summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/account_stuff.php5
-rw-r--r--includes/general.php18
-rw-r--r--includes/notary.inc.php44
-rw-r--r--pages/wot/16.php74
-rw-r--r--www/wot.php87
5 files changed, 216 insertions, 12 deletions
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index dbebf6a..46a499e 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -96,7 +96,8 @@
case 509:
case 510:
case 511:
- case 512: $expand = " explode('WoT');"; break;
+ case 512:
+ case 516: $expand = " explode('WoT');"; break; //Assurer check
case 1000:
case 1001:
case 1002:
@@ -217,7 +218,7 @@ function hideall() {
<? } ?>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('WoT')">+ <?=_("CAcert Web of Trust")?></h3>
- <ul class="menu" id="WoT"><li><a href="wot.php?id=0"><?=_("About")?></a></li><li><a href="wot.php?id=12"><?=_("Find an Assurer")?></a></li><li><a href="wot.php?id=3"><?=_("Rules")?></a></li><li><? if($_SESSION['profile']['assurer'] != 1) { ?><a href="wot.php?id=2"><?=_("Becoming an Assurer")?></a><? } else { ?><a href="wot.php?id=5"><?=_("Assure Someone")?></a><? } ?></li><li><a href="wot.php?id=4"><?=_("Trusted ThirdParties")?></a></li><? if($_SESSION['profile']['points'] >= 500) { ?><li><a href="wot.php?id=11"><div style="white-space:nowrap"><?=_("Organisation Assurance")?></div></a></li><? } ?><li><a href="account.php?id=55"><?=_("Training")?></a></li></ul>
+ <ul class="menu" id="WoT"><li><a href="wot.php?id=0"><?=_("About")?></a></li><li><a href="wot.php?id=12"><?=_("Find an Assurer")?></a></li><li><a href="wot.php?id=3"><?=_("Rules")?></a></li><li><a href="wot.php?id=16"><?=_("Check Assurer Status")?></a></li><li><a href="wot.php?id=3"></li><li><? if($_SESSION['profile']['assurer'] != 1) { ?><a href="wot.php?id=2"><?=_("Becoming an Assurer")?></a><? } else { ?><a href="wot.php?id=5"><?=_("Assure Someone")?></a><? } ?></li><li><a href="wot.php?id=4"><?=_("Trusted ThirdParties")?></a></li><? if($_SESSION['profile']['points'] >= 500) { ?><li><a href="wot.php?id=11"><div style="white-space:nowrap"><?=_("Organisation Assurance")?></div></a></li><? } ?><li><a href="account.php?id=55"><?=_("Training")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('WoTForms')">+ <?=_("CAP Forms")?></h3><?
diff --git a/includes/general.php b/includes/general.php
index d89c0e6..be94549 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -57,7 +57,7 @@
exit;
}
- if(array_key_exists('HTTP_HOST',$_SERVER) &&
+ if(array_key_exists('HTTP_HOST',$_SERVER) &&
($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] ||
$_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify']))
{
@@ -169,19 +169,19 @@
$points++;
//echo "Points due to length and charset: $points<br/>";
-
+
// check for historical password proposal
if ($pwd === "Fr3d Sm|7h") {
return 0;
}
-
+
return $points;
}
function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
{
$points = checkpwlight($pwd);
-
+
if(@strstr(strtolower($pwd), strtolower($email)))
$points--;
@@ -232,7 +232,7 @@
{
$bits = explode(": ", $_SESSION['_config']['subject'], 2);
$bits = str_replace(", ", "|", str_replace("/", "|", array_key_exists('1',$bits)?$bits['1']:""));
- $bits = explode("|", $bits);
+ $bits = explode("|", $bits);
$_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0;
$_SESSION['_config']['OU'] = "";
@@ -557,7 +557,7 @@
$fp = @fsockopen($domain,25,$errno,$errstr,5);
if($fp)
{
-
+
$line = fgets($fp, 4096);
while(substr($line, 0, 4) == "220-")
$line = fgets($fp, 4096);
@@ -662,7 +662,7 @@
return $ticket;
}
- function sanitizeHTML($input)
+ function sanitizeHTML($input)
{
return htmlentities(strip_tags($input), ENT_QUOTES);
//In case of problems, please use the following line again:
@@ -732,7 +732,7 @@
$text=preg_replace("/[^\w-.@]/","",$text);
return($text);
}
-
+
// returns text message to be shown to the user given the result of is_no_assurer
function no_assurer_text($Status)
@@ -775,7 +775,7 @@
