diff options
| -rw-r--r-- | includes/account.php | 27 | ||||
| -rw-r--r-- | includes/notary.inc.php | 157 | ||||
| -rw-r--r-- | pages/account/10.php | 4 | ||||
| -rw-r--r-- | pages/account/3.php | 28 | ||||
| -rw-r--r-- | pages/account/43.php | 17 | ||||
| -rw-r--r-- | pages/gpg/0.php | 2 | ||||
| -rw-r--r-- | pages/wot/6.php | 14 | ||||
| -rw-r--r-- | www/gpg.php | 11 | ||||
| -rw-r--r-- | www/wot.php | 92 |
9 files changed, 279 insertions, 73 deletions
diff --git a/includes/account.php b/includes/account.php index 954dba5..6a92669 100644 --- a/includes/account.php +++ b/includes/account.php @@ -182,6 +182,14 @@ if($process != "" && $oldid == 3) { + if(!array_key_exists('CCA',$_REQUEST)) + { + showheader(_("My CAcert.org Account!")); + echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again."); + showfooter(); + exit; + } + if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1') { showheader(_("My CAcert.org Account!")); @@ -311,6 +319,8 @@ exit; } + write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1); + $query = "insert into emailcerts set `CN`='$defaultemail', `keytype`='NS', @@ -635,6 +645,14 @@ if($process != "" && $oldid == 10) { + if(!array_key_exists('CCA',$_REQUEST)) + { + showheader(_("My CAcert.org Account!")); + echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again."); + showfooter(); + exit; + } + $CSR = clean_csr($_REQUEST['CSR']); if(strpos($CSR,"---BEGIN")===FALSE) { @@ -751,6 +769,8 @@ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; + write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1); + if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0) { $query = "insert into `domaincerts` set @@ -2665,6 +2685,13 @@ mysql_query($query); } + if($oldid == 43 && $_REQUEST['action'] == 'revokecert') + { + $userid = intval($_REQUEST['userid']); + revoke_all_private_cert($userid); + $id=43; + } + if($oldid == 48 && $_REQUEST['domain'] == "") { $id = $oldid; diff --git a/includes/notary.inc.php b/includes/notary.inc.php index 2dda1c1..7db597b 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -620,10 +620,22 @@ } //functions to do with recording user agreements + /** + * write_user_agreement() + * writes a new record to the table user_agreement + * + * @param mixed $memid + * @param mixed $document + * @param mixed $method + * @param mixed $comment + * @param integer $active + * @param integer $secmemid + * @return + */ function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){ // write a new record to the table user_agreement - $query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid. - ",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ; + $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid). + ",`document`='".$document."',`date`=NOW(), `active`=".intval($active).",`method`='".$method."',`comment`='".$comment."'" ; $res = mysql_query($query); } @@ -666,8 +678,8 @@ function get_last_user_agreement($memid, $type="CCA"){ //returns an array (`document`,`date`,`method`, `comment`,`active`) $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1) - union - (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; + union + (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; $res = mysql_query($query); if(mysql_num_rows($res) >0){ $row = mysql_fetch_assoc($res); @@ -708,7 +720,7 @@ { ?> <tr> - <td class="DataTD"><?=$field1?>:</td> + <td class="DataTD"><?=$field1.(empty($field1)?'':':')?>:</td> <td class="DataTD"><?=$field2?></td> </tr> <? @@ -735,7 +747,7 @@ if (count($methods) != 1) { ?> <tr> - <td class="DataTD"><?=$text?></td> + <td class="DataTD"><?=$text.(empty($text)?'':':')?></td> <td class="DataTD"> <select name="method"> <? @@ -762,7 +774,7 @@ { ?> <tr> - <td class="DataTD"><?=$field?>:</td> + <td class="DataTD"><?=$field.(empty($field)?'':':')?>:</td> <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td> </tr> <? @@ -791,15 +803,7 @@ //called from www/diputes.php if($type == "reallyemail") / if($action == "accept") //called from account_delete $mailid = intval($mailid); - $query = "select `emailcerts`.`id` - from `emaillink`,`emailcerts` where - `emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and - `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 - group by `emailcerts`.`id`"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)){ - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'"); - } + revoke_all_client_cert($mailid); $query = "update `email` set `deleted`=NOW() where `id`='$mailid'"; mysql_query($query); } @@ -811,26 +815,7 @@ //called from www/diputes.php if($type == "reallydomain") / if($action == "accept") //called from account_delete $domainid = intval($domainid); - $query = - "select `domaincerts`.`id` - from `domaincerts` - where `domaincerts`.`domid` = '$domainid' - union distinct - select `domaincerts`.`id` - from `domaincerts`, `domlink` - where `domaincerts`.`id` = `domlink`.`certid` - and `domlink`.`domid` = '$domainid'"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) - { - mysql_query( - "update `domaincerts` - set `revoked`='1970-01-01 10:00:01' - where `id` = '".