empty string otherwise - */ - function checkWeakKeySPKAC($spkac, $spkacname = "SPKAC") - { - /* Check for the debian OpenSSL vulnerability */ - - $spkac = escapeshellarg($spkac); - $spkacname = escapeshellarg($spkacname); - $spkacText = `echo $spkac | openssl spkac -spkac $spkacname`; - if ($spkacText === null) { - return _("I didn't receive a valid Certificate Request, hit the ". - "back button and try again."); - } - - return checkWeakKeyText($spkacText); - } - - /** - * Checks whether the given text representation of a CSR or a SPKAC contains - * a weak key - * - * @param $text string - * The text representation of a key as output by the - * "openssl <foo> -text -noout" commands - * @return string containing the reason if the key is considered weak, - * empty string otherwise - */ - function checkWeakKeyText($text) - { - /* Which public key algorithm? */ - if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text, - $algorithm)) - { - return failWithId("checkWeakKeyText(): Couldn't extract the ". - "public key algorithm used"); - } else { - $algorithm = $algorithm[1]; - } - - - if ($algorithm === "rsaEncryption") - { - if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text, - $keysize)) - { - return failWithId("checkWeakKeyText(): Couldn't parse the RSA ". - "key size"); - } else { - $keysize = intval($keysize[1]); - } - - if ($keysize < 1024) - { - return sprintf(_("The keys that you use are very small ". - "and therefore insecure. Please generate stronger ". - "keys. More information about this issue can be ". - "found in %sthe wiki%s"), - "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>", - "</a>"); - } elseif ($keysize < 2048) { - // not critical but log so we have some statistics about - // affected users - trigger_error("checkWeakKeyText(): Certificate for small ". - "key (< 2048 bit) requested", E_USER_NOTICE); - } - - - $debianVuln = checkDebianVulnerability($text, $keysize); - if ($debianVuln === true) - { - return sprintf(_("The keys you use have very likely been ". - "generated with a vulnerable version of OpenSSL which ". - "was distributed by debian. Please generate new keys. ". - "More information about this issue can be found in ". - "%sthe wiki%s"), - "<a href='//wiki.cacert.org/WeakKeys#DebianVulnerability'>", - "</a>"); - } elseif ($debianVuln === false) { - // not vulnerable => do nothing - } else { - return failWithId("checkWeakKeyText(): Something went wrong in". - "checkDebianVulnerability()"); - } - - if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text, - $exponent)) - { - return failWithId("checkWeakKeyText(): Couldn't parse the RSA ". - "exponent"); - } else { - $exponent = $exponent[1]; // exponent might be very big => - //handle as string using bc*() - - if (bccomp($exponent, "3") === 0) - { - return sprintf(_("The keys you use might be insecure. ". - "Although there is currently no known attack for ". - "reasonable encryption schemes, we're being ". - "cautious and don't allow certificates for such ". - "keys. Please generate stronger keys. More ". - "information about this issue can be found in ". - "%sthe wiki%s"), - "<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>", - "</a>"); - } elseif (!(bccomp($exponent, "65537") >= 0 && - (bccomp($exponent, "100000") === -1 || - // speed things up if way smaller than 2^256 - bccomp($exponent, bcpow("2", "256")) === -1) )) { - // 65537 <= exponent < 2^256 recommended by NIST - // not critical but log so we have some statistics about - // affected users - trigger_error("checkWeakKeyText(): Certificate for ". - "unsuitable exponent '$exponent' requested", - E_USER_NOTICE); - } - } - } - - /* No weakness found */ - return ""; - } - - /** - * Reimplement the functionality of the openssl-vulnkey tool - * - * @param $text string - * The text representation of a key as output by the - * "openssl <foo> -text -noout" commands - * @param $keysize int [optional] - * If the key size is already known it can be provided so it doesn't - * have to be parsed again. This also skips the check whether the key - * is an RSA key => use wisely - * @return TRUE if key is vulnerable, FALSE otherwise, NULL in case of error - */ - function checkDebianVulnerability($text, $keysize = 0) - { - $keysize = intval($keysize); - - if ($keysize === 0) - { - /* Which public key algorithm? */ - if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text, - $algorithm)) - { - trigger_error("checkDebianVulnerability(): Couldn't extract ". - "the public key algorithm used", E_USER_WARNING); - return null; - } else { - $algorithm = $algorithm[1]; - } - - if ($algorithm !== "rsaEncryption") return false; - - /* Extract public key size */ - if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text, - $keysize)) - { - trigger_error("checkDebianVulnerability(): Couldn't parse the ". - "RSA key size", E_USER_WARNING); - return null; - } else { - $keysize = intval($keysize[1]); - } - } - - // $keysize has been made sure to contain an int - $blacklist = "/usr/share/openssl-blacklist/blacklist.RSA-$keysize"; - if (!(is_file($blacklist) && is_readable($blacklist))) - { - if (in_array($keysize, array(512, 1024, 2048, 4096))) - { - trigger_error("checkDebianVulnerability(): Blacklist for ". - "$keysize bit keys not accessible. Expected at ". - "$blacklist", E_USER_ERROR); - return null; - } - - trigger_error("checkDebianVulnerability(): $blacklist is not ". - "readable. Unsupported key size?", E_USER_WARNING); - return false; - } - - - /* Extract RSA modulus */ - if (!preg_match('/^\s*Modulus \(\d+ bit\):\n'. - '((?:\s*[0-9a-f][0-9a-f]:(?:\n)?)+[0-9a-f][0-9a-f])$/m', - $text, $modulus)) - { - trigger_error("checkDebianVulnerability(): Couldn't extract the ". - "RSA modulus", E_USER_WARNING); - return null; - } else { - $modulus = $modulus[1]; - // strip whitespace and colon leftovers - $modulus = str_replace(array(" ", "\t", "\n", ":"), "", $modulus); - - // when using "openssl xxx -text" first byte was 00 in all my test - // cases but 00 not present in the "openssl xxx -modulus" output - if ($modulus[0] === "0" && $modulus[1] === "0") - { - $modulus = substr($modulus, 2); - } else { - trigger_error("checkDebianVulnerability(): First byte is not ". - "zero", E_USER_NOTICE); - } - - $modulus = strtoupper($modulus); - } - - - /* calculate checksum and look it up in the blacklist */ - $checksum = substr(sha1("Modulus=$modulus\n"), 20); - - // $checksum and $blacklist should be safe, but just to make sure - $checksum = escapeshellarg($checksum); - $blacklist = escapeshellarg($blacklist); - exec("grep $checksum $blacklist", $dummy, $debianVuln); - if ($debianVuln === 0) // grep returned something => it is on the list - { - return true; - } elseif ($debianVuln === 1) { // grep returned nothing - return false; - } else { - trigger_error("checkDebianVulnerability(): Something went wrong ". - "when looking up the key with checksum $checksum in the ". - "blacklist $blacklist", E_USER_ERROR); - return null; - } - - // Should not get here - return null; - } -?> diff --git a/includes/general.php b/includes/general.php index 4919c84..3478dd4 100644 --- a/includes/general.php +++ b/includes/general.php @@ -215,7 +215,8 @@ //echo "Points due to name matches: $points<br/>"; - $do = `grep '$pwd' /usr/share/dict/american-english`; + $shellpwd = escapeshellarg($pwd); + $do = `grep $shellpwd /usr/share/dict/american-english`; if($do) $points--; @@ -487,10 +488,6 @@ return(0); } - if($points >= 300) - return(200); - if($points >= 200) - return(150); if($points >= 150) return(35); if($points >= 140) diff --git a/includes/lib/account.php b/includes/lib/account.php index c7697ce..e311668 100644 --- a/includes/lib/account.php +++ b/includes/lib/account.php @@ -17,37 +17,82 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -function fix_assurer_flag($userID) +/** + * Function to recalculate the cached Assurer status + * + * @param int $userID + * if the user ID is not given the flag will be recalculated for all users + * + * @return bool + * false if there was an error on fixing the flag. This does NOT return the + * new value of the flag + */ +function fix_assurer_flag($userID = NULL) { - // If requirements for assurers are modified see also scripts/cron/updatesort.php - - // Update Assurer-Flag on users table if 100 points. - // Should the number of points be SUM(points) or SUM(awarded)? - $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE '. - '`u`.`id` = \''.(int)intval($userID).'\' AND '. - 'EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv` '. - 'WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND '. - '`cp`.`user_id` = `u`.`id`) AND '. - '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '. - 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) >= 100'); - // Challenge has been passed and non-expired points >= 100 - + // Update Assurer-Flag on users table if 100 points and CATS passed. + // + // We may have some performance issues here if no userID is given + // there are ~150k assurances and ~220k users currently + // but the exists-clause on cats_passed should be a good filter + $sql = ' + UPDATE `users` AS `u` SET `assurer` = 1 + WHERE '.( + ($userID === NULL) ? + '`u`.`assurer` = 0' : + '`u`.`id` = \''.intval($userID).'\'' + ).' + AND EXISTS( + SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv` + WHERE `cp`.`variant_id` = `cv`.`id` + AND `cv`.`type_id` = 1 + AND `cp`.`user_id` = `u`.`id` + ) + AND ( + SELECT SUM(`points`) FROM `notary` AS `n` + WHERE `n`.`to` = `u`.`id` + AND (`n`.`expire` > now() + OR `n`.`expire` IS NULL) + ) >= 100'; + + $query = mysql_query($sql); if (!$query) { return false; } - + // Challenge has been passed and non-expired points >= 100 + // Reset flag if requirements are not met - $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE '. - '`u`.`id` = \''.(int)intval($userID).'\' AND '. - '(NOT EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS '. - '`cv` WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 '. - 'AND `cp`.`user_id` = `u`.`id`) OR '. - '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '. - 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100)'); - + // + // Also a bit performance critical but assurer flag is only set on + // ~5k accounts + $sql = ' + UPDATE `users` AS `u` SET `assurer` = 0 + WHERE '.( + ($userID === NULL) ? + '`u`.`assurer` <> 0' : + '`u`.`id` = \''.intval($userID).'\'' + ).' + AND ( + NOT EXISTS( + SELECT 1 FROM `cats_passed` AS `cp`, + `cats_variant` AS `cv` + WHERE `cp`.`variant_id` = `cv`.`id` + AND `cv`.`type_id` = 1 + AND `cp`.`user_id` = `u`.`id` + ) + OR ( + SELECT SUM(`points`) FROM `notary` AS `n` + WHERE `n`.`to` = `u`.`id` + AND ( + `n`.`expire` > now() + OR `n`.`expire` IS NULL + ) + ) < 100 + )'; + + $query = mysql_query($sql); if (!$query) { return false; } - + return true; }