$name="../$type/$kind/".intval($id/1000)."/$kind-".intval($id).".$type";
if (!is_dir("../csr")) { mkdir("../csr",0777); }
if (!is_dir("../crt")) { mkdir("../crt",0777); }
-
+
if (!is_dir("../csr/$kind")) { mkdir("../csr/$kind",0777); }
if (!is_dir("../crt/$kind")) { mkdir("../crt/$kind",0777); }
if (!is_dir("../csr/$kind/".intval($id/1000))) { mkdir("../csr/$kind/".intval($id/1000)); }
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index b34b2f4..da1b8c8 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -1125,3 +1125,47 @@
function check_date_difference($date, $diff=1){
return (strtotime($date)<=time()+$diff*86400);
}
+
+ //user function
+ function get_user_id_from_email($email){
+ $email = mysql_real_escape_string(trim($email));
+ $res = query_init ("select `id` from `users` where `email` = '" . $email . "'");
+ $row = query_getnextrow($res);
+
+ return intval($row['id']);
+ }
+
+ function get_number_of_adminlog_entries($uid, $typeid, $hours=1){
+ $uid = intval($uid);
+ $typeid = intval($typeid);
+ $hours = intval($hours);
+ $res = query_init ("SELECT count(*) AS `no` FROM `adminlog`
+ WHERE `adminid` = " . $uid . " AND `actiontypeid`=" . $typeid . " and `when` > NOW() - INTERVAL " . $hours . " HOUR " );
+ $row = query_getnextrow($res);
+
+ return intval($row['no']);
+ }
+
+/**
+ * write_se_log()
+ * writes an information to the adminlog
+ *
+ * @param mixed $uid - id of the user account
+ * @param mixed $adminid - id of the admin
+ * @param mixed $type - what was changed
+ * @param mixed $info - the ticket / arbitration no or other information
+ * @return
+ */
+// function write_se_log needs to be adjusted after merge with bug 1138
+function write_se_log($uid, $adminid, $type, $info, $typeid=1){
+ //records all support engineer actions changing a user account
+ $uid = intval($uid);
+ $adminid = intval($adminid);
+ $type = mysql_real_escape_string($type);
+ $info = mysql_real_escape_string($info);
+ $typeid = intval($typeid);
+ $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`,`actiontypeid`) values
+ (Now(), $uid, $adminid, '$type', '$info', '$typeid')";
+ mysql_query($query);
+}
+
diff --git a/pages/wot/16.php b/pages/wot/16.php
new file mode 100644
index 0000000..a5a31fa
--- /dev/null
+++ b/pages/wot/16.php
@@ -0,0 +1,74 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+include_once("../includes/shutdown.php");
+require_once("../includes/lib/l10n.php");
+?>
+<?
+if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
+{
+ ?><font color="orange" size="+1">
+ <? echo _("ERROR").": ".$_SESSION['_config']['error'] ?>
+ </font>
+ <?unset($_SESSION['_config']['error']);
+}
+?>
+<? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>
+ <? unset($_SESSION['_config']['noemailfound']); } ?>
+<form method="post" action="wot.php" name="form1">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_('Check Assurer Status')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Email to check')?>:</td>
+<? if(array_key_exists('remindersent',$_SESSION['_config']) && $_SESSION['_config']['remindersent'] == 1) { unset($_SESSION['_config']['remindersent']) ?>
+ <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
+ <? } else { ?>
+ <td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td>
+ <? } ?>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Reason why the assurer status is needed')?>:</td>
+ <td class="DataTD"><select name="reason"><option>--</option>
+ <option><?=_('Assurance')?></option>
+ <option><?=_('Event Preparation')?></option>
+ <option><?=_('Arbitration')?></option>
+ <option><?=_('CARS check')?></option>
+ <option><?=_('CATS certificate creation')?></option>
+ <option><?=_('Organisation Assurance')?></option>
+ </select></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_('If you request the assurer status the result is send to yourself as well as to the person of whom you request the status of.')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
