diff options
55 files changed, 2559 insertions, 421 deletions
diff --git a/CommModule/client.pl b/CommModule/client.pl index 7b417d1..323ee27 100755 --- a/CommModule/client.pl +++ b/CommModule/client.pl @@ -540,7 +540,7 @@ sub OpenPGPextractExpiryDate ($) print OUT $_; unless ($r) { - if ( /^\s*version \d+, created (\d+), md5len 0, sigclass \d+\s*$/ ) + if ( /^\s*version \d+, created (\d+), md5len 0, sigclass (?:0x[0-9a-fA-F]+|\d+)\s*$/ ) { SysLog "Detected CTS: $1\n"; $cts = int($1); @@ -670,13 +670,13 @@ sub sendmail($$$$$$$) SysLog "SMTP: ".<$smtp>; print $smtp "HELO hlin.cacert.org\r\n"; SysLog "SMTP: ".<$smtp>; - print $smtp "MAIL FROM: <returns\@cacert.org>\r\n"; + print $smtp "MAIL FROM:<returns\@cacert.org>\r\n"; SysLog "MAIL FROM: ".<$smtp>; @bits = split(",", $to); foreach my $user (@bits) { - print $smtp "RCPT TO: <".trim($user).">\r\n"; + print $smtp "RCPT TO:<".trim($user).">\r\n"; SysLog "RCPT TO: ".<$smtp>; } print $smtp "DATA\r\n"; diff --git a/cacertupload.pl b/cacertupload.pl index 991570b..991570b 100755..100644 --- a/cacertupload.pl +++ b/cacertupload.pl diff --git a/includes/about_menu.php b/includes/about_menu.php index 2f3080d..f34a274 100644 --- a/includes/about_menu.php +++ b/includes/about_menu.php @@ -4,7 +4,7 @@ <li><a href="http://blog.cacert.org/"><?=_("CAcert News")?></a></li> <li><a href="http://wiki.CAcert.org/"><?=_("Wiki Documentation")?></a></li> <li><a href="/policy/"><?=_("Policies")?></a></li> - <li><a href="/index.php?id=19"><?=_("Point System")?></a></li> + <li><a href="//wiki.cacert.org/FAQ/Privileges"><?=_("Point System")?></a></li> <li><a href="http://bugs.CAcert.org/"><?=_("Bug Database")?></a></li> <? // <li><a href="/index.php?id=47">< = _ ("PR Materials" ) > </a></li> ?> <? // <li><a href="/logos.php">< ? = _ ( " CAcert Logos " ) ? > </a></li> ?> diff --git a/includes/account.php b/includes/account.php index 14702b9..55c9f7a 100644 --- a/includes/account.php +++ b/includes/account.php @@ -35,6 +35,12 @@ exit; } + if ($process == _("Cancel")) + { + // General reset CANCEL process requests + $process = ""; + } + if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46) { @@ -1290,6 +1296,8 @@ showheader(_("My CAcert.org Account!")); if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2']) { + echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"), + '</h3>', "\n"; echo _("New Pass Phrases specified don't match or were blank."); } else { $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'], @@ -1306,14 +1314,21 @@ } if(strlen($_SESSION['_config']['user']['pword1']) < 6) { + echo '<h3 style="color:red">', + _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; echo _("The Pass Phrase you submitted was too short."); } else if($score < 3) { + echo '<h3 style="color:red">', + _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score); } else if($rc <= 0) { + echo '<h3 style="color:red">', + _("Failure: Pass Phrase not Changed"), '</h3>', "\n"; echo _("You failed to correctly enter your current Pass Phrase."); } else { mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."') where `id`='".$_SESSION['profile']['id']."'"); + echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n"; echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change."); $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n"; $body .= _("You are receiving this email because you or someone else")."\n"; @@ -2189,7 +2204,7 @@ $orgid = 0; } - if($oldid == 31 && $process != _("Cancel")) + if($oldid == 31 && $process != "") { $query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'"; $dres = mysql_query($query); diff --git a/includes/account_stuff.php b/includes/account_stuff.php index 7c8980c..108bd57 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -277,8 +277,8 @@ function hideall() { ?> </div> </div> - <div id="siteInfo"><a href="account.php?id=37"><?=_("About Us")?></a> | <a href="account.php?id=38"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> | - <a href="account.php?id=39"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a> + <div id="siteInfo"><a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="account.php?id=38"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> | + <a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a> | ©2002-<?=date("Y")?> <?=_("by CAcert")?></div> </div> </body> diff --git a/includes/general.php b/includes/general.php index 5789875..8481018 100644 --- a/includes/general.php +++ b/includes/general.php @@ -38,6 +38,7 @@ $_SESSION['_config']['filepath'] = "/www"; require_once($_SESSION['_config']['filepath']."/includes/mysql.php"); + require_once($_SESSION['_config']['filepath'].'/includes/lib/account.php'); if(array_key_exists('HTTP_HOST',$_SERVER) && $_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] && @@ -248,8 +249,7 @@ } } - function checkpw($pwd, $email, $fname, $mname, $lname, $suffix) - { + function checkpwlight($pwd) { $points = 0; if(strlen($pwd) > 15) @@ -279,7 +279,19 @@ $points++; //echo "Points due to length and charset: $points<br/>"; + + // check for historical password proposal + if ($pwd === "Fr3d Sm|7h") { + return 0; + } + + return $points; + } + function checkpw($pwd, $email, $fname, $mname, $lname, $suffix) + { + $points = checkpwlight($pwd); + if(@strstr(strtolower($pwd), strtolower($email))) $points--; @@ -673,12 +685,12 @@ $line = fgets($fp, 4096); if(substr($line, 0, 3) != "250") continue; - fputs($fp, "MAIL FROM: <returns@cacert.org>\r\n"); + fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n"); $line = fgets($fp, 4096); if(substr($line, 0, 3) != "250") continue; - fputs($fp, "RCPT TO: <$email>\r\n"); + fputs($fp, "RCPT TO:<$email>\r\n"); $line = trim(fgets($fp, 4096)); fputs($fp, "QUIT\r\n"); fclose($fp); @@ -836,19 +848,6 @@ $text=preg_replace("/[^\w-.@]/","",$text); return($text); } - - function fix_assurer_flag($userID) - { - // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)? - $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID). - '\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'. - ' AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100'); // Challenge has been passed and non-expired points >= 100 - - // Reset flag if requirements are not met - $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE `u`.`id` = \''.(int)intval($userID). - '\' AND (NOT EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'. - ' OR (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `n`.`expire` < now()) < 100)'); - } // returns 0 if $userID is an Assurer // Otherwise : @@ -920,10 +919,13 @@ if($newlayout) { $name="../$type/$kind/".intval($id/1000)."/$kind-".intval($id).".$type"; - mkdir("../csr/$kind",0777); - mkdir("../crt/$kind",0777); - mkdir("../csr/$kind/".intval($id/1000)); - mkdir("../crt/$kind/".intval($id/1000)); + if (!is_dir("../csr")) { mkdir("../csr",0777); } + if (!is_dir("../crt")) { mkdir("../crt",0777); } + + if (!is_dir("../csr/$kind")) { mkdir("../csr/$kind",0777); } + if (!is_dir("../crt/$kind")) { mkdir("../crt/$kind",0777); } + if (!is_dir("../csr/$kind/".intval($id/1000))) { mkdir("../csr/$kind/".intval($id/1000)); } + if (!is_dir("../crt/$kind/".intval($id/1000))) { mkdir("../crt/$kind/".intval($id/1000)); } } return $name; } diff --git a/includes/general_stuff.php b/includes/general_stuff.php index 6747c84..80cd8a7 100644 --- a/includes/general_stuff.php +++ b/includes/general_stuff.php @@ -131,8 +131,8 @@ if(!function_exists("showfooter")) </div> <? include("sponsorinfo.php") ?> <div id="siteInfo"> - <a href="/index.php?id=12"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> | - <a href="/index.php?id=10"><?=_("Privacy Policy")?></a> | + <a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> | + <a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> | <a href="/index.php?id=51"><?=_("Mission Statement")?></a> | <a href="/index.php?id=11"><?=_("Contact Us")?></a> | ©2002-<?=date("Y")?> <?=_("by CAcert")?></div> </div> diff --git a/includes/lib/account.php b/includes/lib/account.php new file mode 100644 index 0000000..f7a24fa --- /dev/null +++ b/includes/lib/account.php @@ -0,0 +1,51 @@ +<?php +/* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +function fix_assurer_flag($userID) +{ + // Update Assurer-Flag on users table if 100 points. + // Should the number of points be SUM(points) or SUM(awarded)? + $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE '. + '`u`.`id` = \''.(int)intval($userID).'\' AND '. + 'EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv` '. + 'WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND '. + '`cp`.`user_id` = `u`.`id`) AND '. + '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '. + 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) >= 100'); + // Challenge has been passed and non-expired points >= 100 + + if (!$query) { + return false; + } + + // Reset flag if requirements are not met + $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE '. + '`u`.`id` = \''.(int)intval($userID).'\' AND '. + '(NOT EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS '. + '`cv` WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 '. + 'AND `cp`.`user_id` = `u`.`id`) OR '. + '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '. + 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100)'); + + if (!$query) { + return false; + } + + return true; +}
\ No newline at end of file diff --git a/includes/lib/general.php b/includes/lib/general.php new file mode 100644 index 0000000..25d2561 --- /dev/null +++ b/includes/lib/general.php @@ -0,0 +1,50 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +/** + * Checks if the user may log in and retrieve the user id + * + * Usually called with $_SERVER['SSL_CLIENT_M_SERIAL'] and + * $_SERVER['SSL_CLIENT_I_DN_CN'] + * + * @param $serial string + * usually $_SERVER['SSL_CLIENT_M_SERIAL'] + * @param $issuer_cn string + * usually $_SERVER['SSL_CLIENT_I_DN_CN'] + * @return int + * the user id, -1 in case of error + */ +function get_user_id_from_cert($serial, $issuer_cn) +{ + $query = "select `memid` from `emailcerts` where + `serial`='".mysql_escape_string($serial)."' and + `rootcert`= (select `id` from `root_certs` where + `Cert_Text`='".mysql_escape_string($issuer_cn)."') and + `revoked`=0 and disablelogin=0 and + UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + $row = mysql_fetch_assoc($res); + return intval($row['memid']); + } + + return -1; +} + +?> diff --git a/includes/loggedin.php b/includes/loggedin.php index 355527f..bf6b455 100644 --- a/includes/loggedin.php +++ b/includes/loggedin.php @@ -16,6 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ + include_once("../includes/lib/general.php"); if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0) { @@ -41,14 +42,11 @@ if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0)) { - $query = "select * from `emailcerts` where `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and `revoked`=0 and disablelogin=0 and - UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0"; - $res = mysql_query($query); + $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'], + $_SERVER['SSL_CLIENT_I_DN_CN']); - if(mysql_num_rows($res) > 0) + if($user_id >= 0) { - $row = mysql_fetch_assoc($res); - $_SESSION['profile']['loggedin'] = 0; $_SESSION['profile'] = ""; foreach($_SESSION as $key) @@ -61,7 +59,8 @@ session_unregister($key); } - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['memid']."'")); + $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( + "select * from `users` where `id`='".