\ No newline at end of file diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php new file mode 100644 index 0000000..ca13ba2 --- /dev/null +++ b/includes/lib/check_weak_key.php @@ -0,0 +1,323 @@ +<?php /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +// failWithId() +require_once 'general.php'; + + +/** +* Checks whether the given CSR contains a vulnerable key +* +* @param $csr string +* The CSR to be checked +* @param $encoding string [optional] +* The encoding the CSR is in (for the "-inform" parameter of OpenSSL, +* currently only "PEM" (default) or "DER" allowed) +* @return string containing the reason if the key is considered weak, +* empty string otherwise +*/ +function checkWeakKeyCSR($csr, $encoding = "PEM") +{ + $encoding = escapeshellarg($encoding); + $status = runCommand("openssl req -inform $encoding -text -noout", + $csr, $csrText); + if ($status === true) { + return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL"); + } + + if ($status !== 0 || $csrText === "") { + return _("I didn't receive a valid Certificate Request. Hit ". + "the back button and try again."); + } + + return checkWeakKeyText($csrText); +} + +/** + * Checks whether the given X509 certificate contains a vulnerable key + * + * @param $cert string + * The X509 certificate to be checked + * @param $encoding string [optional] + * The encoding the certificate is in (for the "-inform" parameter of + * OpenSSL, currently only "PEM" (default), "DER" or "NET" allowed) + * @return string containing the reason if the key is considered weak, + * empty string otherwise + */ +function checkWeakKeyX509($cert, $encoding = "PEM") +{ + $encoding = escapeshellarg($encoding); + $status = runCommand("openssl x509 -inform $encoding -text -noout", + $cert, $certText); + if ($status === true) { + return failWithId("checkWeakKeyX509(): Failed to start OpenSSL"); + } + + if ($status !== 0 || $certText === "") { + return _("I didn't receive a valid Certificate Request. Hit ". + "the back button and try again."); + } + + return checkWeakKeyText($certText); +} + +/** + * Checks whether the given SPKAC contains a vulnerable key + * + * @param $spkac string + * The SPKAC to be checked + * @param $spkacname string [optional] + * The name of the variable that contains the SPKAC. The default is + * "SPKAC" + * @return string containing the reason if the key is considered weak, + * empty string otherwise + */ +function checkWeakKeySPKAC($spkac, $spkacname = "SPKAC") +{ + $spkacname = escapeshellarg($spkacname); + $status = runCommand("openssl spkac -spkac $spkacname", $spkac, $spkacText); + if ($status === true) { + return failWithId("checkWeakKeySPKAC(): Failed to start OpenSSL"); + } + + if ($status !== 0 || $spkacText === "") { + return _("I didn't receive a valid Certificate Request. Hit the ". + "back button and try again."); + } + + return checkWeakKeyText($spkacText); +} + +/** + * Checks whether the given text representation of a CSR or a SPKAC contains + * a weak key + * + * @param $text string + * The text representation of a key as output by the + * "openssl <foo> -text -noout" commands + * @return string containing the reason if the key is considered weak, + * empty string otherwise + */ +function checkWeakKeyText($text) +{ + /* Which public key algorithm? */ + if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text, + $algorithm)) + { + return failWithId("checkWeakKeyText(): Couldn't extract the ". + "public key algorithm used.\nData:\n$text"); + } else { + $algorithm = $algorithm[1]; + } + + + if ($algorithm === "rsaEncryption") + { + if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text, + $keysize)) + { + return failWithId("checkWeakKeyText(): Couldn't parse the RSA ". + "key size.\nData:\n$text"); + } else { + $keysize = intval($keysize[1]); + } + + if ($keysize < 1024) + { + return sprintf(_("The keys that you use are very small ". + "and therefore insecure. Please generate stronger ". + "keys. More information about this issue can be ". + "found in %sthe wiki%s"), + "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>", + "</a>"); + } elseif ($keysize < 2048) { + // not critical but log so we have some statistics about + // affected users + trigger_error("checkWeakKeyText(): Certificate for small ". + "key (< 2048 bit) requested", E_USER_NOTICE); + } + + + $debianVuln = checkDebianVulnerability($text, $keysize); + if ($debianVuln === true) + { + return sprintf(_("The keys you use have very likely been ". + "generated with a vulnerable version of OpenSSL which ". + "was distributed by debian. Please generate new keys. ". + "More information about this issue can be found in ". + "%sthe wiki%s"), + "<a href='//wiki.cacert.org/WeakKeys#DebianVulnerability'>", + "</a>"); + } elseif ($debianVuln === false) { + // not vulnerable => do nothing + } else { + return failWithId("checkWeakKeyText(): Something went wrong in". + "checkDebianVulnerability().\nKeysize: $keysize\n". + "Data:\n$text"); + } + + if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text, + $exponent)) + { + return failWithId("checkWeakKeyText(): Couldn't parse the RSA ". + "exponent.\nData:\n$text"); + } else { + $exponent = $exponent[1]; // exponent might be very big => + //handle as string using bc*() + + if (bccomp($exponent, "3") === 0) + { + return sprintf(_("The keys you use might be insecure. ". + "Although there is currently no known attack for ". + "reasonable encryption schemes, we're being ". + "cautious and don't allow certificates for such ". + "keys. Please generate stronger keys. More ". + "information about this issue can be found in ". + "%sthe wiki%s"), + "<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>", + "</a>"); + } elseif (!(bccomp($exponent, "65537") >= 0 && + (bccomp($exponent, "100000") === -1 || + // speed things up if way smaller than 2^256 + bccomp($exponent, bcpow("2", "256")) === -1) )) { + // 65537 <= exponent < 2^256 recommended by NIST + // not critical but log so we have some statistics about + // affected users + trigger_error("checkWeakKeyText(): Certificate for ". + "unsuitable exponent '$exponent' requested", + E_USER_NOTICE); + } + } + } + + /* No weakness found */ + return ""; +} + +/** + * Reimplement the functionality of the openssl-vulnkey tool + * + * @param $text string + * The text representation of a key as output by the + * "openssl <foo> -text -noout" commands + * @param $keysize int [optional] + * If the key size is already known it can be provided so it doesn't + * have to be parsed again. This also skips the check whether the key + * is an RSA key => use wisely + * @return TRUE if key is vulnerable, FALSE otherwise, NULL in case of error + */ +function checkDebianVulnerability($text, $keysize = 0) +{ + $keysize = intval($keysize); + + if ($keysize === 0) + { + /* Which public key algorithm? */ + if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text, + $algorithm)) + { + trigger_error("checkDebianVulnerability(): Couldn't extract ". + "the public key algorithm used.\nData:\n$text", + E_USER_WARNING); + return null; + } else { + $algorithm = $algorithm[1]; + } + + if ($algorithm !== "rsaEncryption") return false; + + /* Extract public key size */ + if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text, + $keysize)) + { + trigger_error("checkDebianVulnerability(): Couldn't parse the ". + "RSA key size.\nData:\n$text", E_USER_WARNING); + return null; + } else { + $keysize = intval($keysize[1]); + } + } + + // $keysize has been made sure to contain an int + $blacklist = "/usr/share/openssl-blacklist/blacklist.RSA-$keysize"; + if (!(is_file($blacklist) && is_readable($blacklist))) + { + if (in_array($keysize, array(512, 1024, 2048, 4096))) + { + trigger_error("checkDebianVulnerability(): Blacklist for ". + "$keysize bit keys not accessible. Expected at ". + "$blacklist", E_USER_ERROR); + return null; + } + + trigger_error("checkDebianVulnerability(): $blacklist is not ". + "readable. Unsupported key size?", E_USER_WARNING); + return false; + } + + + /* Extract RSA modulus */ + if (!preg_match('/^\s*Modulus \(\d+ bit\):\n'. + '((?:\s*[0-9a-f][0-9a-f]:(?:\n)?)+[0-9a-f][0-9a-f])$/m', + $text, $modulus)) + { + trigger_error("checkDebianVulnerability(): Couldn't extract the ". + "RSA modulus.\nData:\n$text", E_USER_WARNING); + return null; + } else { + $modulus = $modulus[1]; + // strip whitespace and colon leftovers + $modulus = str_replace(array(" ", "\t", "\n", ":"), "", $modulus); + + // when using "openssl xxx -text" first byte was 00 in all my test + // cases but 00 not present in the "openssl xxx -modulus" output + if ($modulus[0] === "0" && $modulus[1] === "0") + { + $modulus = substr($modulus, 2); + } else { + trigger_error("checkDebianVulnerability(): First byte is not ". + "zero", E_USER_NOTICE); + } + + $modulus = strtoupper($modulus); + } + + + /* calculate checksum and look it up in the blacklist */ + $checksum = substr(sha1("Modulus=$modulus\n"), 20); + + // $checksum and $blacklist should be safe, but just to make sure + $checksum = escapeshellarg($checksum); + $blacklist = escapeshellarg($blacklist); + $debianVuln = runCommand("grep $checksum $blacklist"); + if ($debianVuln === 0) // grep returned something => it is on the list + { + return true; + } elseif ($debianVuln === 1) { + // grep returned nothing + return false; + } else { + trigger_error("checkDebianVulnerability(): Something went wrong ". + "when looking up the key with checksum $checksum in the ". + "blacklist $blacklist", E_USER_ERROR); + return null; + } + + // Should not get here + return null; +} diff --git a/includes/lib/general.php b/includes/lib/general.php index 25d2561..d91b24e 100644 --- a/includes/lib/general.php +++ b/includes/lib/general.php @@ -47,4 +47,86 @@ function get_user_id_from_cert($serial, $issuer_cn) return -1; } -?> +/** + * Produces a log entry with the error message with log level E_USER_WARN + * and a random ID an returns a message that can be displayed to the user + * including the generated ID + * + * @param $errormessage string + * The error message that should be logged + * @return string containing the generated ID that can be displayed to the + * user + */ +function failWithId($errormessage) { + $errorId = rand(); + trigger_error("$errormessage. ID: $errorId", E_USER_WARNING); + return sprintf(_("Something went wrong when processing your request. ". + "Please contact %s for help and provide them with the ". + "following ID: %d"), + "<a href='mailto:support@cacert.org?subject=System%20Error%20-%20". + "ID%3A%20$errorId'>support@cacert.org</a>", + $errorId); +} + + +/** + * Runs a command on the shell and return it's exit code and output + * + * @param string $command + * The command to run. Make sure that you escapeshellarg() any non-constant + * parts as this is executed on a shell! + * @param string|bool $input + * The input that is passed to the command via STDIN, if true the real + * STDIN is passed through + * @param string|bool $output + * The output the command wrote to STDOUT (this is passed as reference), + * if true the output will be written to the real STDOUT. Output is ignored + * by default + * @param string|bool $errors + * The output the command wrote to STDERR (this is passed as reference), + * if true (default) the output will be written to the real STDERR + * + * @return int|bool + * The exit code of the command, true if the execution of the command + * failed (true because then + * <code>if (runCommand('echo "foo"')) handle_error();</code> will work) + */ +function runCommand($command, $input = "", &$output = null, &$errors = true) { + $descriptorspec = array(); + + if ($input !== true) { + $descriptorspec[0] = array("pipe", "r"); // STDIN for child + } + + if ($output !== true) { + $descriptorspec[1] = array("pipe", "w"); // STDOUT for child + } + + if ($errors !== true) { + $descriptorspec[2] = array("pipe", "w"); // STDERR for child + } + + $proc = proc_open($command, $descriptorspec, $pipes); + + if (is_resource($proc)) + { + if ($input !== true) { + fwrite($pipes[0], $input); + fclose($pipes[0]); + } + + if ($output !== true) { + $output = stream_get_contents($pipes[1]); + } + + if ($errors !== true) { + $errors = stream_get_contents($pipes[2]); + } + + return proc_close($proc); + + } else { + return true; + } +} + diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample index ff5cfc3..eb86401 100644 --- a/includes/mysql.php.sample +++ b/includes/mysql.php.sample @@ -28,7 +28,7 @@ function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $fromname = "", $errorsto = "returns@cacert.org", $extra="") { - $lines = explode('\n', $message); + $lines = explode("\n", $message); $message = ""; foreach($lines as $line) { diff --git a/includes/wot.inc.php b/includes/wot.inc.php index 884b97f..edc442a 100644 --- a/includes/wot.inc.php +++ b/includes/wot.inc.php @@ -536,4 +536,94 @@ <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> <? } + +// functions for 6.php (assure somebody) + +function AssureHead($confirmation,$checkname) +{ +?> +<form method="post" action="wot.php"> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600"> + <tr> + <td colspan="2" class="title"><?=$confirmation?></td> + </tr> + <tr> + <td class="DataTD" colspan="2" align="left"><?=$checkname?></td> + </tr> +<? + } + +function AssureTextLine($field1,$field2) +{ +?> + <tr> + <td class="DataTD"><?=$field1?>:</td> + <td class="DataTD"><?=$field2?></td> + </tr> +<? +} + +function AssureCCABoxLine($type,$text) +{ + return; + AssureBoxLine($type,$text); +} + +function AssureBoxLine($type,$text,$checked) +{ ?> + <tr> + <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td> + <td class="DataTD"><?=$text?></td> + </tr> +<? +} + +function AssureMethodLine($text,$methods,$remark) +{ + if (count($methods) != 1) + { +?> + <tr> + <td class="DataTD"><?=$text?></td> + <td class="DataTD"> + <select name="method"> +<? + foreach($methods as $val) { ?> + <option value="<?=$val?>"> <?=$val?></option> + +<? } ?> + </select> + </br><?=$remark?