diff options
36 files changed, 912 insertions, 366 deletions
diff --git a/includes/account.php b/includes/account.php index 14702b9..24c61d8 100644 --- a/includes/account.php +++ b/includes/account.php @@ -1290,6 +1290,8 @@ showheader(_("My CAcert.org Account!")); if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2']) { + echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"), + '</h3>', "\n"; echo _("New Pass Phrases specified don't match or were blank."); } else { $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'], @@ -1306,14 +1308,21 @@ } if(strlen($_SESSION['_config']['user']['pword1']) < 6) { + echo '<h3 style="color:red">', + _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; echo _("The Pass Phrase you submitted was too short."); } else if($score < 3) { + echo '<h3 style="color:red">', + _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score); } else if($rc <= 0) { + echo '<h3 style="color:red">', + _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; echo _("You failed to correctly enter your current Pass Phrase."); } else { mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."') where `id`='".$_SESSION['profile']['id']."'"); + echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n"; echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change."); $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n"; $body .= _("You are receiving this email because you or someone else")."\n"; diff --git a/includes/general.php b/includes/general.php index cb17e63..ebdf20e 100644 --- a/includes/general.php +++ b/includes/general.php @@ -38,6 +38,7 @@ $_SESSION['_config']['filepath'] = "/www"; require_once($_SESSION['_config']['filepath']."/includes/mysql.php"); + require_once($_SESSION['_config']['filepath'].'/includes/lib/account.php'); if(array_key_exists('HTTP_HOST',$_SERVER) && $_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] && @@ -847,19 +848,6 @@ $text=preg_replace("/[^\w-.@]/","",$text); return($text); } - - function fix_assurer_flag($userID) - { - // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)? - $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID). - '\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'. - ' AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100'); // Challenge has been passed and non-expired points >= 100 - - // Reset flag if requirements are not met - $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE `u`.`id` = \''.(int)intval($userID). - '\' AND (NOT EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'. - ' OR (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `n`.`expire` < now()) < 100)'); - } // returns 0 if $userID is an Assurer // Otherwise : diff --git a/includes/lib/account.php b/includes/lib/account.php new file mode 100644 index 0000000..f7a24fa --- /dev/null +++ b/includes/lib/account.php @@ -0,0 +1,51 @@ +<?php +/* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +function fix_assurer_flag($userID) +{ + // Update Assurer-Flag on users table if 100 points. + // Should the number of points be SUM(points) or SUM(awarded)? + $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE '. + '`u`.`id` = \''.(int)intval($userID).'\' AND '. + 'EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv` '. + 'WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND '. + '`cp`.`user_id` = `u`.`id`) AND '. + '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '. + 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) >= 100'); + // Challenge has been passed and non-expired points >= 100 + + if (!$query) { + return false; + } + + // Reset flag if requirements are not met + $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE '. + '`u`.`id` = \''.(int)intval($userID).'\' AND '. + '(NOT EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS '. + '`cv` WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 '. + 'AND `cp`.`user_id` = `u`.`id`) OR '. + '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '. + 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100)'); + + if (!$query) { + return false; + } + + return true; +}
\ No newline at end of file diff --git a/includes/lib/general.php b/includes/lib/general.php new file mode 100644 index 0000000..25d2561 --- /dev/null +++ b/includes/lib/general.php @@ -0,0 +1,50 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +/** + * Checks if the user may log in and retrieve the user id + * + * Usually called with $_SERVER['SSL_CLIENT_M_SERIAL'] and + * $_SERVER['SSL_CLIENT_I_DN_CN'] + * + * @param $serial string + * usually $_SERVER['SSL_CLIENT_M_SERIAL'] + * @param $issuer_cn string + * usually $_SERVER['SSL_CLIENT_I_DN_CN'] + * @return int + * the user id, -1 in case of error + */ +function get_user_id_from_cert($serial, $issuer_cn) +{ + $query = "select `memid` from `emailcerts` where + `serial`='".mysql_escape_string($serial)."' and + `rootcert`= (select `id` from `root_certs` where + `Cert_Text`='".mysql_escape_string($issuer_cn)."') and + `revoked`=0 and disablelogin=0 and + UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + $row = mysql_fetch_assoc($res); + return intval($row['memid']); + } + + return -1; +} + +?> diff --git a/includes/loggedin.php b/includes/loggedin.php index 355527f..bf6b455 100644 --- a/includes/loggedin.php +++ b/includes/loggedin.php @@ -16,6 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ + include_once("../includes/lib/general.php"); if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0) { @@ -41,14 +42,11 @@ if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0)) { - $query = "select * from `emailcerts` where `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and `revoked`=0 and disablelogin=0 and - UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0"; - $res = mysql_query($query); + $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'], + $_SERVER['SSL_CLIENT_I_DN_CN']); - if(mysql_num_rows($res) > 0) + if($user_id >= 0) { - $row = mysql_fetch_assoc($res); - $_SESSION['profile']['loggedin'] = 0; $_SESSION['profile'] = ""; foreach($_SESSION as $key) @@ -61,7 +59,8 @@ session_unregister($key); } - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['memid']."'")); + $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( + "select * from `users` where `id`='".$user_id."'")); if($_SESSION['profile']['locked'] == 0) $_SESSION['profile']['loggedin'] = 1; else @@ -131,13 +130,12 @@ $normalhost=$_SESSION['_config']['normalhostname']; $_SESSION['profile']['loggedin'] = 0; $_SESSION['profile'] = ""; - foreach($_SESSION as $key) + foreach($_SESSION as $key => $value) { unset($_SESSION[$key]); unset($$key); session_unregister($key); } - unset($_SESSION); header("location: https://".$normalhost."/index.php"); exit; diff --git a/includes/wot.inc.php b/includes/wot.inc.php index ce35ed6..884b97f 100644 --- a/includes/wot.inc.php +++ b/includes/wot.inc.php @@ -14,7 +14,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ +*/ function query_init ($query) { @@ -35,7 +35,7 @@ function get_number_of_assurances ($userid) { $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `notary`.`from` != `notary`.`to` AND `notary`.`from`='".intval($userid)."'"); + WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' "); $row = query_getnextrow($res); return intval($row['list']); @@ -44,7 +44,7 @@ function get_number_of_assurees ($userid) { $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `notary`.`from` != `notary`.`to` AND `notary`.`to`='".intval($userid)."'"); + WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' "); $row = query_getnextrow($res); return intval($row['list']); @@ -52,39 +52,41 @@ function get_top_assurer_position ($no_of_assurances) { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - GROUP BY `notary`.`from` HAVING count(*) > '".intval($no_of_assurances)."'"); + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `method` = 'Face to Face Meeting' + GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'"); return intval(query_get_number_of_rows($res)+1); } function get_top_assuree_position ($no_of_assurees) { $res = query_init ("SELECT count(*) AS `list` FROM `notary` - GROUP BY `notary`.`to` HAVING count(*) > '".intval($no_of_assurees)."'"); + WHERE `method` = 'Face to Face Meeting' + GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'"); return intval(query_get_number_of_rows($res)+1); } function get_given_assurances ($userid) { - $res = query_init ("select * from `notary` where `notary`.`from`='".intval($userid)."' and `notary`.`from` != `to` order by `notary`.`id` asc"); + $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc"); return $res; } function get_received_assurances ($userid) { - $res = query_init ("select * from `notary` where `notary`.`to`='".intval($userid)."' and `notary`.`from` != `notary`.`to` order by `notary`.`id` asc "); + $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc "); return $res; } function get_given_assurances_summary ($userid) { - $res = query_init ("select count(*) as number,points,awarded,method from notary where `notary`.`from`='".intval($userid)."' group by points,awarded,method"); + $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method"); return $res; } - + function get_received_assurances_summary ($userid) { - $res = query_init ("select count(*) as number,points,awarded,method from notary where `notary`.`to`='".intval($userid)."' group by points,awarded,method"); + $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method"); return $res; } @@ -104,14 +106,17 @@ function calc_experience ($row,&$points,&$experience,&$sum_experience) { - $points += $row['awarded']; + $apoints = max($row['points'], $row['awarded']); + + $points += $apoints; + $experience = " "; if ($row['method'] == "Face to Face Meeting") { $sum_experience = $sum_experience +2; $experience = "2"; } - return $row['awarded']; + return $apoints; } function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded) @@ -124,7 +129,7 @@ $awarded = 100; } else - $experience = 0; + $experience = 0; switch ($row['method']) { @@ -145,7 +150,12 @@ { $name = trim($name); if($name == "") - $name = _("Deleted before Verification"); + { + if ($userid == 0) + $name = _("System"); + else + $name = _("Deleted account"); + } else $name = "<a href='wot.php?id=9&userid=".intval($userid)."'>$name</a>"; return $name; @@ -221,17 +231,35 @@ <? } - function output_assurances_row($assuranceid,$date,$name,$points,$location,$method,$experience) + function output_assurances_row($assuranceid,$date,$when,$name,$awarded,$points,$location,$method,$experience) + { + + $tdstyle=""; + $emopen=""; + $emclose=""; + + if ($awarded == $points) { + if ($awarded == "0") + { + if ($when < "2006-09-01") + { + $tdstyle="style='background-color: #ffff80'"; + $emopen="<em>"; + $emclose="</em>"; + } + } + } + ?> <tr> - <td class="DataTD"><?=$assuranceid?></td> - <td class="DataTD"><?=$date?></td> - <td class="DataTD"><?=$name?></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD"><?=$location?></td> - <td class="DataTD"><?=$method?></td> - <td class="DataTD"><?=$experience?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td> </tr> <? } @@ -272,15 +300,6 @@ <? } - function output_cats_needed() - { -?