$user_id."'")); if($_SESSION['profile']['locked'] == 0) $_SESSION['profile']['loggedin'] = 1; else @@ -131,13 +130,12 @@ $normalhost=$_SESSION['_config']['normalhostname']; $_SESSION['profile']['loggedin'] = 0; $_SESSION['profile'] = ""; - foreach($_SESSION as $key) + foreach($_SESSION as $key => $value) { unset($_SESSION[$key]); unset($$key); session_unregister($key); } - unset($_SESSION); header("location: https://".$normalhost."/index.php"); exit; diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample index 1f477e4..ff5cfc3 100644 --- a/includes/mysql.php.sample +++ b/includes/mysql.php.sample @@ -55,11 +55,11 @@ $InputBuffer = fgets($smtp, 1024); fputs($smtp, "HELO www.cacert.org\r\n"); $InputBuffer = fgets($smtp, 1024); - fputs($smtp, "MAIL FROM: <returns@cacert.org>\r\n"); + fputs($smtp, "MAIL FROM:<returns@cacert.org>\r\n"); $InputBuffer = fgets($smtp, 1024); $bits = explode(",", $to); foreach($bits as $user) - fputs($smtp, "RCPT TO: <".trim($user).">\r\n"); + fputs($smtp, "RCPT TO:<".trim($user).">\r\n"); $InputBuffer = fgets($smtp, 1024); fputs($smtp, "DATA\r\n"); $InputBuffer = fgets($smtp, 1024); diff --git a/includes/notary.inc.php b/includes/notary.inc.php new file mode 100644 index 0000000..cc0e0eb --- /dev/null +++ b/includes/notary.inc.php @@ -0,0 +1,605 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + + function query_init ($query) + { + return mysql_query($query); + } + + function query_getnextrow ($res) + { + $row1 = mysql_fetch_assoc($res); + return $row1; + } + + function query_get_number_of_rows ($resultset) + { + return intval(mysql_num_rows($resultset)); + } + + function get_number_of_assurances ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' "); + $row = query_getnextrow($res); + + return intval($row['list']); + } + + function get_number_of_assurees ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' "); + $row = query_getnextrow($res); + + return intval($row['list']); + } + + function get_top_assurer_position ($no_of_assurances) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `method` = 'Face to Face Meeting' + GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'"); + return intval(query_get_number_of_rows($res)+1); + } + + function get_top_assuree_position ($no_of_assurees) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `method` = 'Face to Face Meeting' + GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'"); + return intval(query_get_number_of_rows($res)+1); + } + + function get_given_assurances ($userid) + { + $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc"); + return $res; + } + + function get_received_assurances ($userid) + { + $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc "); + return $res; + } + + function get_given_assurances_summary ($userid) + { + $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method"); + return $res; + } + + function get_received_assurances_summary ($userid) + { + $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method"); + return $res; + } + + function get_user ($userid) + { + $res = query_init ("select * from `users` where `id`='".intval($userid)."'"); + return mysql_fetch_assoc($res); + } + + function get_cats_state ($userid) + { + + $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1 + WHERE `cats_passed`.`user_id` = '".intval($userid)."'"); + return mysql_num_rows($res); + } + + function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked) + { + $apoints = max($row['points'],$row['awarded']); + $points += $apoints; + $experience = " "; + $revoked = false; # to be coded later (after DB-upgrade) + if ($row['method'] == "Face to Face Meeting") + { + $sum_experience = $sum_experience +2; + $experience = "2"; + } + return $apoints; + } + + function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded,&$revoked) + { + $awarded = calc_points($row); + $revoked = false; + + if ($awarded > 100) + { + $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100) + $awarded = 100; + } + else + $experience = 0; + + switch ($row['method']) + { + case 'Thawte Points Transfer': + case 'CT Magazine - Germany': + case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented + $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked")); + $experience=0; + $revoked=true; + break; + default: + $points += $awarded; + } + $sumexperience = $sumexperience + $experience; + } + + + function show_user_link ($name,$userid) + { + $name = trim($name); + if($name == "") + { + if ($userid == 0) + $name = _("System"); + else + $name = _("Deleted account"); + } + else + $name = "<a href='wot.php?id=9&userid=".intval($userid)."'>".sanitizeHTML($name)."</a>"; + return $name; + } + + function show_email_link ($email,$userid) + { + $email = trim($email); + if($email != "") + $email = "<a href='account.php?id=43&userid=".intval($userid)."'>".sanitizeHTML($email)."</a>"; + return $email; + } + + function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer) + { + $num_of_assurances = get_number_of_assurances (intval($userid)); + $rank_of_assurer = get_top_assurer_position($num_of_assurances); + } + + function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree) + { + $num_of_assurees = get_number_of_assurees (intval($userid)); + $rank_of_assuree = get_top_assuree_position($num_of_assurees); + } + + +// ************* html table definitions ****************** + + function output_ranking($userid) + { + get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer); + get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree); + +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="title"><?=_("Assurer Ranking")?></td> + </tr> + <tr> + <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td> + </tr> + <tr> + <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td> + </tr> +</table> +<br/> +<? + } + + function output_assurances_header($title,$support) + { +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> +<? + if ($support == "1") + { +?> + <td colspan="10" class="title"><?=$title?></td> +<? + } else { +?> + <td colspan="7" class="title"><?=$title?></td> +<? } +?> + </tr> + <tr> + <td class="DataTD"><strong><?=_("ID")?></strong></td> + <td class="DataTD"><strong><?=_("Date")?></strong></td> +<? + if ($support == "1") + { +?> + <td class="DataTD"><strong><?=_("When")?></strong></td> + <td class="DataTD"><strong><?=_("Email")?></strong></td> +<? } ?> + <td class="DataTD"><strong><?=_("Who")?></strong></td> + <td class="DataTD"><strong><?=_("Points")?></strong></td> + <td class="DataTD"><strong><?=_("Location")?></strong></td> + <td class="DataTD"><strong><?=_("Method")?></strong></td> + <td class="DataTD"><strong><?=_("Experience Points")?></strong></td> +<? + if ($support == "1") + { +?> + <td class="DataTD"><strong><?=_("Revoke")?></strong></td> +<? + } +?> + </tr> +<? + } + + function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support) + { +?> + <tr> + <td class="DataTD" colspan="5"><strong><?=$points_txt?>:</strong></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD"> </td> + <td class="DataTD"><strong><?=$experience_txt?>:</strong></td> + <td class="DataTD"><?=$sumexperience?></td> +<? + if ($support == "1") + { +?> + <td class="DataTD"> </td> +<? + } +?> + + </tr> +</table> +<br/> +<? + } + + function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked) + { + + $tdstyle=""; + $emopen=""; + $emclose=""; + + if ($awarded == $points) + { + if ($awarded == "0") + { + if ($when < "2006-09-01") + { + $tdstyle="style='background-color: #ffff80'"; + $emopen="<em>"; + $emclose="</em>"; + } + } + } +?> + <tr> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td> +<? + if ($support == "1") + { +?> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td> +<? } +?> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td> +<? + if ($support == "1") + { + if ($revoked == true) + { +?> + <td class="DataTD" <?=$tdstyle?>> </td> +<? } else { +?> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&userid=<?=intval($userid)?>&assurance=<?=intval($assuranceid)?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a><?=$emclose?></td> +<? + } + } +?> + </tr> +<? + } + + function output_summary_header() + { +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="4" class="title"><?=_("Summary of your Points")?></td> + </tr> + <tr> + <td class="DataTD"><strong><?=_("Description")?></strong></td> + <td class="DataTD"><strong><?=_("Points")?></strong></td> + <td class="DataTD"><strong><?=_("Countable Points")?></strong></td> + <td class="DataTD"><strong><?=_("Remark")?></strong></td> + </tr> +<? + } + + function output_summary_footer() + { +?> +</table> +<br/> +<? + } + + function output_summary_row($title,$points,$points_countable,$remark) + { +?> + <tr> + <td class="DataTD"><strong><?=$title?></strong></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD"><?=$points_countable?></td> + <td class="DataTD"><?=$remark?></td> + </tr> +<? + } + + +// ************* output given assurances ****************** + + function output_given_assurances_content($userid,&$points,&$sum_experience,$support) + { + $points = 0; + $sumexperience = 0; + $res = get_given_assurances(intval($userid)); + while($row = mysql_fetch_assoc($res)) + { + $fromuser = get_user (intval($row['to'])); + $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked); + $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to'])); + $email = show_email_link ($fromuser['email'],intval($row['to'])); + output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked); + } + } + +// ************* output received assurances ****************** + + function output_received_assurances_content($userid,&$points,&$sum_experience,$support) + { + $points = 0; + $sumexperience = 0; + $res = get_received_assurances(intval($userid)); + while($row = mysql_fetch_assoc($res)) + { + $fromuser = get_user (intval($row['from'])); + calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked); + $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from'])); + $email = show_email_link ($fromuser['email'],intval($row['from'])); + output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked); + } + } + +// ************* output summary table ****************** + + function check_date_limit ($userid,$age) + { + $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age)); + $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'"); + return intval(query_get_number_of_rows($res)); + } + + function calc_points($row) + { + $awarded = intval($row['awarded']); + if ($awarded == "") + $awarded = 0; + if (intval($row['points']) < $awarded) + $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value + else + $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value + switch ($row['method']) + { + case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration) + case 'CT Magazine - Germany': // revoke c't (only one test-entry) + case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented) + $points = 0; + break; + case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation) + if ($points <= 2) // maybe limit to 35/50 pts in the future? + $points = 0; + break; + case 'Unknown': // to be revoked in the future? limit to max 50 pts? + case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts? + case '': // to be revoked in the future? limit to max 50 pts? + case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future? + break; + default: // should never happen ... ;-) + $points = 0; + } + if ($points < 0) // ignore negative points (bug needs to be fixed) + $points = 0; + return $points; + } + + function