> + </td> + </tr> +<? + } else { +?> + <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>"> +<? + } +} + +function AssureInboxLine($type,$field,$value,$description) +{ +?> + <tr> + <td class="DataTD"><?=$field?>:</td> + <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td> + </tr> +<? +} + +function AssureFoot($oldid,$confirm) +{?> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=$confirm?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td> + </tr> + </table> + <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>"> + <input type="hidden" name="oldid" value="<?=$oldid?>"> +</form> +<? +} + diff --git a/locale/Makefile b/locale/Makefile index b703fb2..1517066 100644 --- a/locale/Makefile +++ b/locale/Makefile @@ -112,8 +112,7 @@ $(LANGS:%=$(MO_FILE_TEMPLATE)): $(MO_FILE_TEMPLATE): $(PO_FILE_TEMPLATE) $(LANGS:%=$(PO_FILE_TEMPLATE)): mkdir -p $(@D) wget --output-document - '$(@:$(PO_FILE_TEMPLATE)=$(PO_URL_TEMPLATE))' | \ - # convert UTF-8 characters to HTML entities \ - php -r 'while (!feof(STDIN)) echo mb_convert_encoding(fgets(STDIN), "HTML-ENTITIES", "UTF-8");' \ + php -f escape_special_chars.php \ > $@ diff --git a/locale/escape_special_chars.php b/locale/escape_special_chars.php new file mode 100644 index 0000000..32de390 --- /dev/null +++ b/locale/escape_special_chars.php @@ -0,0 +1,71 @@ +#!/usr/bin/php -q +<?php +/* +LibreSSL - CAcert web application +Copyright (C) 2004-2012 CAcert Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +/* Convert special characters in UTF-8 encoded PO files to HTML entities */ + +define('MSGSTR', 'msgstr'); +define('MSGSTR_LEN', strlen(MSGSTR)); +define('MSGID', 'msgid'); +define('MSGID_LEN', strlen(MSGID)); + +function is_msgstr($line) { + if (strlen($line) < MSGSTR_LEN) { + return false; + } + + return substr_compare($line, MSGSTR, 0, MSGSTR_LEN) === 0; +} + +function is_msgid($line) { + if (strlen($line) < MSGID_LEN) { + return false; + } + + return substr_compare($line, MSGID, 0, MSGID_LEN) === 0; +} + +// Skip the metadata (first msgid/msgstr pair) +while (!feof(STDIN)) { + $line = fgets(STDIN); + + echo $line; + + if (is_msgstr($line)) { + break; + } +} + +// determines if the current line belongs to a msgid or a msgstr +$msgstr = false; + +while (!feof(STDIN)) { + $line = fgets(STDIN); + + if (is_msgstr($line)) { + $msgstr = true; + } elseif (is_msgid($line)) { + $msgstr = false; + } + + if ($msgstr) { + $line = htmlentities($line, ENT_NOQUOTES, "UTF-8"); + } + echo $line; +} diff --git a/pages/account/29.php b/pages/account/29.php index c1a3def..4229b3b 100644 --- a/pages/account/29.php +++ b/pages/account/29.php @@ -35,10 +35,12 @@ <td class="DataTD"><input type="text" name="domainname" value="<?=sanitizeHTML($_SESSION['_config']['domain'])?>"></td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> + <td class="DataTD"><input type="submit" name="cancel" value="<?=_("Cancel")?>"></td> + <td class="DataTD"><input type="submit" name="process" value="<?=_("Update")?>"></td> </tr> </table> <input type="hidden" name="oldid" value="<?=intval($id)?>"> <input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> +<input type="hidden" name="domid" value="<?=intval($_REQUEST['domid'])?>"> </form> diff --git a/pages/account/30.php b/pages/account/30.php index 33eeca8..04ad229 100644 --- a/pages/account/30.php +++ b/pages/account/30.php @@ -41,5 +41,6 @@ <input type="hidden" name="oldid" value="<?=intval($id)?>"> <input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> <input type="hidden" name="domain" value="<?=sanitizeHTML($row['domain'])?>"> +<input type="hidden" name="domid" value="<?=intval($_REQUEST['domid'])?>"> </form> diff --git a/pages/account/35.php b/pages/account/35.php index 3a4714f..05c7f2b 100644 --- a/pages/account/35.php +++ b/pages/account/35.php @@ -15,44 +15,89 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> - <tr> - <td colspan="3" class="title"><?=_("Organisations")?></td> - </tr> - <tr> - <td class="DataTD">#</td> - <td class="DataTD"><?=_("Organisation")?></td> - <td class="DataTD"><?=_("Admins")?></td> - </tr> -<? - $query = "select * from `orginfo`,`org` where `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".intval($_SESSION['profile']['id'])."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { - //number of admins for the org - $r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'"); - $admincount = mysql_num_rows($r2); - // number of domains for the org - $r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'"); - $domcount = mysql_num_rows($r2); -?> - <tr> - <td class="DataTD"><?=intval($row['id'])?></td> - <td class="DataTD"><?=($row['O'])?>, <?=($row['ST'])?> <?=sanitizeHTML($row['C'])?></td> - <td class="DataTD"><a href="account.php?id=32&orgid=<?=$row['id']?>"><?=_("Admins")?> (<?=$admincount?>)</a></td> - </tr> <? - // display the domains of each organisation - $query3 = "select * from `orgdomains` where `orgid`='".intval($row['id'])."'"; - $res3 = mysql_query($query3); - while($detailorg = mysql_fetch_assoc($res3)) +$query = "select * + from `orginfo`,`org` + where `orginfo`.`id`=`org`.`orgid` + and `org`.`memid`='".intval($_SESSION['profile']['id'])."'"; + +$res = mysql_query($query); +while($row = mysql_fetch_assoc($res)) +{ + ?> + <tr> + <td colspan="3" class="title"><?=_("Organisation")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Organisation Name")?>:</td> + <td colspan="2" class="DataTD" ><b><?=$row['O']?></b></td> + </tr> + <tr> + <td class="DataTD"><?=_("Contact Email")?>:</td> + <td colspan="2" class="DataTD"><?=($row['contact'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Town/Suburb")?>:</td> + <td colspan="2" class="DataTD"><?=($row['L'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("State/Province")?>:</td> + <td colspan="2" class="DataTD"><?=($row['ST'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Country")?>:</td> + <td colspan="2" class="DataTD"><?=($row['C'])?></td> + </tr> + <? + + //domain info + $query = "select `domain` from `orgdomains` where `orgid`='".intval($row['id'])."'"; + $res1 = mysql_query($query); + while($domain = mysql_fetch_assoc($res1)) + { + ?> + <tr> + <td class="DataTD"><?=_("Domain")?></td> + <td colspan="2" class="DataTD"><?=sanitizeHTML($domain['domain'])?></td> + </tr> + <? + } + + ?> + <tr> + <td class="DataTD"><?=_("Administrator")?></td> + <td class="DataTD"><?=_("Master Account")?></td> + <td class="DataTD"><?=_("Department")?></td> + </tr> + <? + + //org admins + $query = "select * from `org` where `orgid`='".intval($row['id'])."'"; + $res2 = mysql_query($query); + while($org = mysql_fetch_assoc($res2)) { -?> - <tr> - <td class="DataTD"><?=intval($detailorg['id'])?></td> - <td class="DataTD"><?=_("Domain available")?></td> - <td class="DataTD"><?=sanitizeHTML($detailorg['domain'])?></td> - </tr> -<? } } ?> + $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($org['memid'])."'")); + ?> + <tr> + <td class="DataTD"><a href='mailto:<?=$user['email']?>'><?=($user['fname'])?> <?=($user['lname'])?></a></td> + <td class="DataTD"><?=($org['masteracc'])?></td> + <td class="DataTD"><?=($org['OU'])?></td> + </tr> + <? + + if(intval($org['masteracc']) === 1 && + intval($org['memid']) === intval($_SESSION['profile']['id'])) + { + $master="account.php?id=32&orgid=".intval($row['id']); + ?> + <tr> + <td colspan="3" class="DataTD"><a href="<?=$master ?>"><?=_("Edit")?></a></td> + </tr> + <? + } + } +} ?> </table> diff --git a/pages/account/40.php b/pages/account/40.php index 499bf4d..b1a7fdb 100644 --- a/pages/account/40.php +++ b/pages/account/40.php @@ -19,15 +19,6 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s ?> <H3><?=_("Contact Us")?></H3> -<p><? printf(_("To contact us please log out and then use the contact form ". - "there or send us an email to %s. We are working to fix this ". - "situation so you may contact us while staying logged in again."), - - "<a href='mailto:support@cacert.org'>support@cacert.org</a>" - ) ?> -</p> - -<?/* <p><b><?=_("General Questions")?></b></p> <p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be over looked, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a reply quicker.")?></b></p> <p><b><?=_("If you are contacting us about advertising, please use the form at the bottom of the website, the first contact form is not the correct place.")?></b></p> @@ -36,7 +27,7 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s <p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p> <p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p> <p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p> -<form method="post" name="form1"> +<form method="post" action="account.php" name="form1"> <input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="support" value="yes"> <input type="hidden" name="secrethash2" value=""> @@ -61,7 +52,7 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s <p><b><?=_("Sensitive Information")?></b></p> <p><?=_("If you have questions, comments or otherwise and information you're sending to us contains sensitive details, you should use the contact form below. Due to the large amounts of support emails we receive, sending general questions via this contact form will generally take longer then using the support mailing list. Also sending queries in anything but english could cause delays in supporting you as we'd need to find a translator to help.")?></p> -<form method="post" action="https://www.cacert.org/index.php" name="form2"> +<form method="post" action="account.php" name="form2"> <input type="hidden" name="secrethash2" value=""> <input type="hidden" name="oldid" value="<?=$id?>"> <table border="0"> @@ -74,7 +65,12 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s </form> <p><b><?=_("Security Issues")?></b></p> -<p><?=_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on <a href='https://bugs.cacert.org/'>bugs.cacert.org</a> and mark it as private.")?></p> +<p><? sprintf(_("Please use any of the following ways to report security ". + "issues: You can use the above contact form for sensitive information. ". + "You can email us to %s. You can file a bugreport on %s and mark it as ". + "private."), + "<a href='mailto:support@cacert.org'>support@cacert.org</a>", + "<a href='https://bugs.cacert.org/'>bugs.cacert.org</a>")?></p> <p><b><?=_("Snail Mail")?></b></p> <p><?=_("Alternatively you can get in contact with us via the following methods:")?></p> @@ -93,4 +89,3 @@ Australia</p> document.form2.secrethash2.value = pagehash; --> </script> -*/ diff --git a/pages/index/11.php b/pages/index/11.php index 8391903..60c8941 100644 --- a/pages/index/11.php +++ b/pages/index/11.php @@ -27,7 +27,7 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s <p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p> <p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p> <p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p> -<form method="post" name="form1"> +<form method="post" action="index.php" name="form1"> <input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="support" value="yes"> <input type="hidden" name="secrethash2" value=""> @@ -52,7 +52,7 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s <p><b><?=_("Sensitive Information")?></b></p> <p><?=_("If you have questions, comments or otherwise and information you're sending to us contains sensitive details, you should use the contact form below. Due to the large amounts of support emails we receive, sending general questions via this contact form will generally take longer then using the support mailing list. Also sending queries in anything but english could cause delays in supporting you as we'd need to find a translator to help.")?></p> -<form method="post" action="https://www.cacert.org/index.php" name="form2"> +<form method="post" action="index.php" name="form2"> <input type="hidden" name="secrethash2" value=""> <input type="hidden" name="oldid" value="<?=$id?>"> <table border="0"> diff --git a/pages/wot/14.php b/pages/wot/14.php index 21c5873..a827ee4 100644 --- a/pages/wot/14.php +++ b/pages/wot/14.php @@ -20,7 +20,11 @@ <p><?=sprintf(_("If you have a %sSignaturecard%s (also called 'Buergerkarte'), you can digitally sign your assurance request here, and get 50 CAcert points:"),"<a href='http://www.buergerkarte.at/'>","</a>")?><br /></p> -<p><?=sprintf(_("To get assured with your Signaturecard, you need the Software from <a href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>. To activate your E-Card, please go to <a href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>."))