> - <tr> - <td class="DataTD" colspan=4><strong style='color: red'><?=_("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")?></strong></td> - </tr> -<? - } - // ************* output given assurances ****************** @@ -291,10 +310,10 @@ $res = get_given_assurances(intval($userid)); while($row = mysql_fetch_assoc($res)) { - $fromuser = get_user (intval($row['to'])); - calc_experience ($row,$points,$experience,$sum_experience); + $fromuser = get_user (intval($row['to'])); + $apoints = calc_experience ($row,$points,$experience,$sum_experience); $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to'])); - output_assurances_row (intval($row['id']),$row['date'],$name,intval($row['awarded']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); + output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); } } @@ -309,8 +328,8 @@ { $fromuser = get_user (intval($row['from'])); calc_assurances ($row,$points,$experience,$sum_experience,$awarded); - $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to'])); - output_assurances_row (intval($row['id']),$row['date'],$name,$awarded,$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); + $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from'])); + output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); } } @@ -325,8 +344,11 @@ function calc_points($row) { - if (intval($row['points']) < intval($row['awarded'])) - $points = intval($row['awarded']); // if 'sum of added points' > 100, awarded shows correct value + $awarded = intval($row['awarded']); + if ($awarded == "") + $awarded = 0; + if (intval($row['points']) < $awarded) + $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value else $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value switch ($row['method']) @@ -340,8 +362,8 @@ if ($points <= 2) // maybe limit to 35/50 pts in the future? $points = 0; break; - case 'unknown': // to be revoked in the future? limit to max 50 pts? - case 'Trusted 3rd Parties': // to be revoked in the future? limit to max 35 pts? + case 'Unknown': // to be revoked in the future? limit to max 50 pts? + case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts? case '': // to be revoked in the future? limit to max 50 pts? case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future? break; @@ -412,7 +434,7 @@ else { $sum_points_countable = $sum_points; - $remark_points = " "; + $remark_points = " "; } if ($sum_experience > $max_experience) { @@ -439,7 +461,7 @@ if ($sum_points_countable < $max_points) { if ($sum_experience_countable != 0) - $remark_experience = $points_on_hold_txt;_("Points on hold due to less assurance points"); + $remark_experience = _("Points on hold due to less assurance points"); $sum_experience_countable = 0; if ($sum_experience_other_countable != 0) $remark_experience_other = _("Points on hold due to less assurance points"); @@ -449,7 +471,15 @@ $issue_points = 0; $cats_test_passed = get_cats_state ($userid); if ($cats_test_passed == 0) + { $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>"; + if ($sum_points_countable < $max_points) + { + $issue_points_txt = "<strong style='color: red'>"; + $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points)); + $issue_points_txt .= "</strong>"; + } + } else { $experience_total = $sum_experience_countable+$sum_experience_other_countable; diff --git a/pages/account/12.php b/pages/account/12.php index 40135be..44926ca 100644 --- a/pages/account/12.php +++ b/pages/account/12.php @@ -19,12 +19,13 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> </tr> @@ -33,7 +34,7 @@ UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`, `domaincerts`.`expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`id` as `id` + UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id` from `domaincerts`,`domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` "; if($viewall != 1) @@ -48,7 +49,7 @@ { ?> <tr> - <td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td> + <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -74,12 +75,13 @@ <? } ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=15&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     + <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> </tr> <? } ?> diff --git a/pages/account/18.php b/pages/account/18.php index 5ee1a3b..47fac9e 100644 --- a/pages/account/18.php +++ b/pages/account/18.php @@ -19,12 +19,13 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="5" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> @@ -33,7 +34,7 @@ UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`expire`) as `expired`, `expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `id` + UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `serial`, `id` from `orgemailcerts`, `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orgemailcerts`.`orgid` "; @@ -48,7 +49,7 @@ { ?> <tr> - <td colspan="5" class="DataTD"><?=_("No client certificates are currently listed.")?></td> + <td colspan="6" class="DataTD"><?=_("No client certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -78,12 +79,13 @@ <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> <? } ?> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     + <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> </tr> <? } ?> diff --git a/pages/account/22.php b/pages/account/22.php index 565cb5f..9df8200 100644..100755 --- a/pages/account/22.php +++ b/pages/account/22.php @@ -19,12 +19,13 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> @@ -33,7 +34,9 @@ UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`, `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`id` as `id` + UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, + `orgdomaincerts`.`serial`, + `orgdomaincerts`.`id` as `id` from `orgdomaincerts`,`org` where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` "; if($viewall != 1) @@ -48,7 +51,7 @@ { ?> <tr> - <td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td> + <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -74,12 +77,13 @@ <? } ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     + <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> </tr> <? } ?> diff --git a/pages/account/25.php b/pages/account/25.php index ab0e6b2..a70f608 100644..100755 --- a/pages/account/25.php +++ b/pages/account/25.php @@ -19,6 +19,15 @@ <tr> <td colspan="5" class="title"><?=_("Organisations")?></td> </tr> + +<tr> + <td colspan="5" class="title"><?=_("Order by:")?> + <a href="account.php?id=25"><?=_("Id")?></a> - + <a href="account.php?id=25&ord=1"><?=_("Country")?></a> - + <a href="account.php?id=25&ord=2"><?=_("Name")?></a> + </td> +</tr> + <tr> <td class="DataTD" width="350"><?=_("Organisation")?></td> <td class="DataTD"><?=_("Domains")?></td> @@ -27,7 +36,24 @@ <td class="DataTD"><?=_("Delete")?></td> </tr> <? - $query = "select * from `orginfo` ORDER BY `id`"; + $order = 0; + if (array_key_exists('ord',$_REQUEST)) { + $order = intval($_REQUEST['ord']); + } + + $order_by = "`id`"; + switch ($order) { + case 1: + $order_by = "`C`,`O`"; + break; + case 2: + $order_by = "`O`"; + break; + // the 0 and default case are handled by the preset + } + + // Safe because $order_by only contains fixed strings + $query = sprintf("select * from `orginfo` ORDER BY %s", $order_by); $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { diff --git a/pages/account/40.php b/pages/account/40.php index 1b76f9c..8391903 100755 --- a/pages/account/40.php +++ b/pages/account/40.php @@ -23,7 +23,7 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s <p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be over looked, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a reply quicker.")?></b></p> <p><b><?=_("If you are contacting us about advertising, please use the form at the bottom of the website, the first contact form is not the correct place.")?></b></p> <p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p> -<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="http://www.CAcert.org/help.php"><?=_("Go here for more details.")?></a></p> +<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="//wiki.cacert.org/HELP/"><?=_("Go here for more details.")?></a></p> <p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p> <p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p> <p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p> diff --git a/pages/account/43.php b/pages/account/43.php index 3212667..f058770 100644..100755 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -41,14 +41,26 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); //if(!strstr($email, "%")) // $emailsearch = "%$email%"; - if(intval($email) > 0) - $emailsearch = ""; - - $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` - where `users`.`id`=`email`.`memid` and - (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and - `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 - group by `users`.`id` limit 100"; + // bug-975 ted+uli changes --- begin + if(preg_match("/^[0-9]+$/", $email)) { + // $email consists of digits only ==> search for IDs + // Be defensive here (outer join) if primary mail is not listed in email table + $query = "select `users`.`id` as `id`, `email`.`email` as `email` + from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) + where (`email`.`id`='$email' or `users`.`id`='$email') + and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + } else { + // $email contains non-digits ==> search for mail addresses + // Be defensive here (outer join) if primary mail is not listed in email table + $query = "select `users`.`id` as `id`, `email`.`email` as `email` + from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) + where (`email`.`email` like '$emailsearch' + or `users`.`email` like '$emailsearch') + and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + } + // bug-975 ted+uli changes --- end $res = mysql_query($query); if(mysql_num_rows($res) > 1) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> @@ -141,7 +153,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); { echo "<option"; if($day == $i) - echo " selected='selected'"; + echo " selected='selected'"; echo ">$i</option>"; } ?> @@ -320,6 +332,158 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); </table> <br> <? } ?> +<? // Begin - Debug infos ?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Account State")?></td> + </tr> + +<? + // --- bug-975 begin --- + // potential db inconsistency like in a20110804.1 + // Admin console -> don't list user account + // User login -> impossible + // Assurer, assure someone -> user displayed + /* regular user account search with regular settings + + --- Admin Console find user query + $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` + where `users`.`id`=`email`.