max_points($userid) + { + return output_summary_content ($userid,0); + } + + function output_summary_content($userid,$display_output) + { + $sum_points = 0; + $sum_experience = 0; + $sum_experience_other = 0; + $max_points = 100; + $max_experience = 50; + + $experience_limit_reached_txt = _("Limit reached"); + + if (check_date_limit($userid,18) != 1) + { + $max_experience = 10; + $experience_limit_reached_txt = _("Limit given by PoJAM reached"); + } + if (check_date_limit($userid,14) != 1) + { + $max_experience = 0; + $experience_limit_reached_txt = _("Limit given by PoJAM reached"); + } + + $res = get_received_assurances_summary($userid); + while($row = mysql_fetch_assoc($res)) + { + $points = calc_points ($row); + + if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed) + { + $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']); + $points = $max_points; + } + $sum_points += $points*intval($row['number']); + } + + $res = get_given_assurances_summary($userid); + while($row = mysql_fetch_assoc($res)) + { + switch ($row['method']) + { + case 'Face to Face Meeting': // count Face to Face only + $sum_experience += 2*intval($row['number']); + break; + } + + } + + if ($sum_points > $max_points) + { + $sum_points_countable = $max_points; + $remark_points = _("Limit reached"); + } + else + { + $sum_points_countable = $sum_points; + $remark_points = " "; + } + if ($sum_experience > $max_experience) + { + $sum_experience_countable = $max_experience; + $remark_experience = $experience_limit_reached_txt; + } + else + { + $sum_experience_countable = $sum_experience; + $remark_experience = " "; + } + + if ($sum_experience_countable + $sum_experience_other > $max_experience) + { + $sum_experience_other_countable = $max_experience-$sum_experience_countable; + $remark_experience_other = $experience_limit_reached_txt; + } + else + { + $sum_experience_other_countable = $sum_experience_other; + $remark_experience_other = " "; + } + + if ($sum_points_countable < $max_points) + { + if ($sum_experience_countable != 0) + $remark_experience = _("Points on hold due to less assurance points"); + $sum_experience_countable = 0; + if ($sum_experience_other_countable != 0) + $remark_experience_other = _("Points on hold due to less assurance points"); + $sum_experience_other_countable = 0; + } + + $issue_points = 0; + $cats_test_passed = get_cats_state ($userid); + if ($cats_test_passed == 0) + { + $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>"; + if ($sum_points_countable < $max_points) + { + $issue_points_txt = "<strong style='color: red'>"; + $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points)); + $issue_points_txt .= "</strong>"; + } + } + else + { + $experience_total = $sum_experience_countable+$sum_experience_other_countable; + $issue_points_txt = ""; + if ($sum_points_countable == $max_points) + $issue_points = 10; + if ($experience_total >= 10) + $issue_points = 15; + if ($experience_total >= 20) + $issue_points = 20; + if ($experience_total >= 30) + $issue_points = 25; + if ($experience_total >= 40) + $issue_points = 30; + if ($experience_total >= 50) + $issue_points = 35; + if ($issue_points != 0) + $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points); + } + if ($display_output) + { + output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points); + output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience); + output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other); + output_summary_row (_("Total Points")," ",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt); + } + return $issue_points; + } + + function output_given_assurances($userid,$support) + { + output_assurances_header(_("Assurance Points You Issued"),$support); + output_given_assurances_content($userid,$points,$sum_experience,$support); + output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support); + } + + function output_received_assurances($userid,$support) + { + output_assurances_header(_("Your Assurance Points"),$support); + output_received_assurances_content($userid,$points,$sum_experience,$support); + output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience,$support); + } + + function output_summary($userid) + { + output_summary_header(); + output_summary_content($userid,1); + output_summary_footer(); + } + + function output_end_of_page() + { +?> + <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> +<? + } +?> diff --git a/includes/tverify_stuff.php b/includes/tverify_stuff.php index 46f49f6..93f7c32 100644 --- a/includes/tverify_stuff.php +++ b/includes/tverify_stuff.php @@ -66,7 +66,7 @@ if(!function_exists("showfooter")) </div> </div> <div id="siteInfo"> - <a href="/index.php?id=12"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> | + <a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> | <a href="/index.php?id=10"><?=_("Privacy Policy")?></a> | <a href="/index.php?id=51"><?=_("Mission Statement")?></a> | <a href="/index.php?id=11"><?=_("Contact Us")?></a> | <a href="/index.php?id=19"><?=_("Further Information")?></a> | ©2002-<?=date("Y")?> <?=_("by CAcert")?></div> diff --git a/includes/wot.inc.php b/includes/wot.inc.php new file mode 100644 index 0000000..884b97f --- /dev/null +++ b/includes/wot.inc.php @@ -0,0 +1,539 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + + function query_init ($query) + { + return mysql_query($query); + } + + function query_getnextrow ($res) + { + $row1 = mysql_fetch_assoc($res); + return $row1; + } + + function query_get_number_of_rows ($resultset) + { + return intval(mysql_num_rows($resultset)); + } + + function get_number_of_assurances ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' "); + $row = query_getnextrow($res); + + return intval($row['list']); + } + + function get_number_of_assurees ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' "); + $row = query_getnextrow($res); + + return intval($row['list']); + } + + function get_top_assurer_position ($no_of_assurances) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `method` = 'Face to Face Meeting' + GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'"); + return intval(query_get_number_of_rows($res)+1); + } + + function get_top_assuree_position ($no_of_assurees) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `method` = 'Face to Face Meeting' + GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'"); + return intval(query_get_number_of_rows($res)+1); + } + + function get_given_assurances ($userid) + { + $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc"); + return $res; + } + + function get_received_assurances ($userid) + { + $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc "); + return $res; + } + + function get_given_assurances_summary ($userid) + { + $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method"); + return $res; + } + + function get_received_assurances_summary ($userid) + { + $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method"); + return $res; + } + + function get_user ($userid) + { + $res = query_init ("select * from `users` where `id`='".intval($userid)."'"); + return mysql_fetch_assoc($res); + } + + function get_cats_state ($userid) + { + + $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1 + WHERE `cats_passed`.`user_id` = '".intval($userid)."'"); + return mysql_num_rows($res); + } + + function calc_experience ($row,&$points,&$experience,&$sum_experience) + { + $apoints = max($row['points'], $row['awarded']); + + $points += $apoints; + + $experience = " "; + if ($row['method'] == "Face to Face Meeting") + { + $sum_experience = $sum_experience +2; + $experience = "2"; + } + return $apoints; + } + + function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded) + { + $awarded = calc_points($row); + + if ($awarded > 100) + { + $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100) + $awarded = 100; + } + else + $experience = 0; + + switch ($row['method']) + { + case 'Thawte Points Transfer': + case 'CT Magazine - Germany': + case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented + $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked")); + $experience=0; + break; + default: + $points += $awarded; + } + $sumexperience = $sumexperience + $experience; + } + + + function show_user_link ($name,$userid) + { + $name = trim($name); + if($name == "") + { + if ($userid == 0) + $name = _("System"); + else + $name = _("Deleted account"); + } + else + $name = "<a href='wot.php?id=9&userid=".intval($userid)."'>$name</a>"; + return $name; + } + + function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer) + { + $num_of_assurances = get_number_of_assurances (intval($userid)); + $rank_of_assurer = get_top_assurer_position($num_of_assurances); + } + + function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree) + { + $num_of_assurees = get_number_of_assurees (intval($userid)); + $rank_of_assuree = get_top_assuree_position($num_of_assurees); + } + + +// ************* html table definitions ****************** + + function output_ranking($userid) + { + get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer); + get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree); + +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="title"><?=_("Assurer Ranking")?></td> + </tr> + <tr> + <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td> + </tr> + <tr> + <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td> + </tr> +</table> +<br/> +<? + } + + function output_assurances_header($title) + { +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="7" class="title"><?=$title?></td> + </tr> + <tr> + <td class="DataTD"><strong><?=_("ID")?></strong></td> + <td class="DataTD"><strong><?=_("Date")?></strong></td> + <td class="DataTD"><strong><?=_("Who")?></strong></td> + <td class="DataTD"><strong><?=_("Points")?></strong></td> + <td class="DataTD"><strong><?=_("Location")?></strong></td> + <td class="DataTD"><strong><?=_("Method")?></strong></td> + <td class="DataTD"><strong><?=_("Experience Points")?></strong></td> + </tr> +<? + } + + function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience) + { +?> + <tr> + <td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD"> </td> + <td class="DataTD"><strong><?=$experience_txt?>:</strong></td> + <td class="DataTD"><?=$sumexperience?></td> + </tr> +</table> +<br/> +<? + } + + function output_assurances_row($assuranceid,$date,$when,$name,$awarded,$points,$location,$method,$experience) + { + + $tdstyle=""; + $emopen=""; + $emclose=""; + + if ($awarded == $points) + { + if ($awarded == "0") + { + if ($when < "2006-09-01") + { + $tdstyle="style='background-color: #ffff80'"; + $emopen="<em>"; + $emclose="</em>"; + } + } + } + +?> + <tr> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td> + </tr> +<? + } + + function output_summary_header() + { +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="4" class="title"><?=_("Summary of your Points")?></td> + </tr> + <tr> + <td class="DataTD"><strong><?=_("Description")?></strong></td> + <td class="DataTD"><strong><?=_("Points")?></strong></td> + <td class="DataTD"><strong><?=_("Countable Points")?></strong></td> + <td class="DataTD"><strong><?=_("Remark")?></strong></td> + </tr> +<? + } + + function output_summary_footer() + { +?> +</table> +<br/> +<? + } + + function output_summary_row($title,$points,$points_countable,$remark) + { +?> + <tr> + <td class="DataTD"><strong><?=$title?></strong></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD"><?=$points_countable?></td> + <td class="DataTD"><?=$remark?