?></p> +<p><?=sprintf(_("To get assured with your Signaturecard, you need the ". + "Software from %s. To activate your E-Card, please go to %s."), + "<a href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>", + "<a href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>" + )?></p> <pre><?=sanitizeHTML($_REQUEST['XMLResponse'])?></pre> diff --git a/pages/wot/6.php b/pages/wot/6.php index f8be9d7..28c1875 100644 --- a/pages/wot/6.php +++ b/pages/wot/6.php @@ -16,6 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? + if(!array_key_exists('notarise',$_SESSION['_config'])) { echo "Error: No user data found."; @@ -24,147 +25,35 @@ $row = $_SESSION['_config']['notarise']; - if(!array_key_exists('pointsalready',$_SESSION['_config'])) $_SESSION['_config']['pointsalready']=0; - - - if($_SESSION['profile']['ttpadmin'] == 1 && $_SESSION['profile']['board'] == 1) - { - $methods = array("Face to Face Meeting", "Trusted Third Parties", "Thawte Points Transfer", "Administrative Increase", "CT Magazine - Germany"); - } else if($_SESSION['profile']['ttpadmin'] == 1) { - $methods = array("Face to Face Meeting", "Trusted Third Parties"); - } - - $cap = "/cap.php?"; - $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix']; - $_SESSION['_config']['wothash'] = md5($name."-".$row['dob']); - while(strstr($name, " ")) - $name = str_replace(" ", " ", $name); - $cap .= "name=".urlencode($name); - $cap .= "&dob=".urlencode($row['dob']); - $cap .= "&email=".urlencode($row['email']); - $name = $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']; - while(strstr($name, " ")) - $name = str_replace(" ", " ", $name); - $cap .= "&assurer=".urlencode($name); - $cap .= "&date=now"; - $cap .= "&maxpoints=".maxpoints(); - - $maxpoints = maxpoints(); - if($maxpoints > 100) - $maxpoints = 100; - - if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?> -<form method="post" action="wot.php"> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600"> - <tr> - <td colspan="2" class="title"><?=_("Assurance Confirmation")?></td> - </tr> -<? if(array_key_exists('alreadydone',$_SESSION['_config']) && $_SESSION['_config']['alreadydone'] == 1) { ?> - <tr> - <td class="DataTD" colspan="2" align="left" style="color: red;"><b><?=_("PLEASE NOTE: You have already assured this person before! If this is unintentional please DO NOT CONTINUE with this assurance.")?></b></td> - </tr> -<? - } if(100 - $_SESSION['_config']['pointsalready'] - $maxpoints < 0) { - ?> - <tr> - <td class="DataTD" colspan="2" align="left" style="color: red;"><b><? printf(_("This person already has %s assurance points. Any points you give this person may be rounded down, or they may not even get any points. If you have less then 150 points you will still receive 2 points for assuring them."), $_SESSION['_config']['pointsalready']); ?></b></td> - </tr> -<? } - - $query = "select `verified` from `users` where `id`='".$row['id']."'"; - $res = mysql_query($query); - $drow = mysql_fetch_assoc($res); - //if($_SESSION['_config']['verified'] <= 0) - if($drow['verified']<=0) - { ?> - <tr> - <td class="DataTD" colspan="2" align="left" style="color: red;"><b><?=_("You are about to assure a person that isn't currently verified. If you continue and they do not verify their account within 48 hours the account could automatically be removed by the system.")?></b></td> - </tr> -<? } ?> - <tr> - <td class="DataTD" colspan="2" align="left"><? printf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $row['fname']); ?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Name")?>:</td> - <td class="DataTD"><?=$row['fname']?> <?=$row['mname']?> <?=$row['lname']?> <?=$row['suffix']?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Date of Birth")?>:</td> - <td class="DataTD"><?=$row['dob']?> (<?=_("YYYY-MM-DD")?>)</td> - </tr> -<? if($_SESSION['profile']['ttpadmin'] == 1) { ?> - <tr> - <td class="DataTD"><?=_("Method")?>:</td> - <td class="DataTD"><select name="method"> -<? foreach($methods as $val) { ?> - <option value="<?=$val?>"<? if(array_key_exists('method',$_POST) && $val == $_POST['method']) echo " selected"; ?>><?=$val?></option> -<? } ?> - </select> - </td> - </tr> - <tr> - <td class="DataTD" colspan="2"><?=_("Only tick the next box if the Assurance was face to face.")?></td> - </tr> -<? } ?> - <tr> - <td class="DataTD"><input type="checkbox" name="certify" value="1"<? if(array_key_exists('certify',$_POST) && $_POST['certify'] == 1) echo " checked"; ?>></td> - <td class="DataTD"><? printf(_("I certify that %s %s %s has appeared in person"), $row['fname'], $row['mname'], $row['lname']); ?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Location")?>:</td> - <td class="DataTD"><input type="text" name="location" value="<?=array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:""?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Date")?>:</td> - <td class="DataTD"><input type="text" name="date" value="<?=array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:""?>"><br><?=_("Only fill this in if you assured the person on a different day")?></td> - </tr> -<? if($_SESSION['profile']['board'] == 1 && $_SESSION['_config']['pointsalready'] <= 150) { ?> - <tr> - <td class="DataTD" colspan="2"><?=_("Issuing a temporary increase will automatically boost their points to 200 points for a nomindated amount of days, after which the person will be reduced to 150 points regardless of the amount of points they had previously. Regardless of method chosen above it will be recorded in the system as an Administrative Increase and there is a maximum amount of 45 days that points can be issued for.")?></td> - </tr> - <tr> - <td class="DataTD"><nobr><?=_("Temporary Increase")?>:</nobr><br><nobr><?=_("Number of days")?></nobr></td> - <td class="DataTD"><input type="text" name="expire" value="<?=intval(array_key_exists('expire',$_POST)?$_POST['expire']:0)?>"></td> - </tr> - <tr> - <td class="DataTD"><nobr><?=_("Sponsoring Member")?>:</td> - <td class="DataTD"><select name="sponsor"> -<? - $query = "select * from `users` where `board`='1' and `id`!='".intval($_SESSION['profile']['id'])."'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { + if($_SESSION['profile']['ttpadmin'] == 1) +// $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP"); +// else + $methods = array("Face to Face Meeting", "Trusted 3rd Parties"); + else + $methods = array("Face to Face Meeting"); + + $fname = $row['fname']; + $mname = $row['mname']; + $lname = $row['lname']; + $suffix = $row['suffix']; + $dob = $row['dob']; + $name = $fname." ".$mname." ".$lname." ".$suffix; + $_SESSION['_config']['wothash'] = md5($name."-".$dob); + + include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); + + AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname)); + AssureTextLine(_("Name"),$name); + AssureTextLine(_("Date of Birth"),$dob." ("._("YYYY-MM-DD").")"); + AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person"), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); + AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"",""); + AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("Please adjust the date if you assured the person on a different day")); + AssureMethodLine(_("Method"),$methods,_("Only tick the next box if the Assurance was face to face.")); + AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); + AssureBoxLine("rules",_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); + AssureTextLine(_("Policy"),"<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); + AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")"); + AssureCCABoxLine("CCAAgreed",sprintf(_("Check this box only if %s agreed to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"),$fname)); + AssureCCABoxLine("CCAAgree",_("Check this box only if YOU agree to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>")); + AssureFoot($id,_("I confirm this Assurance")); ?> - <option value="<?=$row['id']?>"<? if(array_key_exists('sponsor',$_POST) && $row['id'] == $_POST['sponsor']) echo " selected='selected'"; ?>><?=$row['fname']." ".$row['lname']?></option> -<? } ?> - </select> - </td> - </tr> -<? } ?> - <tr> - <td class="DataTD"><input type="checkbox" name="assertion" value="1"<? if(array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1) echo " checked='checked'"; ?>></td> - <td class="DataTD"><?=_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible.")?></td> - </tr> - <tr> - <td class="DataTD"><input type="checkbox" name="rules" value="1"<? if(array_key_exists('rules',$_POST) && $_POST['rules'] == 1) echo " checked='checked'"; ?>></td> - <td class="DataTD"><?=_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook.")?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Policy")?>:</td> - <td class="DataTD"><a href="/policy/AssurancePolicy.php" target="_NEW"><?=_("Assurance Policy")?></a> - <a href="http://wiki.cacert.org/AssuranceHandbook2" target="_NEW"><?=_("Assurance Handbook")?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Points")?>:<br><nobr>(Max <?=maxpoints()?>)</nobr></td> - <td class="DataTD"><input type="text" name="points" value=""></td> - </tr> - <tr> - <td class="DataTD"><?=_("WoT Form")?>:</td> - <td class="DataTD"><a href="<?=$cap?>" target="_NEW">A4 - <?=_("WoT Form")?></a> <a href="<?=$cap?>&format=letter" target="_NEW">US - <?=_("WoT Form")?></a></td> - </tr> - <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("I confirm this Assurance")?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td> - </tr> -</table> -<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> -</form> diff --git a/scripts/42de-ate-leipzig-email.txt b/scripts/42de-ate-leipzig-email.txt new file mode 100644 index 0000000..ea08a75 --- /dev/null +++ b/scripts/42de-ate-leipzig-email.txt @@ -0,0 +1,39 @@ +CAcert Assurer Training Event Leipzig +:::::::::::::::::::::::::::::::::::::::::::::::::: + +Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen: + +- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ? +- Warum solltest du dir R/L/O einpraegen ? +- Wie verhaelst du dich, wenn du ein fremdes Ausweis Dokument das erste mal pruefst ? + +Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs). + +Die kommende Veranstaltung in deiner Naehe findet statt am: + +Dienstag den 10. April 2012, 19:00 - 22:00 +(Dienstag nach Ostern) + +Adresse: + Universtität Leipzig / Institut für Informatik + Johannisgasse 26 / Raum 1-40 + 04103 Leipzig +Webseite: + [http://www.informatik.uni-leipzig.de/ifi/] +Lageplan: + [http://www.fmi.uni-leipzig.de/cms/service/lageplan.html] + + + +Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme. + +Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im +Wiki [https://wiki.cacert.org/Events/2012-04-10ATE-Leipzig] +Blog [http://blog.cacert.org/2012/03/555.html] + + + +Unverbindliche Anmeldung und Registrierung: +Rueckantwort mit 'Ich moechte teilnehmen: ATE-Leipzig' + +Kontakt: events@cacert.org diff --git a/scripts/42de-ate-leipzig-mail.php.txt b/scripts/42de-ate-leipzig-mail.php.txt new file mode 100644 index 0000000..d0c02b7 --- /dev/null +++ b/scripts/42de-ate-leipzig-mail.php.txt @@ -0,0 +1,114 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2009 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/mysql.php"); + + $lines = ""; + $fp = fopen("42de-ate-leipzig-email.txt", "r"); + while(!feof($fp)) + { + $line = trim(fgets($fp, 4096)); + $lines .= wordwrap($line, 75, "\n")."