`memid` and + (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and + `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + => requirements + 1. email.hash = '' + 2. email.deleted = 0 + 3. users.deleted = 0 + 4. email.email = primary-email (???) or'd + not covered by admin console find user routine, but may block users login + 5. users.verified = 0|1 + further "special settings" + 6. users.locked (setting displayed in display form) + 7. users.assurer_blocked (setting displayed in display form) + + --- User login user query + select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or + `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 + => requirements + 1. users.verified = 1 + 2. users.deleted = 0 + 3. users.locked = 0 + 4. users.email = primary-email + + --- Assurer, assure someone find user query + select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' + and `deleted`=0 + => requirements + 1. users.deleted = 0 + 2. users.email = primary-email + Admin User Assurer + bit Console Login assure someone + + 1. email.hash = '' Yes No No + 2. email.deleted = 0 Yes No No + 3. users.deleted = 0 Yes Yes Yes + 4. users.verified = 1 No Yes No + 5. users.locked = 0 No Yes No + 6. users.email = prim-email No Yes Yes + 7. email.email = prim-email Yes No No + + full usable account needs all 7 requirements fulfilled + so if one setting isn't set/cleared there is an inconsistency either way + if eg email.email is not avail, admin console cannot open user info + but user can login and assurer can display user info + if user verified is not set to 1, admin console displays user record + but user cannot login, but assurer can search for the user and the data displays + + consistency check: + 1. search primary-email in users.email + 2. search primary-email in email.email + 3. userid = email.memid + 4. check settings from table 1. - 5. + + */ + + $inconsistency = 0; + $inconsistencydisp = ""; + $inccause = ""; + // current userid intval($row['id']) + $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked` + from `users` where `id`='".intval($row['id'])."' "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $uemail = $drow['uemail']; + $udeleted = $drow['udeleted']; + $uverified = $drow['verified']; + $ulocked = $drow['locked']; + + $query = "select `hash`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and + `email` ='".$uemail."' and + `deleted` = 0"; + $dres = mysql_query($query); + if ($drow = mysql_fetch_assoc($dres)) { + $drow['edeleted'] = 0; + } else { + // try if there are deleted entries + $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and + `email` ='".$uemail."'"; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + } + + if ($drow) { + $eemail = $drow['eemail']; + $edeleted = $drow['edeleted']; + $ehash = $drow['hash']; + if ($udeleted!=0) { + $inconsistency += 1; + $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted"); + } + if ($uverified!=1) { + $inconsistency += 2; + $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set"); + } + if ($ulocked!=0) { + $inconsistency += 4; + $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set"); + } + if ($edeleted!=0) { + $inconsistency += 8; + $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); + } + if ($ehash!='') { + $inconsistency += 16; + $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); + } + } else { + $inconsistency = 32; + $inccause = _("Prim. email, Email record doesn't exist"); + } + if ($inconsistency>0) { + // $inconsistencydisp = _("Yes"); +?> + <tr> + <td class="DataTD"><?=_("Account inconsistency")?>:</td> + <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td> + </tr> + <tr> + <td colspan="2" class="DataTD" style="max-width: 75ex"> + <?=_("Account inconsistency can cause problems in daily account ". + "operations and needs to be fixed manually through arbitration/critical ". + "team.")?> + </td> + </tr> +<? } + + // --- bug-975 end --- +?> +</table> +<br> +<? + // End - Debug infos +?> <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) diff --git a/pages/account/5.php b/pages/account/5.php index ee500c0..5c131ba 100644 --- a/pages/account/5.php +++ b/pages/account/5.php @@ -19,12 +19,13 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("Email Address")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Login")?></td> @@ -38,6 +39,7 @@ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, `emailcerts`.`id`, `emailcerts`.`CN`, + `emailcerts`.`serial`, emailcerts.disablelogin as `disablelogin` from `emailcerts` where `emailcerts`.`memid`='".$_SESSION['profile']['id']."' @@ -54,7 +56,7 @@ { ?> <tr> - <td colspan="5" class="DataTD"><?=_("No client certificates are currently listed.")?></td> + <td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -84,6 +86,7 @@ <td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> <? } ?> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"> diff --git a/pages/help/0.php b/pages/help/0.php index 83f97bd..7aa9d3b 100644 --- a/pages/help/0.php +++ b/pages/help/0.php @@ -15,15 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<h3><?=_("Help!")?></h3> -<p><?=_("Following are several tips you may find useful.")?></p> - -<ul> -<li><a href='help.php?id=3'><?=_("Generating a new key pair and CSR for IIS 5.0")?></a></li> -<li><a href='help.php?id=4'><?=_("How do I generate a private key and CSR using OpenSSL?")?></a></li> -<li><a href='logos.php'><?=_("How do I get a secured by CAcert emblem on my site?")?></a></li> -<li><a href='help.php?id=6'><?=_("How do I get a server certificate from CAcert?")?></a></li> -<li><a href='help.php?id=7'><?=_("How does CAcert protect its root private key?")?></a></li> -<li><a href='help.php?id=9'><?=_("How can I do a single sign on similar to CAcert using client certificates?")?></a></li> -<li><a href='http://wiki.cacert.org/'><?=_("Unofficial FAQ/Wiki")?></a></li> -</ul> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/HELP/0">', '</a>'); +?> +</p> diff --git a/pages/help/2.php b/pages/help/2.php index 5dd86c4..a03a773 100644 --- a/pages/help/2.php +++ b/pages/help/2.php @@ -15,65 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<ul> - <li><a href="#whatFor"><?=_("What is it for?")?></a></li> - <li><a href="#whyEmails"><?=_("Why digitally sign your own emails?! (weirdo..)")?></a></li> - <li><a href="#freedom"><?=_("How it prepares us to protect our freedom")?></a></li> - <li><a href="#whyAdopt"><?=_("Why isn't it being adopted by everyone?")?></a></li> - <li><a href="#whyAccept"><?=_("Why is the digital signature described as 'not valid/not trusted'?")?></a></li> - <li><a href="#proof"><?=_("But, er, is this really proof of your email identity?")?></a></li> - <li><a href="#gimme"><?=_("How do I create my own digital signature?!")?></a><br></li> - <li><a href="#encrypt"><?=_("I can't wait to start sending encrypted emails!")?></a></li> - <li><a href="#notes"><?=_("Notes for the strangely curious")?></a></li> - <li><a href="#refs"><?=_("References")?></a></li> -</ul> -<br> -<h3><a name="whatFor"></a><?=_("What is it for?")?></h3> -<p><?=_("The purpose of digital signing is to prove, electronically, one's identity")?>. <?=_("You see this all the time on the Internet - every time you go to a secure page on a web site, for example to enter personal details, or to make a purchase, every day you browse web sites that have been digitally signed by a Certificate Authority that is accepted as having the authority to sign it. This is all invisible to the user, except that you may be aware that you are entering a secure zone (e.g. SSL and HTTPS).")?></p> -<p><?=_("Your browser includes special digital (root) certificates from a number of these 'Certificate Authorities' by default, and all web sites use certificates that are validated by one of these companies, which you as a user implicitly trust every time you go to the secure part of a web site. (You might ask, who validates the security of the Certificate Authorities, and why should you trust them?!")?>.... <a href="#notes"><?=_("Good question")?></a>.)</p> -<p><?=_("Digital signing thus provides security on the Internet.")?></p> - -<h3><a name="whyEmails"></a><?=_("Why digitally sign your own emails?! (weirdo..)")?></h3> -<p><?=_("Emails are not secure. In fact emails are VERY not secure!")?></p> -<p><?=_("To get from computer Internet User A to Internet User B an email may pass through tens of anonymous computers on the Internet. These 'Internet infrastructure' computers are all free to inspect and change the contents of your email as they see fit. Governments systematically browse the contents of all emails going in/out/within their country, e.g. the")?> <a href="http://www.cnn.com/2000/TECH/computing/07/28/uk.surveillance.idg/"><?=_("UK Government has done this since the year 2000")?></a>. (<a href="#freedom"><?=_("How it prepares us to protect our freedom")?></a>). <?=_("Ever requested a password that you lost to be emailed to you? That password was wide open to inspection by potential crackers.")?></p> -<p><?=_("As anyone who has received an email containing a virus from a strange address knows, emails can be easily spoofed. The identity of the sender is very easy to forge via email. Thus a great advantage is that digital signing provides a means of ensuring that an email is really from the person you think it is. If everyone digitally signed their emails, it would be much easier to know whether an email is legitimate and unchanged and to the great relief of many, spamming would be much easier to control, and viruses that forge the sender's address would be obvious and therefore easier to control.")?></p> - -<h3><a name="freedom"></a><?=_("How it prepares us to protect our freedom")?></h3> -<p><?=_("But perhaps, fundamentally, the most important reason for digital signing is awareness and privacy. It creates awareness of the (lack of) security of the Internet, and the tools that we can arm ourselves with to ensure our personal security. And in sensitising people to digital signatures, we become aware of the possibility of privacy and encryption.")?></p> -<p><?=_("Most people would object if they found that all their postal letters are being opened, read and possibly recorded by the Government before being passed on to the intended recipient, resealed as if nothing had happened. And yet this is what happens every day with your emails (in the UK). There are some who have objected to this intrusion of privacy, but their voices are small and fall on deaf ears. However the most effective way to combat this intrusion is to seal the envelope shut in a miniature bank vault, i.e. encrypt your email. If all emails were encrypted, it would be very hard for Government, or other organisations/individual crackers, to monitor the general public. They would only realistically have enough resources to monitor those they had reason to suspect. Why? Because encryption can be broken, but it takes a lot of computing power and there wouldn't be enough to monitor the whole population of any given country.")?></p> -<p><?=_("The reason digital signatures prepare us for encryption is that if everyone were setup to be able to generate their own digital signatures, it would be technically very easy to make the next step from digital signatures to encryption. And that would be great for privacy, the fight against spamming, and a safer Internet.")?></p> - -<h3><a name="whyAdopt"></a><?=_("Why isn't it being adopted by everyone?")?></h3> -<p><?