></td> + </tr> +<? + } + + +// ************* output given assurances ****************** + + function output_given_assurances_content($userid,&$points,&$sum_experience) + { + $points = 0; + $sumexperience = 0; + $res = get_given_assurances(intval($userid)); + while($row = mysql_fetch_assoc($res)) + { + $fromuser = get_user (intval($row['to'])); + $apoints = calc_experience ($row,$points,$experience,$sum_experience); + $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to'])); + output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); + } + } + +// ************* output received assurances ****************** + + function output_received_assurances_content($userid,&$points,&$sum_experience) + { + $points = 0; + $sumexperience = 0; + $res = get_received_assurances(intval($userid)); + while($row = mysql_fetch_assoc($res)) + { + $fromuser = get_user (intval($row['from'])); + calc_assurances ($row,$points,$experience,$sum_experience,$awarded); + $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from'])); + output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); + } + } + +// ************* output summary table ****************** + + function check_date_limit ($userid,$age) + { + $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age)); + $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'"); + return intval(query_get_number_of_rows($res)); + } + + function calc_points($row) + { + $awarded = intval($row['awarded']); + if ($awarded == "") + $awarded = 0; + if (intval($row['points']) < $awarded) + $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value + else + $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value + switch ($row['method']) + { + case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration) + case 'CT Magazine - Germany': // revoke c't (only one test-entry) + case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented) + $points = 0; + break; + case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation) + if ($points <= 2) // maybe limit to 35/50 pts in the future? + $points = 0; + break; + case 'Unknown': // to be revoked in the future? limit to max 50 pts? + case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts? + case '': // to be revoked in the future? limit to max 50 pts? + case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future? + break; + default: // should never happen ... ;-) + $points = 0; + } + if ($points < 0) // ignore negative points (bug needs to be fixed) + $points = 0; + return $points; + } + + function max_points($userid) + { + return output_summary_content ($userid,0); + } + + function output_summary_content($userid,$display_output) + { + $sum_points = 0; + $sum_experience = 0; + $sum_experience_other = 0; + $max_points = 100; + $max_experience = 50; + + $experience_limit_reached_txt = _("Limit reached"); + + if (check_date_limit($userid,18) != 1) + { + $max_experience = 10; + $experience_limit_reached_txt = _("Limit given by PoJAM reached"); + } + if (check_date_limit($userid,14) != 1) + { + $max_experience = 0; + $experience_limit_reached_txt = _("Limit given by PoJAM reached"); + } + + $res = get_received_assurances_summary($userid); + while($row = mysql_fetch_assoc($res)) + { + $points = calc_points ($row); + + if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed) + { + $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']); + $points = $max_points; + } + $sum_points += $points*intval($row['number']); + } + + $res = get_given_assurances_summary($userid); + while($row = mysql_fetch_assoc($res)) + { + switch ($row['method']) + { + case 'Face to Face Meeting': // count Face to Face only + $sum_experience += 2*intval($row['number']); + break; + } + + } + + if ($sum_points > $max_points) + { + $sum_points_countable = $max_points; + $remark_points = _("Limit reached"); + } + else + { + $sum_points_countable = $sum_points; + $remark_points = " "; + } + if ($sum_experience > $max_experience) + { + $sum_experience_countable = $max_experience; + $remark_experience = $experience_limit_reached_txt; + } + else + { + $sum_experience_countable = $sum_experience; + $remark_experience = " "; + } + + if ($sum_experience_countable + $sum_experience_other > $max_experience) + { + $sum_experience_other_countable = $max_experience-$sum_experience_countable; + $remark_experience_other = $experience_limit_reached_txt; + } + else + { + $sum_experience_other_countable = $sum_experience_other; + $remark_experience_other = " "; + } + + if ($sum_points_countable < $max_points) + { + if ($sum_experience_countable != 0) + $remark_experience = _("Points on hold due to less assurance points"); + $sum_experience_countable = 0; + if ($sum_experience_other_countable != 0) + $remark_experience_other = _("Points on hold due to less assurance points"); + $sum_experience_other_countable = 0; + } + + $issue_points = 0; + $cats_test_passed = get_cats_state ($userid); + if ($cats_test_passed == 0) + { + $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>"; + if ($sum_points_countable < $max_points) + { + $issue_points_txt = "<strong style='color: red'>"; + $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points)); + $issue_points_txt .= "</strong>"; + } + } + else + { + $experience_total = $sum_experience_countable+$sum_experience_other_countable; + $issue_points_txt = ""; + if ($sum_points_countable == $max_points) + $issue_points = 10; + if ($experience_total >= 10) + $issue_points = 15; + if ($experience_total >= 20) + $issue_points = 20; + if ($experience_total >= 30) + $issue_points = 25; + if ($experience_total >= 40) + $issue_points = 30; + if ($experience_total >= 50) + $issue_points = 35; + if ($issue_points != 0) + $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points); + } + if ($display_output) + { + output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points); + output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience); + output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other); + output_summary_row (_("Total Points")," ",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt); + } + return $issue_points; + } + + function output_given_assurances($userid) + { + output_assurances_header(_("Assurance Points You Issued")); + output_given_assurances_content($userid,$points,$sum_experience); + output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience); + } + + function output_received_assurances($userid) + { + output_assurances_header(_("Your Assurance Points")); + output_received_assurances_content($userid,$points,$sum_experience); + output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience); + } + + function output_summary($userid) + { + output_summary_header(); + output_summary_content($userid,1); + output_summary_footer(); + } + + function output_end_of_page() + { +?> + <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> +<? + } +?> diff --git a/pages/account/12.php b/pages/account/12.php index 40135be..44926ca 100644 --- a/pages/account/12.php +++ b/pages/account/12.php @@ -19,12 +19,13 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> </tr> @@ -33,7 +34,7 @@ UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`, `domaincerts`.`expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`id` as `id` + UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id` from `domaincerts`,`domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` "; if($viewall != 1) @@ -48,7 +49,7 @@ { ?> <tr> - <td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td> + <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -74,12 +75,13 @@ <? } ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=15&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     + <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> </tr> <? } ?> diff --git a/pages/account/14.php b/pages/account/14.php index 342ab46..29aeb21 100644 --- a/pages/account/14.php +++ b/pages/account/14.php @@ -15,6 +15,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> +<? + if (intval($_REQUEST['force']) === 1) +{ +?> + +<p style="border:dotted 1px #900;padding:0.3em;bold;color:#ffffff;background-color:#ff0000;"><strong><center> +<?=_("For your own security you should change your pass phrase immediately!"); ?></center></strong> +</p> +<?}?> + <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> <tr> diff --git a/pages/account/16.php b/pages/account/16.php index 3e582e3..514ecfd 100644 --- a/pages/account/16.php +++ b/pages/account/16.php @@ -57,7 +57,7 @@ </tr> <? } ?> <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Another Email")?>"> + <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>"> <input type="submit" name="process" value="<?=_("Next")?>"></td> </tr> </table> diff --git a/pages/account/18.php b/pages/account/18.php index 5ee1a3b..13dcc30 100644 --- a/pages/account/18.php +++ b/pages/account/18.php @@ -19,36 +19,38 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="5" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> <? - $query = "select UNIX_TIMESTAMP(`created`) as `created`, - UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`, - UNIX_TIMESTAMP(`expire`) as `expired`, - `expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `id` - from `orgemailcerts`, `org` - where `memid`='".intval($_SESSION['profile']['id'])."' and - `org`.`orgid`=`orgemailcerts`.`orgid` "; + $query = "select UNIX_TIMESTAMP(`oemail`.`created`) as `created`, + UNIX_TIMESTAMP(`oemail`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, + UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`, + `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`, + UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`, + `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id` + from `orgemailcerts` as `oemail`, `org` + where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and + `org`.`orgid`=`oemail`.`orgid` "; if($viewall != 1) { - $query .= "AND `revoked`=0 AND `renewed`=0 "; + $query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 "; $query .= "HAVING `timeleft` > 0 AND `revoked`=0 "; } - $query .= "ORDER BY `modified` desc"; + $query .= "ORDER BY `oemail`.`modified` desc"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { ?> <tr> - <td colspan="5" class="DataTD"><?=_("No client certificates are currently listed.")?></td> + <td colspan="6" class="DataTD"><?=_("No client certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -78,12 +80,13 @@ <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> <? } ?> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     + <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> </tr> <? } ?> diff --git a/pages/account/22.php b/pages/account/22.php index 565cb5f..9df8200 100644 --- a/pages/account/22.php +++ b/pages/account/22.php @@ -19,12 +19,13 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> @@ -33,7 +34,9 @@ UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`, `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`id` as `id` + UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, + `orgdomaincerts`.`serial`, + `orgdomaincerts`.`id` as `id` from `orgdomaincerts`,`org` where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` "; if($viewall != 1) @@ -48,7 +51,7 @@ { ?> <tr> - <td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td> + <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -74,12 +77,13 @@ <? } ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     + <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> </tr> <? } ?