+<SCRIPT LANGUAGE="JavaScript">
+//<![CDATA[
+ function my_init()
+ {
+ document.getElementById("email").focus();
+ }
+
+ window.onload = my_init();
+//]]>
+</script> \ No newline at end of file
diff --git a/www/wot.php b/www/wot.php
index 7200517..bd04f4f 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -80,6 +80,9 @@ function show_page($target,$message,$error)
case '15':
case 'MyPointsNew': includeit(15, "wot");
break;
+ case '16':
+ case 'AssurerCheck': includeit(16, "wot");
+ break;
}
showfooter();
@@ -122,6 +125,7 @@ function send_reminder()
if(array_key_exists('location',$_POST) && $_POST['location'] != "")
$_SESSION['_config']['location'] = $_POST['location'];
+ $id=array_key_exists('id',$_REQUEST)?intval($_REQUEST['id']):0;
$oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
if($oldid == 12)
@@ -565,7 +569,88 @@ $iecho= "c";
show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
exit;
}
-
+// Assurer Check
+ if($oldid == 16 )
+ {
+ $oldid=0;
+ $id = 0;
+ $number=5;
+ $email = mysql_real_escape_string(trim($_REQUEST['email']));
+ $reason = mysql_real_escape_string(trim($_REQUEST['reason']));
+ $uid = get_user_id_from_email($email);
+ if ($uid == 0) {
+ show_page("AssurerCheck", "", _("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
+ exit;
+ }
+ if ($reason == "--") {
+ show_page("AssurerCheck", "" ,_("I'm sorry, there was no reason given why you need to check the assurer status."));
+ exit;
+ }
+ if (get_number_of_adminlog_entries($_SESSION['profile']['id'],1000,1) > $number) {
+ show_page("AssurerCheck", "", sprintf(_("I'm sorry, you reached the maximum requests of %s per hour. Please wait until you try it again."),$number));
+ exit;
+ }
+ if (is_assurer($uid)) {
+ $status = _('Is assurer');
+ } else {
+ $status = _('Is no assurer');
+ }
+ write_se_log($uid, $_SESSION['profile']['id'], 'User Assurer status check', '', 1000);
+ $assurer = get_user($uid);
+ //mail to assurer
+ $my_translation = L10n::get_translation();
+ L10n::set_translation($assurer['language']);
+
+ $subject = "[CAcert.org] ". _("Assurer status report for you");
+
+ $body = sprintf(_("Hi %s,"), $assurer['fname'])."\n\n";
+ $body .= sprintf(_("%s %s (%s) has requested your assurer status for %s."),
+ $_SESSION['profile']['fname'],
+ $_SESSION['profile']['lname'],
+ $_SESSION['profile']['email'],
+ $reason)."\n\n";
+ $body .= sprintf(_("The transmitted result: %s"), $status)."\n";
+ $body .= _("Best regards")."\n";
+ $body .= _("CAcert Support Team");
+
+ //sendmail($assurer['email'], "[CAcert.org] " . $subject, $body, "support@cacert.org", "", "", "CAcert Support");
+ sendmail($assurer['email'], "[CAcert.org] ". $subject, $body,
+ "support@cacert.org", //from
+ "", //replyto
+ "", //toname
+ "CAcert Support"); //fromname
+ //mail to requestor
+// L10n::set_translation($my_translation);
+//
+// $subject = "[CAcert.org] " . _("Assurer status report that you requested");
+//
+// $body = sprintf(_("Hi %s,"), $_SESSION['profile']['fname'])."\n\n";
+// $body .= sprintf(_("you requested the assurer status of %s %s (%s) for %s."),
+// $assurer['fname'],
+// $assurer['lname'],
+// $assurer['email'],
+// $reason)."\n\n";
+// $body .= sprintf(_("The transmitted result: %s"), $status)."\n";
+// $body .= _("Best regards")."\n";
+// $body .= _("CAcert Support Team");
+//
+// sendmail($_SESSION['profile']['email'], "[CAcert.org] ". $subject, $body,
+// "support@cacert.org", //from
+// "", //replyto
+// "", //toname
+// "CAcert Support"); //fromname
+ showheader(_("My CAcert.org Account!"));?>
+ <p>
+ <?=sprintf(_('The assurer status for %s %s (%s) is: %s'),
+ $assurer['fname'],
+ $assurer['lname'],
+ $assurer['email'],
+ $status) . '<br/>'. _('The mail with the status request has been sent to the assurer.'); ?>
+ </p>
+ <?
+ showfooter();
+ exit;
+ }
// showheader(_("My CAcert.org Account!"));
// echo "ID now = ".$id."/".$oldid.">>".$iecho;
// includeit($id, "wot");