$drow['id']."' - and `revoked` = 0 - and UNIX_TIMESTAMP(`expire`) - - UNIX_TIMESTAMP() > 0"); - } + revoke_all_server_cert($domainid); mysql_query( "update `domains` set `deleted`=NOW() @@ -1031,3 +1016,103 @@ $res = mysql_query($query); return mysql_num_rows($res) > 0; } + + + // revokation of certificates + function revoke_all_client_cert($mailid){ + //revokes all client certificates for an email address + $mailid = intval($mailid); + $query = "select `emailcerts`.`id` + from `emaillink`,`emailcerts` where + `emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `revoked`=0 + group by `emailcerts`.`id`"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)){ + mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'"); + } + } + + function revoke_all_server_cert($domainid){ + //revokes all server certs for an domain + $domainid = intval($domainid); + $query = + "select `domaincerts`.`id` + from `domaincerts` + where `domaincerts`.`domid` = '$domainid' + union distinct + select `domaincerts`.`id` + from `domaincerts`, `domlink` + where `domaincerts`.`id` = `domlink`.`certid` + and `domlink`.`domid` = '$domainid'"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)) + { + mysql_query( + "update `domaincerts` + set `revoked`='1970-01-01 10:00:01' + where `id` = '".$drow['id']."' + and `revoked` = 0"); + } + } + + function revoke_all_private_cert($uid){ + //revokes all certificates linked to a personal accounts + //gpg revokation needs to be added to a later point + $uid=intval($uid); + $query = "select `id` from `email` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_client_cert($row['id']); + } + + + $query = "select `id` from `domains` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_server_cert($row['id']); + } + } + + /** + * check_date_format() + * checks if the date is entered in the right date format YYYY-MM-DD and + * if the date is after the 1st January of the given year + * + * @param mixed $date + * @param integer $year + * @return + */ + function check_date_format($date, $year=2000){ + if (!strpos($date,'-')) { + return FALSE; + } + $arr=explode('-',$date); + + if ((count($arr)!=3)) { + return FALSE; + } + if (intval($arr[0])<=$year) { + return FALSE; + } + if (intval($arr[1])>12 or intval($arr[1])<=0) { + return FALSE; + } + if (intval($arr[2])>31 or intval($arr[2])<=0) { + return FALSE; + } + + return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0])); + + } + + /** + * check_date_difference() + * returns false if the date is larger then today + time diffrence + * + * @param mixed $date + * @param integer $diff + * @return + */ + function check_date_difference($date, $diff=1){ + return (strtotime($date)<=time()+$diff*86400); + } diff --git a/pages/account/10.php b/pages/account/10.php index f83e0d8..48bcb1f 100644 --- a/pages/account/10.php +++ b/pages/account/10.php @@ -38,7 +38,9 @@ <p><?=_("Optional comment, only used in the certifictate overview")?><br> <input type="text" name="description" maxlength="80" size=80/></p> <p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p> -<textarea name="CSR" cols="80" rows="15"></textarea><br> +<textarea name="CSR" cols="80" rows="15"></textarea><br /> +<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please Note: You need to accept the CCA to proceed.")?></p> <input type="submit" name="process" value="<?=_("Submit")?>"/> <input type="hidden" name="oldid" value="<?=$id?>"/> </form> diff --git a/pages/account/3.php b/pages/account/3.php index c2165c2..b760c11 100644 --- a/pages/account/3.php +++ b/pages/account/3.php @@ -70,17 +70,21 @@ if($_SESSION['profile']['points'] >= 50) <? } ?> <? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> <tr> + <td class="DataTD"> + <input type="checkbox" name="codesign" value="1" /> + </td> <td class="DataTD" align="left"> - <input type="checkbox" name="codesign" value="1" /> <?=_("Code Signing")?></td> - <td class="DataTD" align="left"> + <?=_("Code Signing")?><br /> <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> </td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="2" align="left"> - <input type="checkbox" name="login" value="1" checked="checked" /> <?=_("Enable certificate login with this certificate")?><br /> + <td class="DataTD"> + <input type="checkbox" name="login" value="1" checked="checked" /> + </td> + <td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br /> <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/> </td> </tr> @@ -92,8 +96,11 @@ if($_SESSION['profile']['points'] >= 50) </tr> <tr name="expertoff" style="display:none"> - <td class="DataTD" colspan="2" align="left"> - <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)"/><?=_("Show advanced options")?> + <td class="DataTD"> + <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)" /> + </td> + <td class="DataTD"> + <?=_("Show advanced options")?