> diff --git a/pages/account/25.php b/pages/account/25.php index ab0e6b2..a70f608 100644 --- a/pages/account/25.php +++ b/pages/account/25.php @@ -19,6 +19,15 @@ <tr> <td colspan="5" class="title"><?=_("Organisations")?></td> </tr> + +<tr> + <td colspan="5" class="title"><?=_("Order by:")?> + <a href="account.php?id=25"><?=_("Id")?></a> - + <a href="account.php?id=25&ord=1"><?=_("Country")?></a> - + <a href="account.php?id=25&ord=2"><?=_("Name")?></a> + </td> +</tr> + <tr> <td class="DataTD" width="350"><?=_("Organisation")?></td> <td class="DataTD"><?=_("Domains")?></td> @@ -27,7 +36,24 @@ <td class="DataTD"><?=_("Delete")?></td> </tr> <? - $query = "select * from `orginfo` ORDER BY `id`"; + $order = 0; + if (array_key_exists('ord',$_REQUEST)) { + $order = intval($_REQUEST['ord']); + } + + $order_by = "`id`"; + switch ($order) { + case 1: + $order_by = "`C`,`O`"; + break; + case 2: + $order_by = "`O`"; + break; + // the 0 and default case are handled by the preset + } + + // Safe because $order_by only contains fixed strings + $query = sprintf("select * from `orginfo` ORDER BY %s", $order_by); $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { diff --git a/pages/account/30.php b/pages/account/30.php index 30c86f3..33eeca8 100644 --- a/pages/account/30.php +++ b/pages/account/30.php @@ -34,7 +34,7 @@ <td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this domain?"), sanitizeHTML($row['domain'])); ?></td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>"> + <td class="DataTD" colspan="2"><input type="submit" name="cancel" value="<?=_("Cancel")?>"> <input type="submit" name="process" value="<?=_("Delete")?>"></td> </tr> </table> diff --git a/pages/account/31.php b/pages/account/31.php index d91a77a..9f3d27e 100644 --- a/pages/account/31.php +++ b/pages/account/31.php @@ -29,7 +29,7 @@ <td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this organisation?"), sanitizeHTML($org['O'])); ?></td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>"> + <td class="DataTD" colspan="2"><input type="submit" name="cancel" value="<?=_("Cancel")?>"> <input type="submit" name="process" value="<?=_("Delete")?>"></td> </tr> </table> diff --git a/pages/account/34.php b/pages/account/34.php index 25ad1db..b11bc7d 100644 --- a/pages/account/34.php +++ b/pages/account/34.php @@ -35,7 +35,7 @@ <td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s from administering this organisation?"), sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])); ?></td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>"> + <td class="DataTD" colspan="2"><input type="submit" name="cancel" value="<?=_("Cancel")?>"> <input type="submit" name="process" value="<?=_("Delete")?>"></td> </tr> </table> diff --git a/pages/account/37.php b/pages/account/37.php index 4b021e0..48c737a 100755..100644 --- a/pages/account/37.php +++ b/pages/account/37.php @@ -15,17 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<H3><?=_("About CAcert.org")?></H3> - -<p><?=_("CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free.")?></p> - -<p><? printf(_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically with the X.509 family of standards. We have compiled a %sdocument base%s that has helpful hints and tips on setting up encryption with common software, and general information about Public Key Infrastructures (PKI)."), "<a href='http://wiki.cacert.org/'>", "</a>"); ?></p> - -<p><?=_("For the enthusiast looking to dip their toe in the water, we have an easy way of obtaining certificates you can use with your email program. You can use these not only to encrypt, but to prove to your friends and family that your email really does come from you.")?></p> - -<p><?=_("For administrators looking to protect the services they offer, we provide host and wild card certificates which you can issue almost immediately. Not only can you use these to protect websites, but also POP3, SMTP and IMAP connections, to list but a few. Unlike other certificate authorities, we don't limit the strength of the certificates, or the use of wild card certificates. Everyone should have the right to security and to protect their privacy, not just those looking to run ecommerce sites.")?></p> - -<p><?=_("If you're extremely serious about encryption, you can join CAcert's Assurance Programme and Web of Trust. This allows you to have your identity verified to obtain added benefits, including longer length certificates and the ability to include your name on email certificates."); ?></p> - -<p><?=_("CAcert Inc. is a non-profit association, incorporated in New South Wales Australia.")?></p> -<p><?=_("More information about CAcert Incorporated:")?><a href="http://wiki.cacert.org/wiki/CAcertIncorporated">http://wiki.cacert.org/wiki/CAcertIncorporated</a></p> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/FAQ/AboutUs">', '</a>'); +?> +</p> diff --git a/pages/account/38.php b/pages/account/38.php index 34cbea4..f311bf5 100755..100644 --- a/pages/account/38.php +++ b/pages/account/38.php @@ -19,7 +19,11 @@ <h4><?=_("If I'd like to donate to CAcert Inc., how can I do it?")?></h4> -<p><?=_("CAcert Inc. is a non-profit association which is legally able to accept donations. CAcert adheres to strict guidelines about how this money can to be used. If you'd like to make a donation, you can do so via")?> +<p> +<? +printf(_("CAcert Inc. is a non-profit association which is legally able to accept donations. CAcert adheres to %sstrict guidelines%s about how this money can to be used. If you'd like to make a donation, you can do so via"), + '<a href="//wiki.cacert.org/FAQ/DonationsGuideline">', '</a>'); +?> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_s-xclick"> diff --git a/pages/account/39.php b/pages/account/39.php index f89187d..9e09bb8 100755..100644 --- a/pages/account/39.php +++ b/pages/account/39.php @@ -15,76 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<h3><?=_("Privacy Policy")?></h3> - -<p> -<?=_("This policy discloses what information we gather about you when you visit any of our Web site, and when you issue or use our certificates. It describes how we use that information and how you can control it.")?> -</p> - -<h4>1. <?=_("Website information")?></h4> -<p> -<?=_("We collect two kinds of information about website users: 1) data that users volunteer by signing up to our website or when you send us an email via our contact form; and 2) aggregated tracking data we collect when users interact with our site.")?> -</p> - -<h4>2. <?=_("Personal information")?></h4> -<p> -<?=_("When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address, date of birth and some lost pass phrase question and answers.")?> -</p> -<p> -<?=_("We only share your information with any other organisation when so instructed by a CAcert arbitrator.")?> -</p> - -<h4>3. <?=_("Aggregated tracking information")?></h4> -<p> -<?=_("We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user.")?> -</p> - -<h4>4. <?=_("Cookies")?></h4> -<p> -<?=_("Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them.")?> -</p> -<p> -<?=_("We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer.")?> -</p> - -<h4>5. <?=_("Notification of changes")?></h4> -<p> -<?=_("If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information.")?> -</p> - -<h4>6. <?=_("How to update, correct, or delete your information")?></h4> -<p> -<?=_("You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link")?> -</p> - -<h4>7. <?=_("Privacy of certificates")?></h4> -<p> -<?=_("CAcert does not automatically publish the certificates through a directory service or the website to other people than the user who requested the certificate. In the future, the user might be able to opt-in for publication of the certificates through a directory server by CAcert.")?> -</p> - -<h4>8. <?=_("Privacy of user data")?></h4> -<p> -<?=_("CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address. No other person related data is published by CAcert.")?> -</p> - -<h4>9. <?=_("Exceptions")?></h4> -<p> -<?=_("A CAcert arbitrator may override this policy in a dispute.")?> -<?=_("To obtain access to confidential data, a dispute has to be filed.")?> -</p> - -<h4>10. <?=_("Legal mandates")?></h4> -<p> -<?=_("CAcert adopts the Australian privacy regulations.")?> -<?=_("Please see <a href='http://www.privacy.gov.au/'>http://www.privacy.gov.au/</a> for further details.")?> -<?=_("Governmental warrants and civil supoenas will be processed through the dispute resolution system, which ensures that valid authority is given to whoever complies with the supoena or the warrant.")?> -</p> - - -<p><?=_("If you need to contact us in writing, address your mail to:")?></p> -<p> -CAcert Inc.<br> -P.O. Box 4107<br> -Denistone East NSW 2112<br> -Australia +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_('This page has been moved to the %spolicy directory%s. Please update '. + 'your bookmarks and report any broken links.'), + '<a href="/policy/PrivacyPolicy.html">', '</a>'); +?> </p> diff --git a/pages/account/43.php b/pages/account/43.php index a286ec6..f058770 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -16,6 +16,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? +include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); + + if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0) { $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); @@ -38,14 +41,26 @@ //if(!strstr($email, "%")) // $emailsearch = "%$email%"; - if(intval($email) > 0) - $emailsearch = ""; - - $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` - where `users`.`id`=`email`.`memid` and - (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and - `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 - group by `users`.`id` limit 100"; + // bug-975 ted+uli changes --- begin + if(preg_match("/^[0-9]+$/", $email)) { + // $email consists of digits only ==> search for IDs + // Be defensive here (outer join) if primary mail is not listed in email table + $query = "select `users`.`id` as `id`, `email`.`email` as `email` + from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) + where (`email`.`id`='$email' or `users`.`id`='$email') + and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + } else { + // $email contains non-digits ==> search for mail addresses + // Be defensive here (outer join) if primary mail is not listed in email table + $query = "select `users`.`id` as `id`, `email`.`email` as `email` + from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) + where (`email`.`email` like '$emailsearch' + or `users`.`email` like '$emailsearch') + and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + } + // bug-975 ted+uli changes --- end $res = mysql_query($query); if(mysql_num_rows($res) > 1) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> @@ -138,7 +153,7 @@ { echo "<option"; if($day == $i) - echo " selected='selected'"; + echo " selected='selected'"; echo ">$i</option>"; } ?> @@ -178,7 +193,7 @@ <td class="DataTD"><a href="account.php?id=43&codesign=<?=$row['id']?>&csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td> </tr> <tr> - <td class="DataTD"><?=_("Org Admin")?>:</td> + <td class="DataTD"><?=_("Org Assurer")?>:</td> <td class="DataTD"><a href="account.php?id=43&orgadmin=<?=$row['id']?>&csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td> </tr> <tr> @@ -317,16 +332,178 @@ </table> <br> <? } ?> +<? // Begin - Debug infos ?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Account State")?