=_("Of the biggest reasons why most people haven't started doing this, apart from being slightly technical, the reason is financial. You need your own certificate to digitally sign your emails. And the Certificate Authorities charge money to provide you with your own certificate. Need I say more. Dosh = no thanks I'd rather walk home. But organisations are emerging to provide the common fool in the street with a free alternative. However, given the obvious lack of funding and the emphasis on money to get enrolled, these organisations do not yet have the money to get themselves established as trusted Certificate Authorities. Thus it is currently down to trust. The decision of the individual to trust an unknown Certificate Authority. However once you have put your trust in a Certificate Authority you can implicitly trust the digital signatures generated using their certificates. In other words, if you trust (and accept the certificate of) the Certificate Authority that I use, you can automatically trust my digital signature. Trust me!")?></p> - -<h3><a name="whyAccept"></a><?=_("Why is the digital signature described as 'not valid/not trusted'?")?></h3> -<p><?=_("To fully understand, read the section directly above. I am using a free Certificate Authority to provide me with the ability to digitally sign my emails. As a result, this Certificate Authority is not (yet) recognised by your email software as it is a new organisation that is not yet fully established, although it is probably being included in the Mozilla browser. If you choose to, you can go the their site at CAcert.org to install the root certificate. You may be told that the certificate is untrusted - that is normal and I suggest that you continue installation regardless. Be aware that this implies your acceptance that you trust their secure distribution and storing of digital signatures, such as mine. (You already do this all the time). The CAcert.org root certificate will then automatically provide the safe validation of my digital signature, which I have entrusted to them. Or you can simply decide that you've wasted your time reading this and do nothing (humbug!). Shame on you! :-)")?></p> - -<h3><a name="proof"></a><?=_("But, er, is this really proof of your email identity?")?></h3> -<p><?=_("Security is a serious matter. For a digital certificate with full rights to be issued to an individual by a Certificate Authority, stringent tests must be conducted, including meeting the physical person to verify their identity. At the current moment in time, my physical identity has not been verified by CAcert.org, but they have verified my email address. Installing their root certificate (see above) will thus automatically allow you to validate my digital signature. You can then be confident of the authenticity of my email address - only I have the ability to digitally sign my emails using my CAcert.org certificate, so if you get an email that I digitally signed and which is validated by your email software using the CAcert.org root certificate that you installed, you know it's from me. (Visually you get a simple indication that my email is signed and trusted). Technically, they haven't verified that I really am me! But you have the guarantee that emails from my address are sent by the person who physically administers that address, i.e. me! The only way that someone could forge my digital signature would be if they logged on to my home computer (using the password) and ran my email software (using the password) to send you a digitally signed email from my address. Although I have noticed the cats watching me logon...")?></p> - -<h3><a name="gimme"></a><?=_("Cool man! How do I create my own digital signature?!")?></h3> -<p><?=_("Easy. Ish. Go to CAcert.org, install their root certificate and then follow their joining instructions. Once you have joined, request a certificate from the menu. You will receive an email with a link to the certificate. Click on the link from your email software, and hopefully it will be seamlessly installed. Next find the security section of the settings in your email software and configure digital signatures using the certificate you just downloaded. Hmm. Call me if you want, I'll guide you through it.")?></p> - -<h3><a name="encrypt"></a><?=_("I can't wait to start sending encrypted emails!")?></h3> -<p><?=_("There's nothing to it. I mean literally, you can already start sending your emails encrypted. Assuming of course you have your own digital signature certificate (e.g. as per above), and the person you want to send an encrypted email to also has a digital signature certificate, and has recently sent you a digitally signed email with it. If all these conditions hold, you just have to change the settings in your email software to send the email encrypted and hey presto! Your email software (probably Outlook I guess) should suss out the rest.")?></p> - -<h3><a name="notes"></a><?=_("Notes for the strangely curious")?></h3> -<p><?=_("You are putting your trust in people you don't know!")?><br><?=_("One assumes that if a site has an SSL certificate (that's what enables secure communication, for exchanging personal details, credit card numbers, etc. and gives the 'lock' icon in the browser) that they have obtained that certificate from a reliable source (a Certificate Authority), which has the appropriate stringent credentials for issuing something so vital to the security of the Internet, and the security of your communications. You have probably never even asked yourself the question of who decided to trust these Certificate Authorities, because your browser comes with their (root) certificates pre-installed, so any web site that you come across that has an SSL certificate signed by one of them, is automatically accepted (by your browser) as trustworthy.")?></p> -<p><?=_("Thus, having now asked the question, you suppose that it's the people who make the browser software that have carefully decided who is a trustworthy Certificate Authority. Funnily enough, the mainstream browsers have not, historically, had public policies on how they decide whether a Certificate Authority gets added to their browser. All of the Certificate Authorities that have found themselves in the browser software, are big names, probably with big profits (so they must be doing a good job!).")?></p> -<p><?=_("That situation has changed, and Internet Explorer, being the most obvious example, now insists that any Certificate Authorities are 'audited' by an 'independent' organisation, the American Institute for Certified Public Accountant's (AICPA). So now, if you have the money needed (from US$75000 up to US$250000 and beyond) you can get these accountants, who clearly know a lot about money, to approve you as having the required technical infrastructure and business processes to be a Certificate Authority. And they get a nice wad of money for the pleasure. And the Certificate Authorities, having a kind of monopoly as a result, charge a lot for certificates and also get a nice wad of money. And everyone's happy.")?></p> -<p><?=_("But, with all this money, and all this responsibility, they must be taking a lot of care to ensure the Certificate Authorities do their jobs well, and keep doing their jobs well, right? Well right?!")?></p> -<p><?=_("And they are making mistakes")?></p> -<p><?=_("So if you don't pass the audit, you don't get to be a Certificate Authority. And to pass the audit, well, you've got to show that you can do a good job issuing certificates. That they're secure, you only give them to the right people, etc. So what happens when you make a mistake and you erroneously issue a certificate that risks the entire Internet browsing population, like Verisign did? Well, er, nothing actually. They already paid for their audit, and damn it, they're so big now, we couldn't possibly revoke their Certificate Authority status. (There's too much money at stake!)")?></p> - -<h3><?=_("So, dammit, what's the point of all this then?")?></h3> -<p><?=_("The point is, as the current situation holds, you should be wary of anyone making decisions for you (i.e. pre-installed certificates in your browser), and you should be weary of anyone else's certificates that you install. But at the end of the day, it all boils down to trust. If an independent Certificate Authority seems to be reputable to you, and you can find evidence to support this claim, there's no reason why you shouldn't trust it any less than you implicitly trust the people who have already made mistakes.")?></p> -<h3><a name="refs"></a><?=_("References")?></h3> -<p><a href="http://www.schneier.com/paper-pki.pdf"><?=_("Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure")?></a> - http://www.counterpane.com/pki-risks.pdf</p> -<p><a href="http://www.webtrust.org/certauth.htm"><?=_("WebTrust for Certification Authorities")?></a> - http://www.webtrust.org/certauth.htm</p> -<p><a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-017.asp"><?=_("Erroneous Verisign Issued Digital Certificates Pose Spoofing Hazard")?></a> - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-017.asp</p> -<p><a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/rootcert.asp"><?=_("Microsoft Root Certificate Program")?></a> - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/rootcert.asp</p> -<p><a href="http://www.homeoffice.gov.uk/crimpol/crimreduc/regulation/index.html"><?=_("The Regulation of Investigational Powers Act (RIPA)</a> ('Snooping Bill' official gov site, UK)")?> - http://www.homeoffice.gov.uk/crimpol/crimreduc/regulation/index.html</p> -<p><a href="http://www.cnn.com/2000/TECH/computing/07/28/uk.surveillance.idg/"><?=_("U.K. e-mail snooping bill passed")?></a> (UK) - http://www.cnn.com/2000/TECH/computing/07/28/uk.surveillance.idg/</p> -<p><?=_("Disclaimer : These are the author's opinions, but they should not be considered 'truth' without personal verification. The author may have made mistakes and any mistakes will be willingly rectified by contacting the administrator of elucido.net, contact details available from the normal domain registration information services (e.g. whois.net). No recommendation to install a Certificate Authority's root certificate is either intended nor implied.")?></p> -<p><? printf(_("The page has been reproduced on %s with explicit permission from %sthe author%s with the information being copyrighted to the author (name with held by request)"), "<a href='http://www.CAcert.org'>CAcert.org</a>", "<a href='http://elucido.net/'>", "</a>")?></p> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/HELP/2">', '</a>'); +?> +</p> diff --git a/pages/help/3.php b/pages/help/3.php index b56823e..8cdeb08 100644 --- a/pages/help/3.php +++ b/pages/help/3.php @@ -15,74 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<h3><?=_("Generating a Key Pair and Certificate Signing Request (CSR) for a Microsoft Internet Information Server (IIS) 5.0.")?></h3> -<p><?=_("To generate a public and private key pair and CSR for a Microsoft IIS 5 Server:")?></p> - <ol class="tutorial"> - <li><b><?=_("Key generation process")?></b><br /> - <?=_("Under 'Administrative Tools', open the 'Internet Services Manager'. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on the particular website will open up its properties.")?><br /> - <img src="iistutorial/image001.jpg" height="453" width="642" alt="<?=_("Screenshot of IIS 5.0")?