> </td> </tr> @@ -114,6 +121,15 @@ if($_SESSION['profile']['points'] >= 50) <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td> </tr> <tr> + <td class="DataTD"> + <input type="checkbox" name="CCA" /> + </td> + <td class="DataTD" align="left"> + <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please Note: You need to accept the CCA to proceed.")?> + </td> + </tr> + <tr> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td> </tr> </table> diff --git a/pages/account/43.php b/pages/account/43.php index 841189d..a942f18 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -100,8 +100,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(intval($_REQUEST['userid']) > 0) { - $id = intval($_REQUEST['userid']); - $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0"; + $userid = intval($_REQUEST['userid']); + $query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -135,7 +135,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <td class="DataTD"><?=_("Last Name")?>:</td> <td class="DataTD"> <input type="hidden" name="oldid" value="43"> <input type="hidden" name="action" value="updatedob"> - <input type="hidden" name="userid" value="<?=intval($id)?>"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td> </tr> <tr> @@ -786,9 +786,20 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <? } ?> </tr> + <tr> + <td colspan="6" class="title"> + <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> + <input type="hidden" name="action" value="revokecert"> + <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="submit" value="<?=_('revoke certificates')?>"> + </form> + </td> + </tr> </table> <br> + <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) <br /> diff --git a/pages/gpg/0.php b/pages/gpg/0.php index 7c7a37b..f490511 100644 --- a/pages/gpg/0.php +++ b/pages/gpg/0.php @@ -22,6 +22,8 @@ <p><?=_("Optional comment, only used in the certifictate overview")?><br /> <input type="text" name="description" maxlength="80" size=80 /></p> <textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br /> +<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please Note: You need to accept the CCA to proceed.")?></p> <input type="submit" name="process" value="<?=_("Submit")?>" /> <input type="hidden" name="oldid" value="<?=$id?>" /> </form> diff --git a/pages/wot/6.php b/pages/wot/6.php index 037eb7e..1031090 100644 --- a/pages/wot/6.php +++ b/pages/wot/6.php @@ -45,15 +45,15 @@ AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname)); AssureTextLine(_("Name"),$name); AssureTextLine(_("Date of Birth"),$dob." ("._("YYYY-MM-DD").")"); - AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person"), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); + AssureMethodLine(_("Method"),$methods,''); + AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person."), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); + AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1); AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"",""); - AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("Please adjust the date if you assured the person on a different day")); - AssureMethodLine(_("Method"),$methods,_("Only tick the next box if the Assurance was face to face.")); + AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); + AssureTextLine("",_("Only tick the next box if the Assurance was face to face.")); AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); - AssureBoxLine("rules",_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); - AssureTextLine(_("Policy"),"<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); + AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); + AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")"); - AssureCCABoxLine("CCAAgreed",sprintf(_("Check this box only if %s agreed to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"),$fname)); - AssureCCABoxLine("CCAAgree",_("Check this box only if YOU agree to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>")); AssureFoot($id,_("I confirm this Assurance")); ?> diff --git a/www/gpg.php b/www/gpg.php index 317072c..4133cd9 100644 --- a/www/gpg.php +++ b/www/gpg.php @@ -17,6 +17,7 @@ */ ?> <? require_once("../includes/loggedin.php"); + require_once('../includes/notary.inc.php'); $id = 0; if(array_key_exists('id',$_REQUEST)) $id=intval($_REQUEST['id']); $oldid = $_REQUEST['oldid'] = array_key_exists('oldid',$_REQUEST) ? intval($_REQUEST['oldid']) : 0; @@ -82,6 +83,14 @@ function verifyEmail($email) $state=0; if($oldid == "0" && $CSR != "") { + if(!array_key_exists('CCA',$_REQUEST)) + { + showheader(_("My CAcert.org Account!")); + echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again."); + showfooter(); + exit; + } + $debugkey = $gpgkey = clean_gpgcsr($CSR); $tnam = tempnam('/tmp/', '__gpg'); @@ -274,6 +283,8 @@ function verifyEmail($email) if($oldid == "0" && $CSR != "") { + write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1); + //set variable for comment if(trim($_REQUEST['description']) == ""){ $description= ""; diff --git a/www/wot.php b/www/wot.php index 858f81b..daba46a 100644 --- a/www/wot.php +++ b/www/wot.php @@ -18,6 +18,8 @@ <? require_once("../includes/loggedin.php"); require_once("../includes/lib/l10n.php"); +require_once("../includes/notary.inc.php"); + function show_page($target,$message,$error) @@ -113,9 +115,6 @@ function send_reminder() $_SESSION['_config']['error'] = _("A reminder notice has been sent."); } - - - loadem("account"); if(array_key_exists('date',$_POST) && $_POST['date'] != "") $_SESSION['_config']['date'] = $_POST['date']; @@ -238,37 +237,79 @@ function send_reminder() if($oldid == 6) { $iecho= "c"; + //date checks + if(trim($_REQUEST['date']) == '') + { + show_page("VerifyData","",_("You must enter the date when you met the assuree.")); + exit; + } + + if(!check_date_format(trim($_REQUEST['date']))) + { + show_page("VerifyData","",_("You must enter the date in this format: YYYY-MM-DD.")); + exit; + } + + if(!check_date_difference(trim($_REQUEST['date']))) + { + show_page("VerifyData","",_("You must not enter a date in the future.")); + exit; + } + + //proof of identity check and accept arbitration, implements CCA if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1) { show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert")); exit; } -/* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1) + //proof of CCA agreement by assuree after 2010-01-01 + if((!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1) and (check_date_format(trim($_REQUEST['date']),2010))) { show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert")); exit; } -*/ + //assurance done according to rules + if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1) + { + show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert")); + exit; + } + + //met assuree in person, not appliciable fot TTP / TTP Topup assurances if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1) { show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert")); exit; } - if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "") + //check location, min 3 characters + if(!array_key_exists('location',$_POST) || trim($_POST['location']) == "") { show_page("VerifyData","",_("You failed to enter a location of your meeting.")); exit; } + if(strlen(trim($_REQUEST['location']))<=2) + { + show_page("VerifyData","",_("You must enter a location with at least 3 characters eg town and country.")); + exit; + } + + //check for points in range 0-35, for nucleus 35 + 15 temporary if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points'])) { show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person.")); exit; } + if($_REQUEST['points'] <0 || ($_REQUEST['points']>35)) + { + show_page("VerifyData","",_("The number of points you entered are out of the range given by policy.")); + exit; + } + $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); @@ -315,7 +356,7 @@ $iecho= "c"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { - show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue.")); + show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue.")); exit; } } @@ -328,8 +369,19 @@ $iecho= "c"; `location`='".mysql_escape_string(stripslashes($_POST['location']))."', `date`='".mysql_escape_string(stripslashes($_POST['date']))."', `when`=NOW()"; - if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) { - $query .= ",\n`method`='TTP-Assisted'"; + //record active acceptance by Assurer + if (check_date_format(trim($_REQUEST['date']),2010)) { + write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']); + } + if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0) + { + $query .= ",\n`method`='Temporary Increase'"; + $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)"; + $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'"; + } else if($_SESSION['profile']['board'] == 1) { + $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'"; + } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) { + $query .= ",\n`method`='Trusted Third Parties'"; } mysql_query($query); fix_assurer_flag($_SESSION['_config']['notarise']['id']); @@ -404,16 +456,16 @@ $iecho= "c"; echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>"; ?><form method="post" action="wot.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="2" class="title"><?=_("Assure Someone")?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><input type="text" name="email" id="email" value=""></td> - </tr> - <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> - </tr> + <tr> + <td colspan="2" class="title"><?=_("Assure Someone")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><input type="text" name="email" id="email" value=""></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> + </tr> </table> <input type="hidden" name="oldid" value="5"> </form> @@ -466,7 +518,7 @@ $iecho= "c"; $subject = $_REQUEST['subject']; $userid = intval($_REQUEST['userid']); $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1")); - $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` + $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); if($points > 0) { |