></td> + </tr> -<? - if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") { +<? + // --- bug-975 begin --- + // potential db inconsistency like in a20110804.1 + // Admin console -> don't list user account + // User login -> impossible + // Assurer, assure someone -> user displayed + /* regular user account search with regular settings + + --- Admin Console find user query + $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` + where `users`.`id`=`email`.`memid` and + (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and + `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + => requirements + 1. email.hash = '' + 2. email.deleted = 0 + 3. users.deleted = 0 + 4. email.email = primary-email (???) or'd + not covered by admin console find user routine, but may block users login + 5. users.verified = 0|1 + further "special settings" + 6. users.locked (setting displayed in display form) + 7. users.assurer_blocked (setting displayed in display form) + + --- User login user query + select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or + `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 + => requirements + 1. users.verified = 1 + 2. users.deleted = 0 + 3. users.locked = 0 + 4. users.email = primary-email + + --- Assurer, assure someone find user query + select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' + and `deleted`=0 + => requirements + 1. users.deleted = 0 + 2. users.email = primary-email + Admin User Assurer + bit Console Login assure someone + + 1. email.hash = '' Yes No No + 2. email.deleted = 0 Yes No No + 3. users.deleted = 0 Yes Yes Yes + 4. users.verified = 1 No Yes No + 5. users.locked = 0 No Yes No + 6. users.email = prim-email No Yes Yes + 7. email.email = prim-email Yes No No + + full usable account needs all 7 requirements fulfilled + so if one setting isn't set/cleared there is an inconsistency either way + if eg email.email is not avail, admin console cannot open user info + but user can login and assurer can display user info + if user verified is not set to 1, admin console displays user record + but user cannot login, but assurer can search for the user and the data displays + + consistency check: + 1. search primary-email in users.email + 2. search primary-email in email.email + 3. userid = email.memid + 4. check settings from table 1. - 5. + + */ + + $inconsistency = 0; + $inconsistencydisp = ""; + $inccause = ""; + // current userid intval($row['id']) + $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked` + from `users` where `id`='".intval($row['id'])."' "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $uemail = $drow['uemail']; + $udeleted = $drow['udeleted']; + $uverified = $drow['verified']; + $ulocked = $drow['locked']; + + $query = "select `hash`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and + `email` ='".$uemail."' and + `deleted` = 0"; + $dres = mysql_query($query); + if ($drow = mysql_fetch_assoc($dres)) { + $drow['edeleted'] = 0; + } else { + // try if there are deleted entries + $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and + `email` ='".$uemail."'"; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + } + + if ($drow) { + $eemail = $drow['eemail']; + $edeleted = $drow['edeleted']; + $ehash = $drow['hash']; + if ($udeleted!=0) { + $inconsistency += 1; + $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted"); + } + if ($uverified!=1) { + $inconsistency += 2; + $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set"); + } + if ($ulocked!=0) { + $inconsistency += 4; + $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set"); + } + if ($edeleted!=0) { + $inconsistency += 8; + $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); + } + if ($ehash!='') { + $inconsistency += 16; + $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); + } + } else { + $inconsistency = 32; + $inccause = _("Prim. email, Email record doesn't exist"); + } + if ($inconsistency>0) { + // $inconsistencydisp = _("Yes"); ?> + <tr> + <td class="DataTD"><?=_("Account inconsistency")?>:</td> + <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td> + </tr> + <tr> + <td colspan="2" class="DataTD" style="max-width: 75ex"> + <?=_("Account inconsistency can cause problems in daily account ". + "operations and needs to be fixed manually through arbitration/critical ". + "team.")?> + </td> + </tr> +<? } + + // --- bug-975 end --- +?> +</table> +<br> +<? + // End - Debug infos +?> + +<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> + (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) +<br /> +<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby"><?=_("Show Assurances the user gave")?></a> + (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby15"><?=_("New calculation")?></a>) +<br /> + +<? +// if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") { +function showassuredto() +{ +?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="7" class="title"><?=_("Assurance Points")?></td> + <td colspan="8" class="title"><?=_("Assurance Points")?></td> </tr> <tr> + <td class="DataTD"><b><?=_("ID")?></b></td> <td class="DataTD"><b><?=_("Date")?></b></td> <td class="DataTD"><b><?=_("Who")?></b></td> <td class="DataTD"><b><?=_("Email")?></b></td> @@ -336,7 +513,7 @@ <td class="DataTD"><b><?=_("Revoke")?></b></td> </tr> <? - $query = "select * from `notary` where `to`='".intval($row['id'])."'"; + $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'"; $dres = mysql_query($query); $points = 0; while($drow = mysql_fetch_assoc($dres)) @@ -345,9 +522,10 @@ $points += $drow['points']; ?> <tr> + <td class="DataTD"><?=$drow['id']?></td> <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td> <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> <td class="DataTD"><?=intval($drow['points'])?></td> <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> @@ -360,20 +538,18 @@ <td class="DataTD" colspan="3"> </td> </tr> </table> -<? } else { ?> - <tr> - <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&assuredto=yes"><?=_("Show Assurances the user got")?></a></td> - </tr> <? } ?> -<br> + <? - if(array_key_exists('assuredby',$_GET) && $_GET['assuredby'] == "yes") { +function showassuredby() +{ ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="7" class="title"><?=_("Assurance Points The User Issued")?></td> + <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td> </tr> <tr> + <td class="DataTD"><b><?=_("ID")?></b></td> <td class="DataTD"><b><?=_("Date")?></b></td> <td class="DataTD"><b><?=_("Who")?></b></td> <td class="DataTD"><b><?=_("Email")?></b></td> @@ -383,7 +559,7 @@ <td class="DataTD"><b><?=_("Revoke")?></b></td> </tr> <? - $query = "select * from `notary` where `from`='".$row['id']."' and `to`!='".$row['id']."'"; + $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'"; $dres = mysql_query($query); $points = 0; while($drow = mysql_fetch_assoc($dres)) @@ -392,6 +568,7 @@ $points += $drow['points']; ?> <tr> + <td class="DataTD"><?=$drow['id']?></td> <td class="DataTD"><?=$drow['date']?></td> <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> @@ -407,11 +584,21 @@ <td class="DataTD" colspan="3"> </td> </tr> </table> -<? } else { ?> - <tr> - <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&assuredby=yes"><?=_("Show Assurances the user gave")?></a></td> - </tr> <? } ?> <br><br> -<? } } ?> +<? } } +switch ($_GET['shownotary']) + { + case 'assuredto': showassuredto(); + break; + case 'assuredby': showassuredby(); + break; + case 'assuredto15': output_received_assurances(intval($_GET['userid']),1); + break; + case 'assuredby15': output_given_assurances(intval($_GET['userid']),1); + break; + } + + +?> diff --git a/pages/account/5.php b/pages/account/5.php index ee500c0..5c131ba 100644 --- a/pages/account/5.php +++ b/pages/account/5.php @@ -19,12 +19,13 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("Email Address")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Login")?></td> @@ -38,6 +39,7 @@ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, `emailcerts`.`id`, `emailcerts`.`CN`, + `emailcerts`.`serial`, emailcerts.disablelogin as `disablelogin` from `emailcerts` where `emailcerts`.`memid`='".$_SESSION['profile']['id']."' @@ -54,7 +56,7 @@ { ?> <tr> - <td colspan="5" class="DataTD"><?=_("No client certificates are currently listed.")?></td> + <td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -84,6 +86,7 @@ <td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> <? } ?> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"> diff --git a/pages/index/1.php b/pages/index/1.php index d9ce8a8..a60a242 100644 --- a/pages/index/1.php +++ b/pages/index/1.php @@ -18,36 +18,40 @@ <p><?=_("By joining CAcert and becoming a Member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p> <p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p> <p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"> -<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br> -<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br> -<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br> +<?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br> <b><?=_("Note: White spaces at the beginning and end of a password will be removed.")?></b> </p> <form method="post" action="index.php" autocomplete="off"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> <tr> - <td colspan="2" class="title"><?=_("My Details")?></td> + <td colspan="3" class="title"><?=_("My Details")?></td> </tr> + <tr> <td class="DataTD" width="125"><?=_("First Name")?>: </td> <td class="DataTD" width="125"><input type="text" name="fname" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td> + <td rowspan="4" class="DataTD" width="125"><? printf(_("Help on Names %sin the wiki%s"),'<a href="//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm" target="_blank">','</a>')?></td> </tr> + <tr> <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> (<?=_("optional")?>) </td> <td class="DataTD"><input type="text" name="mname" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td> </tr> + <tr> <td class="DataTD"><?=_("Last Name")?>: </td> <td class="DataTD"><input type="text" name="lname" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td> </tr> + <tr> <td class="DataTD"><?=_("Suffix")?><br> (<?=_("optional")?>)</td> - <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write %sName Suffixes%s into this field."),'<a href="http://en.wikipedia.org/wiki/Suffix_%28name%29" target="_blank">','</a>')?></td> + <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td> </tr> + <tr> <td class="DataTD"><?=_("Date of Birth")?><br> (<?=_("dd/mm/yyyy")?>)</td> @@ -75,49 +79,63 @@ </select> <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['signup']) ? sanitizeHTML($_SESSION['signup']['year']):""?>" size="4" autocomplete="off"></nobr> </td> + <td class="DataTD"> </td> </tr> + <tr> <td class="DataTD"><?=_("Email Address")?>: </td> - <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"><br/><?=_("I own or am authorised to control this email address")?> -</td> + <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"></td> + <td class="DataTD"><?=_("I own or am authorised to control this email address")?></td> </tr> + <tr> <td class="DataTD"><?=_("Pass Phrase")?><font color="red">*</font>: </td> <td class="DataTD"><input type="password" name="pword1" autocomplete="off"></td> + <td class="DataTD" rowspan="2"> </td> </tr> <tr> <td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td> <td class="DataTD"><input type="password" name="pword2" autocomplete="off"></td> </tr> + <tr> - <td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td> + <td class="DataTD" colspan="3"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td> </tr> + <tr> - <td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions - Please enter five questions and your responses to be used for security verification.")