>" /><br /> - <img src="iistutorial/image002.jpg" height="453" width="463" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Open Directory Security folder")?></b><br /> - <?=_("In the 'Directory Security' folder click on the 'Server Certificate' button in the 'Secure communications' section. If you have not used this option before the 'Edit' button will not be active.")?><br /> - <img src="iistutorial/image003.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Select 'Create a new certificate'")?></b><br /> - <?=_("Now 'Create a new certificate'.")?><br /> - <img src="iistutorial/image004.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Prepare the request")?></b><br /> - <?=_("You'll prepare the request now, but you can only submit the request via the online request forms. We do not accept CSRs via email.")?><br /> - <img src="iistutorial/image005.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Enter a certificate name and select Certificate strength")?></b><br /> - <?=_("Select 'Bit length'. We advise a key length of 1024 bits.")?><br /> - <img src="iistutorial/image006.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /><br /> - <br /> - <?=_("You have now created a public/private key pair. The private key is stored locally on your machine. The public portion is sent to CAcert in the form of a CSR.")?><br /> - <br /> - <?=_("You will now create a CSR. This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. The following characters must be excluded from your CSR fields, or your certificate may not work:")?> <p style="color: red;">! @ # $ % ^ * ( ) ~ ? > < & / \</p> - </li> - <li><b><?=_("Enter your Organisation Information")?></b><br /> - <?=_("Enter the Organisation name: this must be the full legal name of the Organisation that is applying for the certificate.")?><br /> - <br /> - <?=_("The Organisational Unit field is the 'free' field. It is often the department or Server name for reference.")?><br /> - <img src="iistutorial/image007.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Enter your Common Name")?></b><br /> - <?=_("The Common Name is the fully qualified host and Domain Name or website address that you will be securing. Both 'www.CAcert.org' and 'secure.CAcert.com' are valid Common Names. IP addresses are usually not used.")?><br /> - <img src="iistutorial/image008.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Enter the geographical details")?></b><br /> - <?=_("Your country, state and city.")?><br /> - <img src="iistutorial/image009.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Choose a filename to save the request to")?></b><br /> - <?=_("Select an easy to locate folder. You'll have to open this file up with Notepad. The CSR must be copied and pasted into our online form. Once the CSR has been submitted, you won't need this CSR any more as IIS won't reuse old CSR to generate new certificates.")?><br /> - <img src="iistutorial/image010.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Confirm your request details")?></b></li> - </ol> -<p><?=_("Finish up and exit IIS Certificate Wizard")?></p> - -<h3><?=_("Certificate Installation process for IIS 5.0")?></h3> -<p><?=_("After your certificate has been emailed to you, follow this process to install the certificate.")?></p> - <ol class="tutorial"> - <li><b><?=_("Saving the certificate")?></b><br /> - <?=_("Copy the contents of the email including the")?> - <code>-----BEGIN CERTIFICATE-----</code> <?=_("and")?> - <code>-----END CERTIFICATE-----</code> <?=_("lines. Do not copy any extra line feeds or carriage returns at the beginning or end of the certificate. Save the certificate into a text editor like Notepad. Save the certificate with an extension of .cer and a meaningful name like certificate.cer")?><br /><br /> - <img src="iistutorial/image011b.png" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Installation steps")?></b><br /> - <?=_("Return to the 'Internet Information Services' screen in 'Administrative Tools' under 'Control Panel'. Right click on 'Default Web Site' and select 'Properties'.")?><br /> - <img src="iistutorial/image001.jpg" height="453" width="642" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Select the Directory Security tab")?></b><br /> - <?=_("Select 'Server Certificate' at the bottom of the tab in the 'Secure communications' section.")?><br /> - <img src="iistutorial/image002.jpg" height="453" width="463" alt="<?=_("Screenshot of IIS 5.0")?>" /><br /></li> - <li><b><?=_("In the 'IIS Certificate Wizard' you should find a 'Pending Certificate Request'.")?></b><br /> - <?=_("Ensure 'Process the pending request and install the certificate' is selected and click on 'Next'.")?><br /> - <img src="iistutorial/image012.gif" height="388" width="506" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Browse to the location you saved the .cer file to in step 1")?></b><br /> - <?=_("Select the .cer file and click 'Next'.")?><br /> - <img src="iistutorial/image013.gif" height="388" width="505" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("Ensure that you are processing the correct certificate")?></b><br /> - <?=_("...then click 'Next'.")?><br /> - <img src="iistutorial/image014.jpg" height="390" width="506" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - <li><b><?=_("You will see a confirmation screen.")?></b><br /> - <?=_("When you have read this information, click 'Finish'.")?><br /> - <img src="iistutorial/image015.gif" height="390" width="507" alt="<?=_("Screenshot of IIS 5.0")?>" /></li> - </ol> - <p><b><?=_("And you're done!")?></b></p> - <p><?=_("For more information, refer to your server documentation or visit")?> <a href="http://support.microsoft.com/support/"><?=_("Microsoft Support Online")?></a>.</p> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/HELP/3">', '</a>'); +?> +</p> diff --git a/pages/help/4.php b/pages/help/4.php index 428c934..248564c 100644 --- a/pages/help/4.php +++ b/pages/help/4.php @@ -15,31 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<p><?=_("Firstly you will need to run the following command, preferably in secured directory no one else can access, however protecting your private keys is beyond the scope of this document.")?></p> -<p># openssl req -nodes -new -keyout private.key -out server.csr</p> -<p><?=_("Then the system will try to generate some very random numbers to get a secure key.")?></p> -<p><?=_("Generating a 1024 bit RSA private key")?><br> - ...++++++<br> - ....++++++<br> -<?=_("writing new private key to 'private.key'")?></p> -<p><?=_("You will then be asked to enter information about your company into the certificate. Below is a valid example:")?></p> -<p><?=_("Country Name (2 letter code) [AU]:")?>AU<br> - <?=_("State or Province Name (full name) [NSW]:")?>NSW<br> - <?=_("Locality Name (eg, city) [Sydney]:")?>Sydney<br> - <?=_("Organization Name (eg, company) [XYZ Corp]:")?>CAcert Inc.<br> - <?=_("Organizational Unit Name (eg, section) [Server Administration]:.")?><br> - <?=_("Common Name (eg, YOUR name) []:")?>www.cacert.org<br> - <?=_("Email Address")?> []:no-returns@cacert.org</p> -<p><?=_("Finally you will be asked information about 'extra' attribute, you simply hit enter to both these questions.")?></p> -<p><?=_("Next step is that you submit the contents of server.csr to the CAcert website, it should look *EXACTLY* like the following example otherwise the server may reject your request because it appears to be invalid.")?></p> -<p>-----BEGIN CERTIFICATE REQUEST-----<br> - MIIBezCB5QIBADA8MRcwFQYDVQQDEw53d3cuY2FjZXJ0Lm9yZzEhMB8GCSqGSIb3<br> - DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB<br> - iQKBgQDQd1+ut4TJLWZf5A9r3D17Kob+CNwz/jfCOYrH0P6q1uw4jfSyrWUeSaVc<br> - 59Xjpov8gRctlAuWM9KavkLSF6vcNdDEbvUYnL/+ixdmVE9tlXuSFEGz0GAF5faf<br> - QZe30wk+2hnC6P+rwclypOhkTXtWgvSHPZg9Cos8xqDyv589QwIDAQABoAAwDQYJ<br> - KoZIhvcNAQEEBQADgYEAJruzBZr4inqaeidn1m2q47lXZUWjgsrp3k3bFJ/HCb3S<br> - 2SgVqHFrOisItrr7H0Dw2EcPhIrRokRdjIAwwlxG9v21eFaksZUiaP5Yrmf89Njk<br> - HV+MZXxbC71NIKrnZsDhHibZslICh/XjdPP7zfKMlHuaaz1oVAmu9BlsS6ZXkVA=<br> ------END CERTIFICATE REQUEST----- </p> -<p><?=_("Once you've submitted it the system will process your request and send an email back to you containing your server certificate.")?></p> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/HELP/4">', '</a>'); +?> +</p> diff --git a/pages/help/5.php b/pages/help/5.php index d59e3dc..604febc 100644 --- a/pages/help/5.php +++ b/pages/help/5.php @@ -15,4 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<?=_("To be completed")?> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/HELP/5">', '</a>'); +?> +</p> diff --git a/pages/help/6.php b/pages/help/6.php index adbd656..5308e93 100644 --- a/pages/help/6.php +++ b/pages/help/6.php @@ -15,14 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<p><?=_("Firstly you need to join CAcert to do that go:")?> <a href='https://www.cacert.org/index.php?id=1'><?=("here")?></a></p> - -<p><?=_("Then you need to generate a Certificate Signing Request, for more details go:")?> <a href=http://www.cacert.org/help.php><?=_("here")?></a></p> - -<p><?=_("You then need to add the domain you have control of to your account, which you can do:")?> <a href='https://www.cacert.org/account.php?id=7'><?=_("here")?></a></p> - -<p><?=_("System will send you an email with a link in it, you just open the link in a webbrowser.")?></p> - -<p><?=_("Then you need to submit the contents from the CSR file to CAcert, you need to go:")?> <a href='https://www.cacert.org/account.php?id=10'><?=_("here")?></a></p> - -<p><?=_("CAcert then sends you an email with a signed copy of your certificate. Hopefully the rest should be pretty straight forward.")?></p> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/HELP/6">', '</a>'); +?> +</p> diff --git a/pages/help/7.php b/pages/help/7.php index 842a4cf..73e18da 100644 --- a/pages/help/7.php +++ b/pages/help/7.php @@ -15,12 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<p><?=_("In light of a request on the bugzilla list for more information about how our root certificate is protected I've decided to do a write up here and see if there is anything more people suggest could be done, or a better way of handling things altogether.")?></p> -<p><?=_("Currently there is 2 main servers, one for webserver, one for root store, with the root store only connected to the webserver via serial cable, with a daemon running as non-root processes on each end of the serial listening/sending requests/info.")?></p> -<p><?=_("If the root store detects a bad request it assumes the webserver is compromised and shuts itself down.")?></p> -<p><?=_("If the root store doesn't receive a 'ping' reply over the serial link within a determined amount of time it assumes the webserver is compromised or the root store itself has been stolen and shuts itself down.")?></p> -<p><?=_("Apart from the boot stuff, all data resides on an encrypted partition on the root store server and only manual intervention in the boot up process by entering the password will start it again.")?></p> -<p><?