\n"; + } + fclose($fp); + + +// $locid = intval($_REQUEST['location']); +// $maxdist = intval($_REQUEST['maxdist']); +// maxdist in [Km] - changed to 350 to include glasgow + london + $maxdist = 200; + + +// location location.ID +// verified: 29.4.09 u.schroeter +// $locid = 7902857; // Paris +// $locid = 238568; // Bielefeld +// $locid = 715191; // Hamburg +// $locid = 1102495; // London +// $locid = 520340; // Duesseldorf +// $locid = 1260319; // Muenchen +// $locid = 606058; // Frankfurt +// $locid = 1775784; // Stuttgart +// $locid = 228950; // Berlin +// $locid = 606058; // Frankfurt +// $locid = 599389; // Flensburg +// $locid = 61065; // Amsterdam, Eemnes +// $locid = 228950; // Berlin +// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US +// $locid = 1486658; // Potsdam +// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden +// $locid = 2094781; // Mission Hills (Los Angeles), California, US +// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark +// $locid = 2257312; // Sydney, New South Wales, Australia +// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany +// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany +// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany +// $locid = 2102723; // Washington (District of Columbia, ..., US +// $locid = 2177566; // New York (Bronx), New York, United States +// $locid = 1486658; // Potsdam BLIT2011 +// $locid = 2237836; // Blacksburg (Montgomery), Virginia, United States +// $locid = 1161640; // Manchester, Manchester, United Kingdom + +// ATE Jena, DE, Mar 29 2012 +// $locid = 803095; // Jena, Thueringen, Germany +// $eventname = "ATE-Jena"; +// $city = "Mar 29, 2012"; + +// ATE Leipzig, DE, Apr 10 2012 + $locid = 1067965; // Leipzig, Sachsen, Germany + $eventname = "ATE-Leipzig"; + $city = "Apr 10, 2012"; + + + $query = "select * from `locations` where `id`='$locid'"; + $loc = mysql_fetch_assoc(mysql_query($query)); + + $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + + (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * + COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* + FROM `locations` + inner join `users` on `users`.`locid` = `locations`.`id` + inner join `alerts` on `users`.`id`=`alerts`.`memid` + inner join `notary` on `users`.`id`=`notary`.`to` + WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) + GROUP BY `users`.`id` + HAVING `distance` <= '$maxdist' + ORDER BY `distance` "; + echo $query; + + // comment next line when starting to send mail not only to me + // $query = "select * from `users` where `email` like 'cacerttest%'"; + + $res = mysql_query($query); + $xrows = mysql_num_rows($res); + + while($row = mysql_fetch_assoc($res)) + { + // uncomment next line to send mails ... + sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + } + // 1x cc to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + // 1x mailing report to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + + // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 + sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + echo "invitation sent to $xrows recipients.\n"; + +?> diff --git a/scripts/43de-ate-karlsruhe-email.txt b/scripts/43de-ate-karlsruhe-email.txt new file mode 100644 index 0000000..26af21c --- /dev/null +++ b/scripts/43de-ate-karlsruhe-email.txt @@ -0,0 +1,103 @@ +[Deutsch]
+
+Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher
+eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen.
+Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen:
+
+- Welcher Satz fehlt auf alten CAP Formularen?
+- Warum soll ich mir R/L/O einpraegen?
+- Wie verhaelst du dich, wenn du ein fremdes Ausweis Dokument das erste mal pruefst?
+
+Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs).
+
+Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung trainiert und auditiert, um die Qualitaet der Assurances in der taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, wie diese vermieden werden koennen.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers, and include parts which contribute directly to our audit. Come and find out how you can also contribute.
+
+Die kommende Veranstaltung in deiner Naehe findet statt am:
+
+- Dienstag, den 15. Mai 2012
+- in der Zeit von: 19:00 - ca. 22:00 Uhr
+- Raum: New York
+- im FZI Forschungszentrum Informatik
+- Haid-und-Neu-Str. 10-14
+- 76131 Karlsruhe
+
+Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
+Wiki [http://wiki.cacert.org/Events/2012-05-15ATE-Karlsruhe]
+Blog [http://blog.cacert.org/2012/04/559.html]
+
+Teilnehmer Registrierung mit Rueckantwort:
+ 'Ich moechte am ATE-Karlsruhe teilnehmen'
+
+Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
+
+Kontakt: events@cacert.org
+
+
+[French]
+
+Bon nombre de changements ont eu lieu au cours de la derniere annee au sein de CAcert. Beaucoup de regles "orales" ont ete transformees en reglements ("Policies"). De nouvelles procedures (par exemple le Challenge Assureur) et devoirs (par exemple le CAcert Community Agreement) ont ete activees. Les Assurer Training Events essaient de propager ces informations :
+
+- Que manque-t-il sur les "anciens" formulaires CAP ?
+- Pourquoi dois-je me souvenir de R/L/O ?
+- Que faire si une personne vous montre un document d'identite qui vous est inconnu ?
+
+Durant les Assurer Training Events (ATEs) vous recevrez les reponses a ces questions et a plein d'autres.
+
+De plus, les ATE vous permettent de vous entrainer a verifier les identites. Ceci sera audite afin de mesurer la qualite des assurances effectuees dans la routine quotidienne. On essaiera de vous induire en erreur. Vous aurez ainsi la possibilite de voir les problemes et d'apprendre a dejouer les pieges.
+
+Comme IanG l'a dit : il est fortement recommande aux assureurs de participer aux ATE. Le programmme contient des parties qui entrent directement en ligne de compte pour le succes de notre audit. Venez et decouvrez comment contribuer.
+
+Le prochain ATE qui aura lieu pres de chez vous sera :
+- Mardi le 15 mai 2012
+- de 19:00 a environ 22:00
+- Chambre: New York
+- dans le FZI Forschungszentrum Informatik
+- Haid-und-Neu-Str. 10-14
+- 76131 Karlsruhe
+
+NB : les exposes auront lieu en Allemand
+
+Plus de renseignements sur le lieu :
+Wiki [http://wiki.cacert.org/Events/2012-05-15ATE-Karlsruhe]
+Blog [http://blog.cacert.org/2012/04/559.html]
+
+Pour participer, repondez a ce courriel : 'Je viendrais au ATE-Karlsruhe'
+
+Le comite d'organisation se rejouit de votre venue.
+
+Contact: events@cacert.org
+
+[English]
+
+During the last year many changes took place inside CAcert. Many "oral" rules have been put into Policies. New procedures (e.g. Assurer Challenge) and obligations (e.g. CAcert Community Agreement) have been put into live. The Assurer Training Events (ATE) try to spread this information:
+
+- What is missing on the "old" CAP forms?
+- Why should I remember R/L/O?
+- What can you do if an Assuree shows an ID document unknown to you?
+
+These and more questions will be answered during the Assurer Training Events (ATEs)
+
+Furthermore, the ATE trains how to do assurances and audits assurances, to measure the quality of assurances in the daily routine. Here are some possible errors and pitfalls which need to be found. Assurers have the opportunity to see those errors and how to avoid them.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers and includes parts which contribute directly to our audit. Come and find out how you can also contribute.
+
+The next event held in your area will be:
+
+- Tuesday 15th Mai 2012
+- during 19:00 - ca. 22:00
+- Room: New York
+- in the FZI Forschungszentrum Informatik
+- Haid-und-Neu-Str. 10-14
+- 76131 Karlsruhe
+
+Details to the location can be found:
+Wiki [http://wiki.cacert.org/Events/2012-05-15ATE-Karlsruhe]
+Blog [http://blog.cacert.org/2012/04/559.html]
+
+User reply for registration: 'I will attend the ATE-Karlsruhe'
+
+The event team is looking forward for your attendance:
+
+Contact: events@cacert.org
diff --git a/scripts/43de-ate-karlsruhe-mail.php.txt b/scripts/43de-ate-karlsruhe-mail.php.txt new file mode 100644 index 0000000..afea2f2 --- /dev/null +++ b/scripts/43de-ate-karlsruhe-mail.php.txt @@ -0,0 +1,155 @@ +#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("43de-ate-karlsruhe-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 520340; // Duesseldorf
+// $locid = 1260319; // Muenchen
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+
+// Software Freedom Day 19. Sept 2009
+// $locid = 715191; // Hamburg
+
+// LISA2009 Baltimore, 1.11.2009
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $city = "Baltimore, MD - Nov. 3rd 2009";
+
+// OpenSourceTreffen-Muenchen, 20.11.2009
+// $locid = 1260319; // Muenchen
+// $city = "Muenchen - 20. Nov 2009";
+
+// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
+// $locid = 1486658; // Potsdam
+// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
+// $city = "Potsdam - 21. Nov 2009";
+
+// ATE-Goteborg, 16.12.2009
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $eventname = "ATE-Goteborg";
+// $city = "Goteborg - Dec 16th 2009";
+
+// Assurance Event Mission Hills CA, 15.01.2010
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $eventname = "Assurance Event";
+// $city = "Mission Hills CA - Jan 15th 2010";
+
+// Assurance Event OSD Copenhagen DK, 5.03.2010
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $eventname = "Assurance Event OpenSource-Days 2010";
+// $city = "Copenhagen DK - March 5th/6th 2010";
+
+// SCALE 8x Los Angeles, CA, Feb 19-21 2010
+// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
+// $eventname = "SCALE 8x 2010";
+// $city = "Los Angeles, CA - February 19-21 2010";
+
+// ATE Sydney, AU, Mar 24 2010
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $eventname = "ATE-Sydney";
+// $city = "March 24, 2010";
+
+// ATE Essen, DE, Sept 28 2010
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $eventname = "ATE-Essen";
+// $city = "September 28, 2010";
+
+// ATE Aachen, DE, Oct 4th 2010
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $eventname = "ATE-Aachen";
+// $city = "October 4th, 2010";
+
+// ATE Muenchen, DE, Apr 2nd 2011
+// $locid = 1260319; // Muenchen
+// $eventname = "ATE-Muenchen";
+// $city = "2. April, 2011";
+
+// ATE Bonn, DE, Jun 8th 2011
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $eventname = "ATE-Bonn";
+// $city = "8. Juni, 2011";
+
+// ATE Karlsruhe, DE, May 15th 2012
+ $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+ $eventname = "ATE-Karlsruhe";
+ $city = "15. May 2012";
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/44de-ate-duesseldorf-email.txt b/scripts/44de-ate-duesseldorf-email.txt new file mode 100644 index 0000000..b4b3708 --- /dev/null +++ b/scripts/44de-ate-duesseldorf-email.txt @@ -0,0 +1,104 @@ +[Deutsch] + +Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher +eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. +Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen: + +- Welcher Satz fehlt auf alten CAP Formularen? +- Warum soll ich mir R/L/O einpraegen? +- Wie verhaelst du dich, wenn du ein fremdes Ausweis Dokument das erste mal pruefst? + +Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs). + +Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung trainiert und auditiert, um die Qualitaet der Assurances in der taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, wie diese vermieden werden koennen. + +As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers, and include parts which contribute directly to our audit. Come and find out how you can also contribute. + +Die kommende Veranstaltung in deiner Naehe findet statt am: + +- Montag, den 09. Juli 2012 +- in der Zeit von: 19:00 - ca. 22:00 Uhr +- in der Heinrich-Heine-Universitaet Duesseldorf +- Raum: 25 +- Universitaetsstraße 1 +- 40225 Duesseldorf + + +Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im +Wiki [http://wiki.cacert.org/events/ATE-Duesseldorf] +Blog [http://blog.cacert.org/2012/06/559.html] + +Teilnehmer Registrierung mit Rueckantwort: + 'Ich moechte am ATE-Duesseldorf teilnehmen' + +Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme. + +Kontakt: events@cacert.org + + +[French] + +Bon nombre de changements ont eu lieu au cours de la derniere annee au sein de CAcert. Beaucoup de regles "orales" ont ete transformees en reglements ("Policies"). De nouvelles procedures (par exemple le Challenge Assureur) et devoirs (par exemple le CAcert Community Agreement) ont ete activees. Les Assurer Training Events essaient de propager ces informations : + +- Que manque-t-il sur les "anciens" formulaires CAP ? +- Pourquoi dois-je me souvenir de R/L/O ? +- Que faire si une personne vous montre un document d'identite qui vous est inconnu ? + +Durant les Assurer Training Events (ATEs) vous recevrez les reponses a ces questions et a plein d'autres. + +De plus, les ATE vous permettent de vous entrainer a verifier les identites. Ceci sera audite afin de mesurer la qualite des assurances effectuees dans la routine quotidienne. On essaiera de vous induire en erreur. Vous aurez ainsi la possibilite de voir les problemes et d'apprendre a dejouer les pieges. + +Comme IanG l'a dit : il est fortement recommande aux assureurs de participer aux ATE. Le programmme contient des parties qui entrent directement en ligne