?></td> + <td class="DataTD" colspan="3"><?=_("Lost Pass Phrase Questions - Please enter five questions and your responses to be used for security verification.")?></td> </tr> + <tr> <td class="DataTD">1) <input type="text" name="Q1" size="15" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td> <td class="DataTD"><input type="text" name="A1" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td> + <td class="DataTD" rowspan="5"> </td> </tr> + <tr> <td class="DataTD">2) <input type="text" name="Q2" size="15" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td> <td class="DataTD"><input type="text" name="A2" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td> </tr> + <tr> <td class="DataTD">3) <input type="text" name="Q3" size="15" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td> <td class="DataTD"><input type="text" name="A3" value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td> </tr> + <tr> <td class="DataTD">4) <input type="text" name="Q4" size="15" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td> <td class="DataTD"><input type="text" name="A4" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td> </tr> + <tr> <td class="DataTD">5) <input type="text" name="Q5" size="15" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td> <td class="DataTD"><input type="text" name="A5" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td> </tr> + <tr> - <td class="DataTD" colspan="2"><?=_("It's possible to get notifications of up and coming events and even just general announcements, untick any notifications you don't wish to receive. For country, regional and radius notifications to work you must choose your location once you've verified your account and logged in.")?></td> + <td class="DataTD" colspan="3"><?=_("It's possible to get notifications of up and coming events and even just general announcements, untick any notifications you don't wish to receive. For country, regional and radius notifications to work you must choose your location once you've verified your account and logged in.")?></td> </tr> + <tr> <td class="DataTD" valign="top"><?=_("Alert me if")?>: </td> <td class="DataTD" align="left"> @@ -125,16 +143,18 @@ <input type="checkbox" name="country" value="1" <?=array_key_exists('country',$_SESSION['signup'])? ($_SESSION['signup']['country'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Country Announcements")?><br> <input type="checkbox" name="regional" value="1" <?=array_key_exists('regional',$_SESSION['signup'])? ($_SESSION['signup']['regional'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Regional Announcements")?><br> <input type="checkbox" name="radius" value="1" <?=array_key_exists('radius',$_SESSION['signup'])? ($_SESSION['signup']['radius'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Within 200km Announcements")?></td> + <td class="DataTD"> </td> </tr> + <tr> - <td class="DataTD" colspan="2"><?=_("When you click on next, we will send a confirmation email to the email address you have entered above.")?></td> + <td class="DataTD" colspan="3"><?=_("When you click on next, we will send a confirmation email to the email address you have entered above.")?></td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="checkbox" name="cca_agree" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> ><?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.php">http://www.cacert.org/policy/CAcertCommunityAgreement.php</a></td> + <td class="DataTD" colspan="3"><input type="checkbox" name="cca_agree" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> ><?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.php">http://www.cacert.org/policy/CAcertCommunityAgreement.php</a></td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> + <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=_("Next")?>"></td> </tr> </table> diff --git a/pages/index/10.php b/pages/index/10.php index f89187d..9e09bb8 100644 --- a/pages/index/10.php +++ b/pages/index/10.php @@ -15,76 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<h3><?=_("Privacy Policy")?></h3> - -<p> -<?=_("This policy discloses what information we gather about you when you visit any of our Web site, and when you issue or use our certificates. It describes how we use that information and how you can control it.")?> -</p> - -<h4>1. <?=_("Website information")?></h4> -<p> -<?=_("We collect two kinds of information about website users: 1) data that users volunteer by signing up to our website or when you send us an email via our contact form; and 2) aggregated tracking data we collect when users interact with our site.")?> -</p> - -<h4>2. <?=_("Personal information")?></h4> -<p> -<?=_("When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address, date of birth and some lost pass phrase question and answers.")?> -</p> -<p> -<?=_("We only share your information with any other organisation when so instructed by a CAcert arbitrator.")?> -</p> - -<h4>3. <?=_("Aggregated tracking information")?></h4> -<p> -<?=_("We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user.")?> -</p> - -<h4>4. <?=_("Cookies")?></h4> -<p> -<?=_("Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them.")?> -</p> -<p> -<?=_("We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer.")?> -</p> - -<h4>5. <?=_("Notification of changes")?></h4> -<p> -<?=_("If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information.")?> -</p> - -<h4>6. <?=_("How to update, correct, or delete your information")?></h4> -<p> -<?=_("You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link")?> -</p> - -<h4>7. <?=_("Privacy of certificates")?></h4> -<p> -<?=_("CAcert does not automatically publish the certificates through a directory service or the website to other people than the user who requested the certificate. In the future, the user might be able to opt-in for publication of the certificates through a directory server by CAcert.")?> -</p> - -<h4>8. <?=_("Privacy of user data")?></h4> -<p> -<?=_("CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address. No other person related data is published by CAcert.")?> -</p> - -<h4>9. <?=_("Exceptions")?></h4> -<p> -<?=_("A CAcert arbitrator may override this policy in a dispute.")?> -<?=_("To obtain access to confidential data, a dispute has to be filed.")?> -</p> - -<h4>10. <?=_("Legal mandates")?></h4> -<p> -<?=_("CAcert adopts the Australian privacy regulations.")?> -<?=_("Please see <a href='http://www.privacy.gov.au/'>http://www.privacy.gov.au/</a> for further details.")?> -<?=_("Governmental warrants and civil supoenas will be processed through the dispute resolution system, which ensures that valid authority is given to whoever complies with the supoena or the warrant.")?> -</p> - - -<p><?=_("If you need to contact us in writing, address your mail to:")?></p> -<p> -CAcert Inc.<br> -P.O. Box 4107<br> -Denistone East NSW 2112<br> -Australia +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_('This page has been moved to the %spolicy directory%s. Please update '. + 'your bookmarks and report any broken links.'), + '<a href="/policy/PrivacyPolicy.html">', '</a>'); +?> </p> diff --git a/pages/index/12.php b/pages/index/12.php index 4b021e0..48c737a 100644 --- a/pages/index/12.php +++ b/pages/index/12.php @@ -15,17 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<H3><?=_("About CAcert.org")?></H3> - -<p><?=_("CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free.")?></p> - -<p><? printf(_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically with the X.509 family of standards. We have compiled a %sdocument base%s that has helpful hints and tips on setting up encryption with common software, and general information about Public Key Infrastructures (PKI)."), "<a href='http://wiki.cacert.org/'>", "</a>"); ?></p> - -<p><?=_("For the enthusiast looking to dip their toe in the water, we have an easy way of obtaining certificates you can use with your email program. You can use these not only to encrypt, but to prove to your friends and family that your email really does come from you.")?></p> - -<p><?=_("For administrators looking to protect the services they offer, we provide host and wild card certificates which you can issue almost immediately. Not only can you use these to protect websites, but also POP3, SMTP and IMAP connections, to list but a few. Unlike other certificate authorities, we don't limit the strength of the certificates, or the use of wild card certificates. Everyone should have the right to security and to protect their privacy, not just those looking to run ecommerce sites.")?></p> - -<p><?=_("If you're extremely serious about encryption, you can join CAcert's Assurance Programme and Web of Trust. This allows you to have your identity verified to obtain added benefits, including longer length certificates and the ability to include your name on email certificates."); ?></p> - -<p><?=_("CAcert Inc. is a non-profit association, incorporated in New South Wales Australia.")?></p> -<p><?=_("More information about CAcert Incorporated:")?><a href="http://wiki.cacert.org/wiki/CAcertIncorporated">http://wiki.cacert.org/wiki/CAcertIncorporated</a></p> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/FAQ/AboutUs">', '</a>'); +?> +</p> diff --git a/pages/index/13.php b/pages/index/13.php index 34cbea4..68ee5ed 100644 --- a/pages/index/13.php +++ b/pages/index/13.php @@ -19,7 +19,11 @@ <h4><?=_("If I'd like to donate to CAcert Inc., how can I do it?")?></h4> -<p><?=_("CAcert Inc. is a non-profit association which is legally able to accept donations. CAcert adheres to strict guidelines about how this money can to be used. If you'd like to make a donation, you can do so via")?> +<p> +<? +printf(_("CAcert Inc. is a non-profit association which is legally able to accept donations. CAcert adheres to %sstrict guidelines%s about how this money can to be used. If you'd like to make a donation, you can do so via"), + '<a href="//wiki.cacert.org/FAQ/DonationsGuideline">', '</a>'); +?> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_s-xclick"> diff --git a/pages/index/19.php b/pages/index/19.php index c58eb68..b44960d 100644 --- a/pages/index/19.php +++ b/pages/index/19.php @@ -15,90 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<span style="background-color: #FF8080; font-size: 150%"> -Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br> -Until a subsidiary policy under AP is written, it is against AP rules.<br> -</span> - <br> -<h3><?=_("Information")?></h3> -<table border="0" align="center" cellspacing="0" cellpadding="0"> - <tr> - <td class="title" colspan="2"><?=_("What can CAcert provide to you, to increase your privacy and security for free?")?></td> - </tr> - <tr> - <td class="DataTD"> - <h4><?=_("Client certificates (un-assured)")?></h4> - </td> - <td class="DataTD"> - <u><?=_("Benefits")?>:</u> <?=_("You can send digitally signed/encrypted emails; others can send encrypted emails to you.")?><br /><br /> - <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 6 months. Only the email address itself can be entered into the certificate (not your full name)")?>.<br /><br /> - <u><?=_("Verification needed")?>:</u> <?=_("You must confirm it is your email address by responding to a 'ping' email sent to it.")?><br /><br /> - </td> - </tr> - <tr> - <td class="DataTD"> - <h4><?