=_("The requests sent to the root store, are stored in a file for another process triggered by cron to parse and sign them, then stored in a reply file to be sent back to the webserver. Causing things to be separated into different users, basic privilege separation stuff. So being actually able to hack the serial daemons will only at the VERY worst cause fraudulent certificates, not the root to be revealed.")?></p> -<p><?=_("Why use serial you ask? Well certificate requests are low bandwidth for starters, then of course simpler systems in security are less prone to exploits, and finally serial code is pretty mature and well tested and hopefully all exploits were found and fixed a long time ago.")?></p> -<p><?=_("With the proposed root certificate changes, there would be a new root, this would sign at least 1 sub-root, then the private key stored offline in a bank vault, with the sub-root doing all the signing, or alternatively 2 sub-roots, 1 for client certificates, one for server, the thinking behind this, if any of the sub-roots are compromised they can be revoked and reissued.")?></p> -<p><?=_("Alternatively as things progress we can add more layers of security with say 4 webservers talking to 2 intermediate servers, talking to the root store, and acting in a token ring fashion, anything happening out of sequence, and the server directly upstream shuts itself down, which if that were in place and there were multiple paths, any down time in this fashion would fall over to the servers not compromised, anyways just some food for thought.")?></p> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/HELP/7">', '</a>'); +?> +</p> diff --git a/pages/help/8.php b/pages/help/8.php index 8ee4974..41c4959 100644 --- a/pages/help/8.php +++ b/pages/help/8.php @@ -15,6 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<p><i><?=_("Question: I'm a software developer for linux and I want to use CAcert/openssl to distribute my packages with detached signatures, is this possible and why would I do this over PGP/GPG detached signatures?")?></i></p> -<p><?=_("I'll anwser the why part first, as that's reasonably easy. The short answer is it takes most of the key handling responsibilty away from you and/or your group. If you need to revoke your key for any reason (such as a developer leaving the project) it won't effect your ability to revoke the existing key or keys, and issue new ones.")?></p> - +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/HELP/8">', '</a>'); +?> +</p> diff --git a/pages/help/9.php b/pages/help/9.php index 8a538fe..d6fdc39 100644 --- a/pages/help/9.php +++ b/pages/help/9.php @@ -15,53 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> +<p style="background-color: #FF8080; font-size: 150%"> <? - function dotab($num) - { - $string=""; - for($i = 0; $i < $num; $i++) - { - for($j = 0; $j < 8; $j++) - $string .= " "; - } - return($string); - } +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/HELP/9">', '</a>'); ?> -<h3><?=_("How can I do a single sign on similar to CAcert using client certificates?")?></h3> - -<p><?=_("Firstly you need mod-ssl and apache setup (this is beyond the scope of this FAQ item and you will need to search on google etc for LAMP setup information). I recommend mod-ssl over apache-ssl because it means you need less resources to achieve the same result.")?></p> - -<p><?=_("Once you have everything setup and working you will need to add lines similar to below to your apache.conf")?></p> - -<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"><br> -<VirtualHost 127.0.0.1:443><br> -SSLEngine on<br> -SSLVerifyClient require<br> -SSLVerifyDepth 2<br> -SSLCACertificateFile /etc/ssl/cacert.crt<br> -SSLCertificateFile /etc/ssl/certs/cacert.crt<br> -SSLCertificateKeyFile /etc/ssl/private/cacert.pem<br> -SSLOptions +StdEnvVars<br> -<br> -ServerName secure.cacert.org<br> -DocumentRoot /www<br> -</VirtualHost><br><br> -</p> - -<p><?=_("Please note, you will need to alter the paths, hostname and IP of the above example, which is just that an example! The SSLCACertificateFile directive is supposed to point to a file with the root certificate you wish to verify your client certificates against, for the CAcert website we obviously only accept certificates issued by our own website and use our root certificate to initially verify this.")?></p> - -<p><?=_("Once you have everything working and you've tested sending a client certificate to your site and you're happy all is well you can start adding code to PHP (or any other language you like that can pull server environment information). At present I only have PHP code available and the example is in PHP")?></p> - -<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"><br> -<?=dotab(1)?>if($_SERVER['HTTP_HOST'] == "secure.cacert.org")<br> -<?=dotab(1)?>{<br> -<?=dotab(2)?>$query = "select * from `users` where `email`='$_SERVER[SSL_CLIENT_S_DN_Email]'";<br> -<?=dotab(2)?>$res = mysql_query($query);<br> -<?=dotab(2)?>if(mysql_num_rows($res) > 0)<br> -<?=dotab(2)?>{<br> -<?=dotab(3)?>$_SESSION['profile']['loggedin'] = 1;<br> -<?=dotab(3)?>header("location: https://secure.cacert.org/account.php");<br> -<?=dotab(3)?>exit;<br> -<?=dotab(2)?>}<br> -<?=dotab(1)?>}<br><br> </p> diff --git a/pages/index/1.php b/pages/index/1.php index f4343e7..a60a242 100644 --- a/pages/index/1.php +++ b/pages/index/1.php @@ -25,27 +25,33 @@ <form method="post" action="index.php" autocomplete="off"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> <tr> - <td colspan="2" class="title"><?=_("My Details")?></td> + <td colspan="3" class="title"><?=_("My Details")?></td> </tr> + <tr> <td class="DataTD" width="125"><?=_("First Name")?>: </td> <td class="DataTD" width="125"><input type="text" name="fname" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td> + <td rowspan="4" class="DataTD" width="125"><? printf(_("Help on Names %sin the wiki%s"),'<a href="//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm" target="_blank">','</a>')?></td> </tr> + <tr> <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> (<?=_("optional")?>) </td> <td class="DataTD"><input type="text" name="mname" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td> </tr> + <tr> <td class="DataTD"><?=_("Last Name")?>: </td> <td class="DataTD"><input type="text" name="lname" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td> </tr> + <tr> <td class="DataTD"><?=_("Suffix")?><br> (<?=_("optional")?>)</td> - <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write %sName Suffixes%s into this field."),'<a href="http://en.wikipedia.org/wiki/Suffix_%28name%29" target="_blank">','</a>')?></td> + <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td> </tr> + <tr> <td class="DataTD"><?=_("Date of Birth")?><br> (<?=_("dd/mm/yyyy")?>)</td> @@ -73,49 +79,63 @@ </select> <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['signup']) ? sanitizeHTML($_SESSION['signup']['year']):""?>" size="4" autocomplete="off"></nobr> </td> + <td class="DataTD"> </td> </tr> + <tr> <td class="DataTD"><?=_("Email Address")?>: </td> - <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"><br/><?=_("I own or am authorised to control this email address")?> -</td> + <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"></td> + <td class="DataTD"><?=_("I own or am authorised to control this email address")?></td> </tr> + <tr> <td class="DataTD"><?=_("Pass Phrase")?><font color="red">*</font>: </td> <td class="DataTD"><input type="password" name="pword1" autocomplete="off"></td> + <td class="DataTD" rowspan="2"> </td> </tr> <tr> <td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td> <td class="DataTD"><input type="password" name="pword2" autocomplete="off"></td> </tr> + <tr> - <td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td> + <td class="DataTD" colspan="3"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td> </tr> + <tr> - <td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions - Please enter five questions and your responses to be used for security verification.")?></td> + <td class="DataTD" colspan="3"><?=_("Lost Pass Phrase Questions - Please enter five questions and your responses to be used for security verification.")?></td> </tr> + <tr> <td class="DataTD">1) <input type="text" name="Q1" size="15" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td> <td class="DataTD"><input type="text" name="A1" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td> + <td class="DataTD" rowspan="5"> </td> </tr> + <tr> <td class="DataTD">2) <input type="text" name="Q2" size="15" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td> <td class="DataTD"><input type="text" name="A2" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td> </tr> + <tr> <td class="DataTD">3) <input type="text" name="Q3" size="15" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td> <td class="DataTD"><input type="text" name="A3" value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td> </tr> + <tr> <td class="DataTD">4) <input type="text" name="Q4" size="15" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td> <td class="DataTD"><input type="text" name="A4" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td> </tr> + <tr> <td class="DataTD">5) <input type="text" name="Q5" size="15" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td> <td class="DataTD"><input type="text" name="A5" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td> </tr> + <tr> - <td class="DataTD" colspan="2"><?=_("It's possible to get notifications of up and coming events and even just general announcements, untick any notifications you don't wish to receive. For country, regional and radius notifications to work you must choose your location once you've verified your account and logged in.")?></td> + <td class="DataTD" colspan="3"><?=_("It's possible to get notifications of up and coming events and even just general announcements, untick any notifications you don't wish to receive. For country, regional and radius notifications to work you must choose your location once you've verified your account and logged in.")?></td> </tr> + <tr> <td class="DataTD" valign="top"><?=_("Alert me if")?>: </td> <td class="DataTD" align="left"> @@ -123,16 +143,18 @@ <input type="checkbox" name="country" value="1" <?=array_key_exists('country',$_SESSION['signup'])? ($_SESSION['signup']['country'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Country Announcements")?><br> <input type="checkbox" name="regional" value="1" <?=array_key_exists('regional',$_SESSION['signup'])? ($_SESSION['signup']['regional'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Regional Announcements")?><br> <input type="checkbox" name="radius" value="1" <?=array_key_exists('radius',$_SESSION['signup'])? ($_SESSION['signup']['radius'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Within 200km Announcements")?></td> + <td class="DataTD"> </td> </tr> + <tr> - <td class="DataTD" colspan="2"><?=_("When you click on next, we will send a confirmation email to the email address you have entered above.")?></td> + <td class="DataTD" colspan="3"><?=_("When you click on next, we will send a confirmation email to the email address you have entered above.")?></td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="checkbox" name="cca_agree" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> ><?