de compte pour le succes de notre audit. Venez et decouvrez comment contribuer. + +Le prochain ATE qui aura lieu pres de chez vous sera : +- Lundi le 09 juli 2012 +- de 19:00 a environ 22:00 +- dans Heinrich-Heine-Universitaet Duesseldorf +- Chambre: 25 +- Universitaetsstraße 1 +- 40225 Duesseldorf + +NB : les exposes auront lieu en Allemand + +Plus de renseignements sur le lieu : +Wiki [http://wiki.cacert.org/events/ATE-Duesseldorf] +Blog [http://blog.cacert.org/2012/06/566.html] + +Pour participer, repondez a ce courriel : 'Je viendrais au ATE-Karlsruhe' + +Le comite d'organisation se rejouit de votre venue. + +Contact: events@cacert.org + +[English] + +During the last year many changes took place inside CAcert. Many "oral" rules have been put into Policies. New procedures (e.g. Assurer Challenge) and obligations (e.g. CAcert Community Agreement) have been put into live. The Assurer Training Events (ATE) try to spread this information: + +- What is missing on the "old" CAP forms? +- Why should I remember R/L/O? +- What can you do if an Assuree shows an ID document unknown to you? + +These and more questions will be answered during the Assurer Training Events (ATEs) + +Furthermore, the ATE trains how to do assurances and audits assurances, to measure the quality of assurances in the daily routine. Here are some possible errors and pitfalls which need to be found. Assurers have the opportunity to see those errors and how to avoid them. + +As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers and includes parts which contribute directly to our audit. Come and find out how you can also contribute. + +The next event held in your area will be: + +- Monday 9th July 2012 +- during 19:00 - ca. 22:00 +- in the Heinrich-Heine-Universitaet Duesseldorf +- Room: 25 +- Universitaetsstraße 1 +- 40225 Duesseldorf + +Details to the location can be found: +Wiki [http://wiki.cacert.org/events/ATE-Duesseldorf] +Blog [http://blog.cacert.org/2012/06/566.html] + +User reply for registration: 'I will attend the ATE-Duesseldorf' + +The event team is looking forward for your attendance: + +Contact: events@cacert.org diff --git a/scripts/44de-ate-duesseldorf-mail.php.txt b/scripts/44de-ate-duesseldorf-mail.php.txt new file mode 100644 index 0000000..7b89e96 --- /dev/null +++ b/scripts/44de-ate-duesseldorf-mail.php.txt @@ -0,0 +1,160 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2009 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/mysql.php"); + + $lines = ""; + $fp = fopen("44de-ate-duesseldorf-email.txt", "r"); + while(!feof($fp)) + { + $line = trim(fgets($fp, 4096)); + $lines .= wordwrap($line, 75, "\n")."\n"; + } + fclose($fp); + + +// $locid = intval($_REQUEST['location']); +// $maxdist = intval($_REQUEST['maxdist']); +// maxdist in [Km] + $maxdist = 200; + + +// location location.ID +// verified: 29.4.09 u.schroeter +// $locid = 7902857; // Paris +// $locid = 238568; // Bielefeld +// $locid = 715191; // Hamburg +// $locid = 1102495; // London +// $locid = 520340; // Duesseldorf +// $locid = 1260319; // Muenchen +// $locid = 606058; // Frankfurt +// $locid = 1775784; // Stuttgart +// $locid = 228950; // Berlin +// $locid = 606058; // Frankfurt +// $locid = 599389; // Flensburg +// $locid = 61065; // Amsterdam, Eemnes +// $locid = 228950; // Berlin + +// Software Freedom Day 19. Sept 2009 +// $locid = 715191; // Hamburg + +// LISA2009 Baltimore, 1.11.2009 +// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States +// $city = "Baltimore, MD - Nov. 3rd 2009"; + +// OpenSourceTreffen-Muenchen, 20.11.2009 +// $locid = 1260319; // Muenchen +// $city = "Muenchen - 20. Nov 2009"; + +// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009 +// $locid = 1486658; // Potsdam +// $eventname = "Brandenburger Linux-Infotag (BLIT2009)"; +// $city = "Potsdam - 21. Nov 2009"; + +// ATE-Goteborg, 16.12.2009 +// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden +// $eventname = "ATE-Goteborg"; +// $city = "Goteborg - Dec 16th 2009"; + +// Assurance Event Mission Hills CA, 15.01.2010 +// $locid = 2094781; // Mission Hills (Los Angeles), California, United States +// $eventname = "Assurance Event"; +// $city = "Mission Hills CA - Jan 15th 2010"; + +// Assurance Event OSD Copenhagen DK, 5.03.2010 +// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark +// $eventname = "Assurance Event OpenSource-Days 2010"; +// $city = "Copenhagen DK - March 5th/6th 2010"; + +// SCALE 8x Los Angeles, CA, Feb 19-21 2010 +// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark +// $eventname = "SCALE 8x 2010"; +// $city = "Los Angeles, CA - February 19-21 2010"; + +// ATE Sydney, AU, Mar 24 2010 +// $locid = 2257312; // Sydney, New South Wales, Australia +// $eventname = "ATE-Sydney"; +// $city = "March 24, 2010"; + +// ATE Essen, DE, Sept 28 2010 +// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany +// $eventname = "ATE-Essen"; +// $city = "September 28, 2010"; + +// ATE Aachen, DE, Oct 4th 2010 +// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany +// $eventname = "ATE-Aachen"; +// $city = "October 4th, 2010"; + +// ATE Muenchen, DE, Apr 2nd 2011 +// $locid = 1260319; // Muenchen +// $eventname = "ATE-Muenchen"; +// $city = "2. April, 2011"; + +// ATE Bonn, DE, Jun 8th 2011 +// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany +// $eventname = "ATE-Bonn"; +// $city = "8. Juni, 2011"; + +// ATE Karlsruhe, DE, May 15th 2012 +// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany +// $eventname = "ATE-Karlsruhe"; +// $city = "15. May 2012"; + +// ATE Duesseldorf, DE, May 15th 2012 + $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany + $eventname = "ATE-Duesseldorf"; + $city = "09. July 2012"; + + $query = "select * from `locations` where `id`='$locid'"; + $loc = mysql_fetch_assoc(mysql_query($query)); + + $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + + (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * + COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* + FROM `locations` + inner join `users` on `users`.`locid` = `locations`.`id` + inner join `alerts` on `users`.`id`=`alerts`.`memid` + inner join `notary` on `users`.`id`=`notary`.`to` + WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) + GROUP BY `users`.`id` + HAVING `distance` <= '$maxdist' + ORDER BY `distance` "; + echo $query; + + // comment next line when starting to send mail not only to me + // $query = "select * from `users` where `email` like 'cacerttest%'"; + + $res = mysql_query($query); + $xrows = mysql_num_rows($res); + + while($row = mysql_fetch_assoc($res)) + { + // uncomment next line to send mails ... + sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + } + // 1x cc to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + // 1x mailing report to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + + // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 + sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + echo "invitation sent to $xrows recipients.\n"; + +?> diff --git a/scripts/45au-ate-melbourne-email.txt b/scripts/45au-ate-melbourne-email.txt new file mode 100644 index 0000000..aa46112 --- /dev/null +++ b/scripts/45au-ate-melbourne-email.txt @@ -0,0 +1,32 @@ + + +During the last years many changes took place inside CAcert. Many "oral" rules have been put into Policies. New procedures (e.g. Assurer Challenge) and obligations (e.g. CAcert Community Agreement) have been put into live. The Assurer Training Events (ATE) try to spread this information: + +- What is missing on the "old" CAP forms? +- Why should I remember R/L/O? +- What can you do if an Assuree shows an ID document unknown to you? + +These and more questions will be answered during the Assurer Training Events (ATEs) + +Furthermore, the ATE trains how to do assurances and audits assurances, to measure the quality of assurances in the daily routine. Here are some possible errors and pitfalls which need to be found. Assurers have the opportunity to see those errors and how to avoid them. + +As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers and includes parts which contribute directly to our audit. Come and find out how you can also contribute. + +The next event held in your area will be: + +- Saturday 28th July 2012 +- starting around 05:00 pm +- Urban Camp + Brens Drive + Parkville + Victoria 3052 + +Details to the location and time can be found: +Wiki [http://wiki.cacert.org/events/20120728_ATE-Melbourne] +Blog [http://blog.cacert.org/2012/07/571.html] + +User reply for registration: 'I will attend the ATE-Melbourne' + +The event team is looking forward for your attendance: + +Contact: events@cacert.org diff --git a/scripts/45au-ate-melbourne-mail.php.txt b/scripts/45au-ate-melbourne-mail.php.txt new file mode 100644 index 0000000..5161e97 --- /dev/null +++ b/scripts/45au-ate-melbourne-mail.php.txt @@ -0,0 +1,106 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2009 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/mysql.php"); + + $lines = ""; + $fp = fopen("45au-ate-melbourne-email.txt", "r"); + while(!feof($fp)) + { + $line = trim(fgets($fp, 4096)); + $lines .= wordwrap($line, 75, "\n")."\n"; + } + fclose($fp); + + +// $locid = intval($_REQUEST['location']); +// $maxdist = intval($_REQUEST['maxdist']); +// maxdist in [Km] + $maxdist = 200; + + +// location location.ID +// verified: 29.4.09 u.schroeter +// $locid = 7902857; // Paris +// $locid = 238568; // Bielefeld +// $locid = 715191; // Hamburg +// $locid = 1102495; // London +// $locid = 606058; // Frankfurt +// $locid = 1775784; // Stuttgart +// $locid = 228950; // Berlin +// $locid = 606058; // Frankfurt +// $locid = 599389; // Flensburg +// $locid = 61065; // Amsterdam, Eemnes +// $locid = 228950; // Berlin +// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States +// $locid = 1486658; // Potsdam +// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden +// $locid = 2094781; // Mission Hills (Los Angeles), California, United States +// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark +// $locid = 2093625; // Los Angeles, CA ??? +// $locid = 2094326 // Los Angeles (Los Angeles), California, United States +// $locid = 2257312; // Sydney, New South Wales, Australia +// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany +// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany +// $locid = 1260319; // Muenchen +// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany +// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany +// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany + +// ATE Melbourne, AU, July 28th 2012 + $locid = 2262656; // Melbourne, Victoria, Australia + $eventname = "ATE-Melbourne"; + $city = "28th July 2012"; + + $query = "select * from `locations` where `id`='$locid'"; + $loc = mysql_fetch_assoc(mysql_query($query)); + + $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + + (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * + COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* + FROM `locations` + inner join `users` on `users`.`locid` = `locations`.`id` + inner join `alerts` on `users`.`id`=`alerts`.`memid` + inner join `notary` on `users`.`id`=`notary`.`to` + WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) + GROUP BY `users`.`id` + HAVING `distance` <= '$maxdist' + ORDER BY `distance` "; + echo $query; + + // comment next line when starting to send mail not only to me + // $query = "select * from `users` where `email` like 'cacerttest%'"; + + $res = mysql_query($query); + $xrows = mysql_num_rows($res); + + while($row = mysql_fetch_assoc($res)) + { + // uncomment next line to send mails ... + sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + } + // 1x cc to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + // 1x mailing report to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + + // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 + sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + echo "invitation sent to $xrows recipients.\n"; + +?> diff --git a/scripts/46us-ate-raleigh-email.txt b/scripts/46us-ate-raleigh-email.txt new file mode 100644 index 0000000..c263db5 --- /dev/null +++ b/scripts/46us-ate-raleigh-email.txt @@ -0,0 +1,41 @@ +
+
+During the last years many changes took place inside CAcert. Many "oral"
+rules have been put into Policies. New procedures (e.g. Assurer Challenge)
+and obligations (e.g. CAcert Community Agreement) have been put into live.