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.php">http://www.cacert.org/policy/CAcertCommunityAgreement.php</a></td> + <td class="DataTD" colspan="3"><input type="checkbox" name="cca_agree" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> ><?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.php">http://www.cacert.org/policy/CAcertCommunityAgreement.php</a></td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> + <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=_("Next")?>"></td> </tr> </table> diff --git a/pages/index/11.php b/pages/index/11.php index 1b76f9c..8391903 100644 --- a/pages/index/11.php +++ b/pages/index/11.php @@ -23,7 +23,7 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s <p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be over looked, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a reply quicker.")?></b></p> <p><b><?=_("If you are contacting us about advertising, please use the form at the bottom of the website, the first contact form is not the correct place.")?></b></p> <p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p> -<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="http://www.CAcert.org/help.php"><?=_("Go here for more details.")?></a></p> +<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="//wiki.cacert.org/HELP/"><?=_("Go here for more details.")?></a></p> <p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p> <p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p> <p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p> diff --git a/pages/index/8.php b/pages/index/8.php index e45090d..4d515a6 100644 --- a/pages/index/8.php +++ b/pages/index/8.php @@ -15,16 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<p><b><? printf(_("The current %s board, and roles."), "CAcert Inc."); ?></b></p> -<p> -Lambert Hofstra - <?=_("President")?><br/> -Peter Yuill - <?=_("Vice President")?><br/> -Alexander Prinsier - <?=_("Treasurer")?><br/> -Mario Lipinski - <?=_("Secretary")?><br/> -Piers Lauder - <?=_("member")?><br/> -Ian Grigg - <?=_("member")?><br/> -Dirk Astrath - <?=_("member")?><br/> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/Board">', '</a>'); +?> </p> -Kevin Dawson - <?=_("Public Officer")?><br /> -<br /> -More detailed informations can be found in the CAcert wiki under <a href="//wiki.cacert.org/Board"><?=_("CAcert Board")?></a> diff --git a/password.dat.sample b/password.dat.sample index f9bbb55..f9bbb55 100755..100644 --- a/password.dat.sample +++ b/password.dat.sample diff --git a/scripts/37de-blit2011-email.txt b/scripts/37de-blit2011-email.txt new file mode 100644 index 0000000..365bd5b --- /dev/null +++ b/scripts/37de-blit2011-email.txt @@ -0,0 +1,18 @@ +8. Brandenburger Linux-Infotag 2011 -- Helfer Gesucht +::::::::::::::::::::::::::::::::::::::::::::::::::::: + +Hallo CAcerties, + +am Samstag, dem 5. November 2011 moechte sich CAcert mit einem Stand auf dem 8. Brandenburger Linux-Infotag 2011 (Motto: "Freie Gedanken - Freie Systeme") praesentieren. Hierzu wurde nun im Wiki eine Organisationsseite eingerichtet, auf der Ihr Euch als Helfer eintragen koennt + http://wiki.cacert.org/events/BLIT2011 +Sofern Ihr aus Berlin, Potsdam sowie Umgebung oder von woanders kommt und Zeit wie auch Lust habt, dann tragt Euch bitte, gerne auch nur fuer einen +bestimmten Zeitraum, ein. Wer in den vergangenen Jahren dabei war, weiss vieviel Spass es allen gemacht hat! + +Auf der Veranstaltung sind Professoren, wissenschaftliche Mitarbeiter und in jedem Fall viele Studenten zu erwarten. Es waere daher super, wenn wir dort moeglichst viele von CAcert ueberzeugen koennen, um dort eine neue Keimzelle entstehen lassen zu koennen. Daher benoetigen wir mindestens drei Assurer, um 100 Punkte vergeben zu koennen. + +Wir freuen uns auf Eure Mithilfe. + + +Wiki Organisationsseite: [http://wiki.cacert.org/events/BLIT2011] + +Kontakt: events@cacert.org diff --git a/scripts/37de-blit2011-mail.php.txt b/scripts/37de-blit2011-mail.php.txt new file mode 100644 index 0000000..e0ecead --- /dev/null +++ b/scripts/37de-blit2011-mail.php.txt @@ -0,0 +1,106 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2009 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/mysql.php"); + + $lines = ""; + $fp = fopen("37de-blit2011-email.txt", "r"); + while(!feof($fp)) + { + $line = trim(fgets($fp, 4096)); + $lines .= wordwrap($line, 75, "\n")."\n"; + } + fclose($fp); + + +// $locid = intval($_REQUEST['location']); +// $maxdist = intval($_REQUEST['maxdist']); +// maxdist in [Km] + $maxdist = 200; + + +// location location.ID +// verified: 29.4.09 u.schroeter +// $locid = 7902857; // Paris +// $locid = 238568; // Bielefeld +// $locid = 715191; // Hamburg +// $locid = 1102495; // London +// $locid = 520340; // Duesseldorf +// $locid = 1260319; // Muenchen +// $locid = 606058; // Frankfurt +// $locid = 1775784; // Stuttgart +// $locid = 228950; // Berlin +// $locid = 606058; // Frankfurt +// $locid = 599389; // Flensburg +// $locid = 61065; // Amsterdam, Eemnes +// $locid = 228950; // Berlin +// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US +// $locid = 1486658; // Potsdam +// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden +// $locid = 2094781; // Mission Hills (Los Angeles), California, US +// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark +// $locid = 2257312; // Sydney, New South Wales, Australia +// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany +// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany +// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany +// $locid = 2102723; // Washington (District of Columbia, ..., US +// $locid = 2177566; // New York (Bronx), New York, United States + +// BLIT2011 + $locid = 1486658; // Potsdam + $eventname = "8. Brandenburger Linux-Infotag 2011 - Potsdam"; + $city = "5. Nov 2011"; + + + $query = "select * from `locations` where `id`='$locid'"; + $loc = mysql_fetch_assoc(mysql_query($query)); + + $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + + (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * + COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* + FROM `locations` + inner join `users` on `users`.`locid` = `locations`.`id` + inner join `alerts` on `users`.`id`=`alerts`.`memid` + inner join `notary` on `users`.`id`=`notary`.`to` + WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) + GROUP BY `users`.`id` + HAVING `distance` <= '$maxdist' + ORDER BY `distance` "; + echo $query; + + // comment next line when starting to send mail not only to me + // $query = "select * from `users` where `email` like 'cacerttest%'"; + + $res = mysql_query($query); + $xrows = mysql_num_rows($res); + + while($row = mysql_fetch_assoc($res)) + { + // uncomment next line to send mails ... + sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + } + // 1x cc to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + // 1x mailing report to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + + // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 + sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + echo "invitation sent to $xrows recipients.\n"; + +?> diff --git a/scripts/DumpWeakCerts.pl b/scripts/DumpWeakCerts.pl index 580390e..580390e 100755..100644 --- a/scripts/DumpWeakCerts.pl +++ b/scripts/DumpWeakCerts.pl diff --git a/scripts/assurer.php b/scripts/assurer.php index c649fbf..d85a2a6 100644 --- a/scripts/assurer.php +++ b/scripts/assurer.php @@ -30,7 +30,7 @@ $query = " select u.email, fname, lname, sum(n.points) from users u, notary n where n.to=u.id - and not exists(select 1 from cats_passed cp where cp.user_id=u.id) + and not EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`) and exists(select 1 from notary n2 where n2.from=u.id and year(n2.`when`)>2007) and (select count(*) from notary n3 where n3.from=u.id) > 1 group by email, fname, lname diff --git a/scripts/mail-weak-keys.php b/scripts/mail-weak-keys.php index 95c0e4f..95c0e4f 100755..100644 --- a/scripts/mail-weak-keys.php +++ b/scripts/mail-weak-keys.php diff --git a/scripts/mass-revoke.php b/scripts/mass-revoke.php index 18c036b..18c036b 100755..100644 --- a/scripts/mass-revoke.php +++ b/scripts/mass-revoke.php diff --git a/scripts/oa01-allowance.php.txt b/scripts/oa01-allowance.php.txt new file mode 100644 index 0000000..50374e3 --- /dev/null +++ b/scripts/oa01-allowance.php.txt @@ -0,0 +1,93 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/mysql.php"); + + $lines = ""; + $fp = fopen("oa01-allowance.txt", "r"); + while(!feof($fp)) + { + $line = trim(fgets($fp, 4096)); + $lines .= wordwrap($line, 75, "\n")."\n"; + } + fclose($fp); + +// --- Variable parameters --- begin + +// $country +// "" (empty) email to _all_ countries +// "DE" 2-digit country code, eg. email to Germany Org's only + +// $status +// Status: 1 mails to org contacts only +// 2 mails to org admins only +// 3 mails to org contacts + org admins + +// $subject +// sample: +// with +// mailing subject results in +// a) $country = "" +// "[CAcert.org] Allowance to publish Organisation Assurance on CAcert website" +// b) $country = "DE" +// "[CAcert.org] Allowance to publish Organisation Assurance on CAcert website (DE)" + + +//OA Allowance +$country = ""; // "DE" or "" +$status = 3; // 1, 2 or 3 3 = 1+2 +$subject = "Allowance to publish Organisation Assurance on CAcert website"; + + +// --- Variable parameters --- end + +$query = "SELECT orginfo.contact as email, orginfo.O, 1 as status + FROM orginfo + WHERE (orginfo.C like '$country%' and (1=$status or 3=$status)) + UNION + Select users.email, orginfo.O, 2 as status + FROM users + inner join org on users.id = org.memid + inner join orginfo on org.orgid=orginfo.id + WHERE (orginfo.C like '$country%' and (2=$status or 3=$status)) + ORDER BY O"; + + + echo $query; + + // comment next line when starting to send mail not only to me + // $query = "select * from `users` where `email` like 'cacerttest%'"; + + $res = mysql_query($query); + $xrows = mysql_num_rows($res); + + while($row = mysql_fetch_assoc($res)) + { + // uncomment next line to send mails ... + sendmail($row['email'], "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")") , $lines, "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1); + } + // 1x cc to oao.cacert.org + sendmail("oao@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")"), $lines, "oao@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1); + // 1x mailing report to oao.cacert.org + sendmail("oao@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")")." - Report", "oa-mailing sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1); + + // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20110608.1 + sendmail("bernhard@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")")." - Report", "oa-mailing sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1); + + echo "oa-mailing sent to $xrows recipients.\n"; +?> diff --git a/scripts/oa01-allowance.txt b/scripts/oa01-allowance.txt new file mode 100644 index 0000000..ea23fa4 --- /dev/null +++ b/scripts/oa01-allowance.txt @@ -0,0 +1,159 @@ +(Dutch, German and French version see below)
+
+Dear sir or madam,
+
+CAcert plans to add a new section to its homepage. This section will contain
+a listing of companies and organisations assured by
+CAcert's Organisation Assurance.
+
+You, as a representative or an Organisation Administrator of such an
+organisation, are asked for your approval to give us the name, the logo and
+the location of your company. The reference will be listed on
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList. This listing
+is a resource for other companies planning to use CAcert Certificates.
+
+We kindly ask you to tell us for what purpose you use your CAcert certificate.
+Please check the specific items:
+
+ [ ] - Client Certs
+ [ ] - E-mail Certs
+ [ ] - Server Certs
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+"If you are satisfied with our services, tell others. If not, come back to us."
+
+Additionally, we plan a testimonial page in the future where you are able to
+tell about your experience with CAcert.
+
+If you have any questions, suggestions or criticisms please do not hesitate to
+contact us on mailto:support@cacert.org,
+mailto:cacert-orga-assurer@lists.cacert.org or contact the Organisation Assurer
+who originaly assured you organisation. You can revoke your assent any time.
+
+Thank you for your support.
+
+For the Organisation Assurance Team
+
+---------------------------------------------------
+
+[German Version]
+
+Sehr geehrte Damen und Herren,
+
+CAcert plant eine Umgestaltung des Internetauftritts. Dazu gehoert auch die
+Auflistung von Unternehmen und Organisationen, die durch CAcert im Rahmen der
+Organisation Assurance geprueft wurden.
+
+Wir wuerden gerne Ihre Organisation (Name, Sitz und Logo) als Referenz auf der
+Seite http://wiki.cacert.org/OrganisationAssurance/OrganisationList nennen.
+Als Ansprechpartner oder Organisationsadministrator einer solchen Organisation
+benoetigen wir dazu Ihr Einverstaendnis.
+
+Ueber Informationen, wie in welcher Weise Ihre Organisation CAcert-Zertifikate
+einsetzt, wuerden wir und sehr freuen. Wählen Sie einfach die verwendeten
+Einsatzgebiete aus dieser Liste aus:
+
+ [ ] - Client Certs
+ [ ] - E-Mail Certs
+ [ ] - Server Certs
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+"Wenn Sie zufrieden sind mit unserem Service, sagen Sie es weiter. Wenn Sie
+nicht zufrieden sind, sagen Sie es uns."
+
+In diesem Zusammenhang planen wir auch eine Testimonal Seite, auf der Sie
+selbst ueber ihre Erfahrungen berichten koennen.
+
+Bei Fragen, Anregungen oder Kritik erreichen Sie uns jederzeit unter
+mailto:support@cacert.org und mailto:cacert-orga-assurer@lists.cacertg.org oder
+kontaktieren Sie den Organisations Assurer, der Ihre Organisation ueberprueft
+hat. Sie haben jederzeit das Recht, Ihr Einverstaendnis zu widerrufen.
+
+Im Name von CAcert bedanke sich das Organisation Assurance Team herzlich
+fuer Ihre Unterstuetzung.
+
+---------------------------------------------------
+
+[French Version]
+
+Madame, Monsieur,
+
+CAcert a decide d'ajouter une nouvelle section a son site internet. Cette
+section contient une liste des entreprises et organisations accreditees
+par CAcert.
+
+Vous, en tant que representant ou administrateur d'une telle organisation,
+il vous est demande votre approbation pour nous donner le nom, le logo et le
+lieu de votre entreprise. La reference sera ajoutee sur
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList. Cette
+inscription serait utile pour encourager d'autres organisations a utiliser
+des certificats CAcert.
+
+Nous vous prions de nous dire a quelles fins vous utilisez vos certificats
+CAcert. S'il vous plaît, precisez les elements suivants :
+
+ [ ] - Certificats client (SSL)
+ [ ] - Certificats pour courriel (email)
+ [ ] - Certificats Serveur (SSL)
+ [ ] - Signature de document
+ [ ] - Signature du code de logiciels informatique
+
+"Si vous êtes satisfaits de nos services, faite le nous savoir. Dans le cas
+contraire, nous sommes a votre ecoute."
+
+De plus, nous prevoyons de realiser a l'avenir une page avec des temoignages ou
+vous pourrez parler de votre experience avec CAcert.
+
+Si vous avez des questions, des suggestions ou des critiques, n'hesitez pas
+s'il vous plaît a nous contacter sur mailto:support@cacert.org,
+mailto:cacert-orga-assurer@lists.cacert.org, ou contacter
+l'Accrediteur d'Organisation qui a realise votre inscription initialement.
+Vous pouvez retirer votre referencement a tout moment de notre site internet
+sur simple demande.
+
+Merci pour votre soutien.
+
+L'equipe des Accrediteurs d'Organisations.
+
+---------------------------------------------------
+
+[Dutch Version]
+
+Geachte dames/heren,
+
+Uw organisatie (of bedrijf) is reeds gewaarmerkt door CAcert.
+
+Gedurende dat proces bent u aangewezen als contactpersoon of als organisatie
+adminstrator, en daarom ontvangt u deze email.
+
+In het kader van een reorganisatie van CAcert websites willen wij uw organisatie
+graag als referentie toevoegen op de pagina:
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList.
+Daarom verzoeken wij u bij deze om toestemming om de naam van uw organisatie
+toe te voegen aan deze referentiepagina.
+
+Zodat ook andere organisaties zichzelf kunnen informeren over de verschillende
+toepassingen van onze certificaten, of kunnen profiteren van uw ervaring,
+verzoeken wij tevens om het gebruik van certificaten binnen uw organisatie
+te benoemen:
+
+ [ ] - Client Certificaten
+ [ ] - Email Certificaten
+ [ ] - Server Certificaten
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+
+"Wanneer u tevreden bent over onze service, vertel het verder. Wanneer u niet
+tevreden bent, vertel het ons."
+Binnen deze context plannen wij ook een Testimonal pagina, waar u zelf over uw
+ervaringen kunt berichten.
+
+Voor vragen, opmerkingen of kritiek kunt u ons ten alle tijden bereiken onder
+mailto:support@cacert.org of mailto:cacert-orga-assurer@lists.cacertg.org.
+U kunt ook contact opnemen met de Organisation Assurer die uw organisatie
+gewaarmerkt heeft.
+
+Uw Organisation Assurance Team.
\ No newline at end of file diff --git a/www/cats/cats_import.php b/www/cats/cats_import.php index 6d77a75..56dd0cf 100644 --- a/www/cats/cats_import.php +++ b/www/cats/cats_import.php @@ -24,6 +24,8 @@ API for CATS to import passed tests into main CAcert database. */ +require_once('../../includes/lib/account.php'); + function sanitize_string($buffer) { return htmlentities(utf8_decode($buffer), (int)ENQ_QUOTES); } @@ -154,8 +156,7 @@ if (!$query) { } // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)? -$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID).'\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp` WHERE `tp`.`user_id` = `u`.`id`) AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100;'); // Challenge has been passed and non-expired points >= 100 -if (!$query) { +if (!fix_assurer_flag($userID)) { echo 'Invalid query'."\r\n"; trigger_error('Invalid query', E_USER_ERROR); exit(); diff --git a/www/index.php b/www/index.php index 7330877..a139c4a 100644 --- a/www/index.php +++ b/www/index.php @@ -148,13 +148,16 @@ if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname']) { - $query = "select * from `emailcerts` where `serial`='$_SERVER[SSL_CLIENT_M_SERIAL]' and `revoked`=0 and disablelogin=0 and - UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + include_once("../includes/lib/general.php"); + $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'], + $_SERVER['SSL_CLIENT_I_DN_CN']); + + if($user_id >= 0) { - $row = mysql_fetch_assoc($res); - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]' and `deleted`=0 and `locked`=0")); + $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( + "select * from `users` where + `id`='$user_id' and `deleted`=0 and `locked`=0")); + if($_SESSION['profile']['id'] != 0) { $_SESSION['profile']['loggedin'] = 1; @@ -637,6 +640,13 @@ header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved } + if ($id == 8) + { + $protocol = $_SERVER['HTTPS'] ? 'https' : 'http'; + $newUrl = $protocol . '://wiki.cacert.org/Board'; + header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved + } + showheader(_("Welcome to CAcert.org")); includeit($id); showfooter(); |