+The Assurer Training Events (ATE) try to spread this information:
+
+- What is missing on the "old" CAP forms?
+- Why should I remember R/L/O?
+- What can you do if an Assuree shows an ID document unknown to you?
+
+These and more questions will be answered during the Assurer Training
+Events (ATEs)
+
+Furthermore, the ATE trains how to do assurances and audits assurances, to
+measure the quality of assurances in the daily routine. Here are some
+possible errors and pitfalls which need to be found. Assurers have the
+opportunity to see those errors and how to avoid them.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers and includes parts which contribute directly
+to our audit. Come and find out how you can also contribute.
+
+The next event held in your area will be:
+
+- Saturday 11th August 2012
+- 10:00-13:00
+- Splat Space - Durham's Hackerspace
+ 331 W. Main St - Basement
+ Durham, NC
+
+
+Details to the location and time can be found:
+Wiki [http://wiki.cacert.org/events/ATE-Raleigh]
+Blog [http://blog.cacert.org/2012/07/572.html]
+
+User reply for registration: 'I will attend the ATE-Raleigh'
+
+The event team is looking forward for your attendance:
+
+Contact: events@cacert.org
diff --git a/scripts/46us-ate-raleigh-mail.php.txt b/scripts/46us-ate-raleigh-mail.php.txt new file mode 100644 index 0000000..0c55567 --- /dev/null +++ b/scripts/46us-ate-raleigh-mail.php.txt @@ -0,0 +1,112 @@ +#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("46us-ate-raleigh-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+
+// ATE Melbourne, AU, July 28th 2012
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $eventname = "ATE-Melbourne";
+// $city = "28th July 2012";
+
+// ATE Raleigh, US, August 11th 2012
+ $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+ $eventname = "ATE-Raleigh";
+ $city = "11th August 2012";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/cron/permissionreview.php b/scripts/cron/permissionreview.php index 572c1fd..0f2fc2e 100755 --- a/scripts/cron/permissionreview.php +++ b/scripts/cron/permissionreview.php @@ -21,19 +21,71 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA require_once(dirname(__FILE__).'/../../includes/mysql.php'); $BOARD_PRIVATE = 'cacert-board-private@lists.cacert.org'; +$ASSURANCE_OFFICER = 'ao@cacert.org'; +$ORGANISATION_ASSURANCE_OFFICER = 'oao@cacert.org'; + +//defines to whom to send the lists $flags = array( - 'admin' => 'Support Engineer', - 'orgadmin' => 'Organisation Assurer', - 'board' => 'Board Member', - 'ttpadmin' => 'Trusted Third Party Admin', - 'tverify' => 'Tverify Admin', - 'locadmin' => 'Location Admin' + 'admin' => array( + 'name' => 'Support Engineer', + 'own' => false, //Don't send twice + 'board' => true, + 'support' => true, + 'ao' => false, + 'oao' => false + ), + + 'orgadmin' => array( + 'name' => 'Organisation Assurer', + 'own' => true, + 'board' => true, + 'support' => true, + 'ao' => true, + 'oao' => true + ), + + 'board' => array( + 'name' => 'Board Member', + 'own' => false, + 'board' => true, + 'support' => true, + 'ao' => true, + 'oao' => false + ), + + 'ttpadmin' => array( + 'name' => 'Trusted Third Party Admin', + 'own' => true, + 'board' => true, + 'support' => true, + 'ao' => true, + 'oao' => true + ), + + 'tverify' => array( + 'name' => 'Tverify Admin', + 'own' => false, + 'board' => true, + 'support' => true, + 'ao' => true, + 'oao' => false + ), + + 'locadmin' => array( + 'name' => 'Location Admin', + 'own' => false, + 'board' => true, + 'support' => true, + 'ao' => false, + 'oao' => false + ), ); -$adminlist = array(); -foreach ($flags as $flag => $description) { +// Build up list of various admins +$adminlist = array(); +foreach ($flags as $flag => $flag_properties) { $query = "select `fname`, `lname`, `email` from `users` where `$flag` = 1"; if(! $res = mysql_query($query) ) { fwrite(STDERR, @@ -45,52 +97,64 @@ foreach ($flags as $flag => $description) { continue; } - $admins = array(); - $adminlist[$flag] = ""; + $adminlist[$flag] = array(); while ($row = mysql_fetch_assoc($res)) { - $admins[] = $row; - $adminlist[$flag] .= "$row[fname] $row[lname] $row[email]\n"; + $adminlist[$flag][] = $row; } - foreach ($admins as $admin) { - $message = <<<EOF + + // Send mail to admins of this group if 'own' is set + if ($flag_properties['own']) { + foreach ($adminlist[$flag] as $admin) { + $message = <<<EOF Hello $admin[fname], -you get this message, because you are listed as $description on +you get this message, because you are listed as $flag_properties[name] on CAcert.org. Please review the following list of persons with the same privilege and report to the responsible team leader or board ($BOARD_PRIVATE) if you spot any errors. -$adminlist[$flag] + +EOF; + + foreach ($adminlist[$flag] as $colleague) { + $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n"; + } + + $message .= <<<EOF Best Regards, CAcert Support EOF; - sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org'); + + sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org'); + } } } +// Send to support engineers $message = <<<EOF -Dear Board Members, +Dear Support Engineers, it's time for the permission review again. Here is the list of privileged users -in the CAcert web application. Please review them and also ask the persons -responsible for an up-to-date copy of access lists not directly recorded in the -web application (critical admins, software assessors etc.) +in the CAcert web application. Please review them. EOF; -foreach ($flags as $flag => $description) { - $message .= <<<EOF -List of ${description}s: -$adminlist[$flag] - -EOF; +foreach ($flags as $flag => $flag_properties) { + if ($flag_properties['support']) { + $message .= "List of $flag_properties[name]s:\n\n"; + foreach ($adminlist[$flag] as $colleague) { + $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n"; + } + + $message .= "\n\n"; + } } $message .= <<<EOF @@ -99,4 +163,55 @@ Best Regards, CAcert Support EOF; -sendmail($BOARD_PRIVATE, "Permissions Review", $message, 'support@cacert.org'); +foreach ($adminlist['admin'] as $support_engineer) { + sendmail( + $support_engineer['email'], + "Permissions Review", + $message, + 'support@cacert.org'); +} + + +// Send to one-email addresses +foreach (array( + 'ao' => array( + 'description' => 'Assurance Officer', + 'email' => $ASSURANCE_OFFICER), + 'oao' => array( + 'description' => 'Organisation Assurance Officer', + 'email' => $ORGANISATION_ASSURANCE_OFFICER), + 'board' => array( + 'description' => 'Board Members', + 'email' => $BOARD_PRIVATE) + ) as $key => $values) { + $message = <<<EOF +Dear $values[description], + +it's time for the permission review again. Here is the list of privileged users +in the CAcert web application. Please review them and also ask the persons +responsible for an up-to-date copy of access lists not directly recorded in the +web application (critical admins, software assessors etc.) + + + +EOF; + + foreach ($flags as $flag => $flag_properties) { + if ($flag_properties[$key]) { + $message .= "List of $flag_properties[name]s:\n\n"; + foreach ($adminlist[$flag] as $colleague) { + $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n"; + } + $message .= "\n\n"; + } + } + + $message .= <<<EOF + + +Best Regards, +CAcert Support +EOF; + + sendmail($values['email'], "Permissions Review", $message, 'support@cacert.org'); +} diff --git a/scripts/cron/updatesort.php b/scripts/cron/updatesort.php index 498eda2..051b179 100755 --- a/scripts/cron/updatesort.php +++ b/scripts/cron/updatesort.php @@ -17,55 +17,14 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ require_once(dirname(__FILE__).'/../../includes/mysql.php'); + require_once(dirname(__FILE__).'/../../includes/lib/account.php'); - - /* Set assurer flag for accounts who miss it - - See also includes/lib/account.php, function fix_assurer_flag($userID) - - We may have some performance problems here, there are 150k assurances and 220k users - in the production database. The exists-clause on cats_passed should be a good filter... */ - - /* Synchronisation of assurer flag currently deactivated, see https://bugs.cacert.org/view.php?id=1003 - and https://bugs.cacert.org/view.php?id=1024 */ -/* - $query = "select `n`.`to` as `uid` from `notary` as `n`, `users` as `u` ". - " where `n`.`to`=`u`.`id` and `u`.`assurer`<>'1' ". - " and (`n`.`expire` > now() OR `n`.`expire` IS NULL) ". - " and exists(select 1 from `cats_passed` as `cp`, `cats_variant` as `cv` ". - " where `cp`.`variant_id`=`cv`.`id` and `cv`.`type_id` = 1 and `cp`.`user_id`=`n`.`to`)". - " group by `n`.`to` having sum(`n`.`points`)>=100"; - - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { - $query = "update users set `assurer`='1' where `id`='${row['uid']}'"; - //echo $query."\n"; - mysql_query($query); + // Recalculate assurer flag for all accounts + if (!fix_assurer_flag()) { + fwrite(STDERR, "ERROR on fixing the assurer flag. Continuing anyway"); } -*/ - /* Remove assurer flag from accounts not eligible. - - Also a bit performance critical, but assurer flag is only set at 5k accounts - */ - /* Synchronisation of assurer flag currently deactivated, see https://bugs.cacert.org/view.php?id=1003 - and https://bugs.cacert.org/view.php?id=1024 */ -/* - $query = "select `u`.id as `uid` from `users` as `u` " . - " where `u`.`assurer` = '1' ". - " and (not exists(select 1 from `cats_passed` as `cp`, `cats_variant` as `cv` ". - " where `cp`.`variant_id`=`cv`.`id` and `cv`.`type_id` = 1 and `cp`.`user_id`=`u`.`id`) ". - " or (select sum(`n`.`points`) from `notary` as `n` where `n`.`to`=`u`.`id` and (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100) "; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { - $query = "update users set `assurer`='0' where `id`='${row['uid']}'"; - //echo $query."\n"; - mysql_query($query); - } -*/ mysql_query("update `locations` set `acount`=0"); $query = "SELECT `users`.`locid` AS `locid`, count(*) AS `total` FROM `users` diff --git a/scripts/resetpermissions.php b/scripts/resetpermissions.php new file mode 100644 index 0000000..0bfdaa3 --- /dev/null +++ b/scripts/resetpermissions.php @@ -0,0 +1,71 @@ +#!/usr/bin/php -q +<?php +/* +LibreSSL - CAcert web application +Copyright (C) 2004-2012 CAcert Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +require_once(dirname(__FILE__).'/../includes/mysql.php'); + +$flags = array('board', 'tverify'); + +foreach ($flags as $flag) { + echo "Resetting $flag flag:\n"; + $query = "select `id`, `fname`, `lname`, `email` from `users` + where `$flag` = 1"; + if(! $res = mysql_query($query) ) { + fwrite(STDERR, + "MySQL query for flag $flag failed:\n". + "\"$query\"\n". + mysql_error() + ); + + continue; + } + + while ($row = mysql_fetch_assoc($res)) { + echo "$row[fname] $row[lname] $row[email]"; + + $update = "update `users` set `$flag` = 0 where `id` = $row[id]"; + if(! $res2 = mysql_query($update) ) { + echo " NOT RESET!!!\n"; + fwrite(STDERR, + "MySQL query for $flag flag reset on user $row[id] failed:\n". + "\"$update\"\n". + mysql_error() + ); + + } else { + + $message = <<<EOF +Hi $row[fname], + +As per Arbitration a20110118.1 [1] the $flag permission has been removed +from your account. + +[1] https://wiki.cacert.org/Arbitrations/a20110118.1 + +Best Regards, +CAcert Support +EOF; + sendmail($row['email'], "Permissions have been reset", $message, 'support@cacert.org'); + + echo " reset.\n"; + } + } + + echo "\n\n"; +}
\ No newline at end of file diff --git a/www/account.php b/www/account.php index d1dd695..0b32c2c 100644 --- a/www/account.php +++ b/www/account.php @@ -47,7 +47,7 @@ $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message; - sendmail("cacert-support@lists.cacert.org, $email", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert Website"); + sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert Website"); showheader(_("Welcome to CAcert.org")); echo _("Your message has been sent to the general support list."); diff --git a/www/advertising.php b/www/advertising.php index e987461..43e4f93 100644 --- a/www/advertising.php +++ b/www/advertising.php @@ -47,7 +47,7 @@ if($months < 1 || $months > 12) { $id = 1; - $errmsg .= _("You can only place an advertisement for up to 12 months.<br />"); + $errmsg .= _("You can only place an advertisement for up to 12 months.")."<br />"; $process=""; $oldid=0; } @@ -55,7 +55,7 @@ if(strlen($title) <= 5) { $id = 1; - $errmsg .= _("Link title was too short.<br />"); + $errmsg .= _("Link title was too short.")."<br />"; $process=""; $oldid=0; } @@ -63,7 +63,7 @@ if(strlen($link) <= 10) { $id = 1; - $errmsg .= _("Link URI was too short.<br />"); + $errmsg .= _("Link URI was too short.")."<br />"; $process=""; $oldid=0; } diff --git a/www/api/ccsr.php b/www/api/ccsr.php index a4ec71e..7efdf8d 100644 --- a/www/api/ccsr.php +++ b/www/api/ccsr.php @@ -15,6 +15,9 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ + +require_once '../../includes/lib/check_weak_key.php'; + $username = mysql_real_escape_string($_REQUEST['username']); $password = mysql_real_escape_string($_REQUEST['password']); diff --git a/www/cats/cats_import.php b/www/cats/cats_import.php index 56dd0cf..feb92d4 100644 --- a/www/cats/cats_import.php +++ b/www/cats/cats_import.php @@ -31,8 +31,8 @@ function sanitize_string($buffer) { } define ('UNDEFINED', 'nd'); -define ('ALLOWED_IP', '213.154.225.228'); -define ('ALLOWED_IP2', '193.238.157.112'); +define ('ALLOWED_IP', '213.154.225.243'); +define ('ALLOWED_IP2', '172.16.2.27'); define ('CONFIG_FILEPATH', '/www/'); $remote_addr = (isset($_SERVER['REMOTE_ADDR']))?$_SERVER['REMOTE_ADDR']:UNDEFINED; diff --git a/www/policy/CertificationPracticeStatement.php b/www/policy/CertificationPracticeStatement.php index e17056b..b18273c 100644 --- a/www/policy/CertificationPracticeStatement.php +++ b/www/policy/CertificationPracticeStatement.php @@ -69,7 +69,7 @@ a:hover { <a href="PolicyOnPolicy.html"><img src="cacert-draft.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br /> Creation date: 20060726<br /> Status: DRAFT p20091108<br /> -<!-- $Id: CertificationPracticeStatement.php,v 1.2 2011-07-27 10:41:01 wytze Exp $ --> +<!-- $Id: CertificationPracticeStatement.php,v 1.3 2012-07-27 16:00:29 wytze Exp $ --> <font size="-1"> @@ -3203,54 +3203,50 @@ The form of the PGP signatures depends on several factors, therefore no stipulat <h4><a name="p7.1.2" id="p7.1.2">7.1.2. Certificate extensions</a></h4> <p> -Client certificates include the following extensions:. + Client certificates include the following extensions: </p> -<ul><li> - basicConstraints=CA:FALSE (critical) - </li><li> - keyUsage=digitalSignature,keyEncipherment,cRLSign - </li><li> - </li><li> - extendedKeyUsage=emailProtection,clientAuth,serverAuth,msEFS,msSGC,nsSGC - </li><li> - authorityInfoAccess = OCSP;URI:http://ocsp.cacert.org - </li><li> - subjectAltName=(as per <a href="#p3.1.1">§3.1.1.</a>). -</li></ul> +<ul> + <li>basicConstraints=CA:FALSE (critical)</li> + <li>keyUsage=digitalSignature,keyEncipherment,keyAgreement (critical)</li> + <li>extendedKeyUsage=emailProtection,clientAuth,msEFS,msSGC,nsSGC</li> + <li>authorityInfoAccess = OCSP;URI:http://ocsp.cacert.org</li> + <li>crlDistributionPoints=URI:<crlUri> where <crlUri> is replaced + with the URI where the certificate revocation list relating to the + certificate is found</li> + <li>subjectAltName=(as per <a href="#p3.1.1">§3.1.1.</a>).</li> +</ul> <ul class="q"> <li> what about Client Certificates Adobe Signing extensions ?</li> <li> SubjectAltName should become critical if DN is removed http://tools.ietf.org/html/rfc5280#section-4.2.1.6</li> </ul> - <p> -Server certificates include the following extensions: + Server certificates include the following extensions: </p> -<ul><li> - basicConstraints=CA:FALSE (critical) - </li><li> - keyUsage=digitalSignature,keyEncipherment - </li><li> - extendedKeyUsage=clientAuth,serverAuth,nsSGC,msSGC - </li><li> - authorityInfoAccess = OCSP;URI:http://ocsp.cacert.org - </li><li> - subjectAltName=(as per <a href="#p3.1.1">§3.1.1.</a>). -</li></ul> +<ul> + <li>basicConstraints=CA:FALSE (critical)</li> + <li>keyUsage=digitalSignature,keyEncipherment,keyAgreement (critical)</li> + <li>extendedKeyUsage=clientAuth,serverAuth,nsSGC,msSGC</li> + <li>authorityInfoAccess = OCSP;URI:http://ocsp.cacert.org</li> + <li>crlDistributionPoints=URI:<crlUri> where <crlUri> is replaced + with the URI where the certificate revocation list relating to the + certificate is found</li> + <li>subjectAltName=(as per <a href="#p3.1.1">§3.1.1.</a>).</li> +</ul> <p> -Code-Signing certificates include the following extensions: + Code-Signing certificates include the following extensions: </p> - -<ul><li> - basicConstraints=CA:FALSE (critical) - </li><li> - keyUsage=digitalSignature,keyEncipherment - </li><li> - extendedKeyUsage=emailProtection,clientAuth,codeSigning,msCodeInd,msCodeCom,msEFS,msSGC,nsSGC - </li><li> - authorityInfoAccess = OCSP;URI:http://ocsp.cacert.org -</li></ul> +<ul> + <li>basicConstraints=CA:FALSE (critical)</li> + <li>keyUsage=digitalSignature,keyEncipherment,keyAgreement (critical)</li> + <li>extendedKeyUsage=emailProtection,clientAuth,codeSigning,msCodeInd,msCodeCom,msEFS,msSGC,nsSGC</li> + <li>authorityInfoAccess = OCSP;URI:http://ocsp.cacert.org</li> + <li>crlDistributionPoints=URI:<crlUri> where <crlUri> is replaced + with the URI where the certificate revocation list relating to the + certificate is found</li> + <li>subjectAltName=(as per <a href="#p3.1.1">§3.1.1.</a>).</li> +</ul> <ul class="q"> <li> what about subjectAltName for Code-signing</li> </ul> diff --git a/www/wot.php b/www/wot.php index 66bf7cb..2878534 100644 --- a/www/wot.php +++ b/www/wot.php @@ -442,9 +442,44 @@ $iecho= "c"; where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); if($points > 0) { - sendmail($user['email'], "[CAcert.org] ".$_REQUEST['subject'], $_REQUEST['message'], - $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']); - show_page("ContactAssurer",_("Your email has been sent to")." ".$user['fname'].".<br />[ <a href='javascript:history.go(-2)'>"._("Go Back")."</a> ]",""); + $my_translation = L10n::get_translation(); + L10n::set_translation($user['language']); + + $subject = "[CAcert.org] ".sprintf(_("Message from %s"), + $_SESSION['profile']['fname']); + + $body = sprintf(_("Hi %s,"), $user['fname'])."\n\n"; + $body .= sprintf(_("%s %s has sent you a message via the ". + "contact an Assurer form on CAcert.org."), + $_SESSION['profile']['fname'], + $_SESSION['profile']['lname'])."\n\n"; + $body .= sprintf(_("Subject: %s"), $_REQUEST['subject'])."\n"; + $body .= _("Message:")."\n"; + $body .= $_REQUEST['message']."\n\n"; + $body .= "------------------------------------------------\n\n"; + $body .= _("Please note, that this is NOT a message on behalf ". + "of CAcert but another CAcert community member. If ". + "you suspect that the contact form might have been ". + "abused, please write to support@cacert.org")."\n\n"; + $body .= _("Best regards")."\n"; + $body .= _("Your CAcert Community"); + + sendmail($user['email'], $subject, $body, + $_SESSION['profile']['email'], //from + "", //replyto + "", //toname + $_SESSION['profile']['fname']." ". + $_SESSION['profile']['lname']); //fromname + + L10n::set_translation($my_translation); + + showheader(_("My CAcert.org Account!"));?> + <p> + <? printf(_("Your email has been sent to %s."), $user['fname']); ?> + </p> + <p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p> + <? + showfooter(); exit; } else { show_page(0,"",_("Sorry, I was unable to locate that user.")); |