=_("Assured client certificates")?></h4> - </td> - <td class="DataTD"> - <u><?=_("Benefits")?>:</u> <?=_("Same as above plus you can include your full name in the certificates.")?><br /><br /> - <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 24 months.")?><br /><br /> - <u><?=_("Verification needed")?>:</u> <?=_("Same as above, plus you must get a minimum of 50 assurance points by meeting with one or more assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br /><br /> - </td> - </tr> - <tr> - <td class="DataTD"> - <h4><?=_("Code signing certificates")?></h4> - </td> - <td class="DataTD"> - <u><?=_("Benefits")?>:</u> <?=_("Digitally sign code, web applets, installers, etc. including your name and location in the certificates.")?><br><br> - <u><?=_("Limitations")?>:</u> <?=sprintf(_("Certificates expire in 12 months. Certificates %s must%s include your full name."),"<u>","</u>")?><br /><br /> - <u><?=_("Verification needed")?>:</u> <?=_("Same as above plus get 100 assurance points by meeting with multiple assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br><br> - </td> - </tr> - <tr> - <td class="DataTD"> - <h4><?=_("Server certificates (un-assured)")?></h4> - </td> - <td class="DataTD"> - <u><?=_("Benefits")?>:</u> <?=_("Enable encrypted data transfer for users accessing your web, email, or other SSL enabled service on your server; wildcard certificates are allowed.")?><br><br> - <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 6 months; only the domain name itself can be entered into the certificates (not your full name, company name, location, etc.).")?><br><br> - <u><?=_("Verification needed")?>:</u> <?=_("You must confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address listed in the whois record, or one of the RFC-mandatory addresses (hostmaster/postmaster/etc).")?><br><br> - </td> - </tr> - <tr> - <td class="DataTD"> - <h4><?=_("Assured server certificates")?></h4> - </td> - <td class="DataTD"> - <u><?=_("Benefits")?>:</u> <?=_("Same as above.")?><br><br> - <u><?=_("Limitations")?>:</u> <?=_("Same as above, except certificates expire in 24 months.")?><br><br> - <u><?=_("Verification needed")?>:</u> <?=_("Same as above, plus get 50 assurance points by meeting with assurer(s) from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br><br> - </td> - </tr> - <tr> - <td class="DataTD"> - <h4><?=_("Become an assurer in CAcert Web of Trust")?></h4> - </td> - <td class="DataTD"> - <u><?=_("Benefits")?>:</u> <?=_("The ability to assure other new CAcert users; contribute to the strengthening and broadening of the CAcert Web of Trust.")?><br><br> - <u><?=_("Limitations")?>:</u> <?=_("The number of assurance point you have will limit the maximum assurance points you can issue for people you assure.")?><br><br> - <u><?=_("Verification needed")?>:</u> <?=_("You will need to be issued 100 points by meeting with existing assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents; OR if it is too difficult to meet up with existing assurers in your area, meet with two Trusted Third Party assurers (notary public, justice of the peace, lawyer, bank manager, accountant) to do the verifying.")?><br><br> - </td> - </tr> - <tr> - <td class="DataTD"> - <h4><?=_("Become a member of the CAcert Association")?></h4> - </td> - <td class="DataTD"> - <u><?=_("Benefits")?>:</u> <?=_("You get a vote in how CAcert (a non-profit association incorporated in Australia) is run; be eligible for positions on the CAcert board.")?><br><br> - <u><?=_("Limitations")?>:</u> <?=_("None, the sky is the limit for CAcert.")?><br><br> - <u><?=_("Verification needed")?>:</u> <?=_("None; $10 USD per year membership fee.")?><br><br> - </td> - </tr> - <tr> - <td class="DataTD" colspan="2"> - (*) <?=_("Please note a general limitation is that, unlike long-time players like Verisign, CAcert's root certificate is not included by default in mainstream browsers, email clients, etc. This means people to whom you send encrypted email, or users who visit your SSL-enabled web server, will first have to import CAcert's root certificate, or they will have to agree to pop-up security warnings (which may look a little scary to non-techy users).")?> - </td> - </tr> -</table> -<br> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/FAQ/Privileges">', '</a>'); +?> +</p>
\ No newline at end of file diff --git a/pages/index/6.php b/pages/index/6.php index 8eefa44..fe57d81 100644 --- a/pages/index/6.php +++ b/pages/index/6.php @@ -16,9 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"> -<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br> -<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br> -<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?> +<?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?> </p> <form method="post" action="index.php" autocomplete="off"> diff --git a/pages/index/8.php b/pages/index/8.php index e45090d..4d515a6 100644 --- a/pages/index/8.php +++ b/pages/index/8.php @@ -15,16 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<p><b><? printf(_("The current %s board, and roles."), "CAcert Inc."); ?></b></p> -<p> -Lambert Hofstra - <?=_("President")?><br/> -Peter Yuill - <?=_("Vice President")?><br/> -Alexander Prinsier - <?=_("Treasurer")?><br/> -Mario Lipinski - <?=_("Secretary")?><br/> -Piers Lauder - <?=_("member")?><br/> -Ian Grigg - <?=_("member")?><br/> -Dirk Astrath - <?=_("member")?><br/> +<p style="background-color: #FF8080; font-size: 150%"> +<? +printf(_("This page has been moved to the %swiki%s. Please update your ". + "bookmarks and report any broken links."), + '<a href="//wiki.cacert.org/Board">', '</a>'); +?> </p> -Kevin Dawson - <?=_("Public Officer")?><br /> -<br /> -More detailed informations can be found in the CAcert wiki under <a href="//wiki.cacert.org/Board"><?=_("CAcert Board")?></a> diff --git a/pages/wot/10.php b/pages/wot/10.php index 51ed019..bc76a86 100644 --- a/pages/wot/10.php +++ b/pages/wot/10.php @@ -16,6 +16,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? + $thawte = false; + ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> @@ -43,6 +45,11 @@ <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($rc), intval($rank))?></td> </tr> </table> +<center> +<br> +<?=sprintf(_("The calculation of points will be changed in the near future. Please check the %s new calculation %s"), "<a href='/wot.php?id=15'>", "</a>")?> +<br> +</center> <br> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> @@ -71,13 +78,27 @@ <td class="DataTD"><?=$row['location']?></td> <td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td> </tr> -<? } ?> +<? + $thawte = ($row['method'] == "Thawte Points Transfer") || $thawte; +} ?> <tr> <td class="DataTD" colspan="3"><b><?=_("Total Points")?>:</b></td> <td class="DataTD"><?=intval($_SESSION['profile']['points'])?></td> <td class="DataTD" colspan="2"> </td> </tr> </table> +<? +if ($thawte) +{ +?> +<br> +<center> +<strong style='color: red'> +<?=_("Your Thawte-Points will be revoked in the near future. Please check new calculation!");?> +<br> +</strong> +</center> +<?}?> <br> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> diff --git a/pages/wot/15.php b/pages/wot/15.php new file mode 100644 index 0000000..8579588 --- /dev/null +++ b/pages/wot/15.php @@ -0,0 +1,29 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + + include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); + + $userid = intval($_SESSION['profile']['id']); + + output_ranking($userid); + output_summary($userid); + output_given_assurances($userid); + output_received_assurances($userid); + + output_end_of_page(); +?> diff --git a/password.dat.sample b/password.dat.sample index f9bbb55..f9bbb55 100755..100644 --- a/password.dat.sample +++ b/password.dat.sample diff --git a/scripts/37de-blit2011-email.txt b/scripts/37de-blit2011-email.txt new file mode 100644 index 0000000..365bd5b --- /dev/null +++ b/scripts/37de-blit2011-email.txt @@ -0,0 +1,18 @@ +8. Brandenburger Linux-Infotag 2011 -- Helfer Gesucht +::::::::::::::::::::::::::::::::::::::::::::::::::::: + +Hallo CAcerties, + +am Samstag, dem 5. November 2011 moechte sich CAcert mit einem Stand auf dem 8. Brandenburger Linux-Infotag 2011 (Motto: "Freie Gedanken - Freie Systeme") praesentieren. Hierzu wurde nun im Wiki eine Organisationsseite eingerichtet, auf der Ihr Euch als Helfer eintragen koennt + http://wiki.cacert.org/events/BLIT2011 +Sofern Ihr aus Berlin, Potsdam sowie Umgebung oder von woanders kommt und Zeit wie auch Lust habt, dann tragt Euch bitte, gerne auch nur fuer einen +bestimmten Zeitraum, ein. Wer in den vergangenen Jahren dabei war, weiss vieviel Spass es allen gemacht hat! + +Auf der Veranstaltung sind Professoren, wissenschaftliche Mitarbeiter und in jedem Fall viele Studenten zu erwarten. Es waere daher super, wenn wir dort moeglichst viele von CAcert ueberzeugen koennen, um dort eine neue Keimzelle entstehen lassen zu koennen. Daher benoetigen wir mindestens drei Assurer, um 100 Punkte vergeben zu koennen. + +Wir freuen uns auf Eure Mithilfe. + + +Wiki Organisationsseite: [http://wiki.cacert.org/events/BLIT2011] + +Kontakt: events@cacert.org diff --git a/scripts/37de-blit2011-mail.php.txt b/scripts/37de-blit2011-mail.php.txt new file mode 100644 index 0000000..e0ecead --- /dev/null +++ b/scripts/37de-blit2011-mail.php.txt @@ -0,0 +1,106 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2009 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/mysql.php"); + + $lines = ""; + $fp = fopen("37de-blit2011-email.txt", "r"); + while(!feof($fp)) + { + $line = trim(fgets($fp, 4096)); + $lines .= wordwrap($line, 75, "\n")."\n"; + } + fclose($fp); + + +// $locid = intval($_REQUEST['location']); +// $maxdist = intval($_REQUEST['maxdist']); +// maxdist in [Km] + $maxdist = 200; + + +// location location.ID +// verified: 29.4.09 u.schroeter +// $locid = 7902857; // Paris +// $locid = 238568; // Bielefeld +// $locid = 715191; // Hamburg +// $locid = 1102495; // London +// $locid = 520340; // Duesseldorf +// $locid = 1260319; // Muenchen +// $locid = 606058; // Frankfurt +// $locid = 1775784; // Stuttgart +// $locid = 228950; // Berlin +// $locid = 606058; // Frankfurt +// $locid = 599389; // Flensburg +// $locid = 61065; // Amsterdam, Eemnes +// $locid = 228950; // Berlin +// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US +// $locid = 1486658; // Potsdam +// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden +// $locid = 2094781; // Mission Hills (Los Angeles), California, US +// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark +// $locid = 2257312; // Sydney, New South Wales, Australia +// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany +// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany +// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany +// $locid = 2102723; // Washington (District of Columbia, ..., US +// $locid = 2177566; // New York (Bronx), New York, United States + +// BLIT2011 + $locid = 1486658; // Potsdam + $eventname = "8. Brandenburger Linux-Infotag 2011 - Potsdam"; + $city = "5. Nov 2011"; + + + $query = "select * from `locations` where `id`='$locid'"; + $loc = mysql_fetch_assoc(mysql_query($query)); + + $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + + (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * + COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* + FROM `locations` + inner join `users` on `users`.`locid` = `locations`.`id` + inner join `alerts` on `users`.`id`=`alerts`.`memid` + inner join `notary` on `users`.`id`=`notary`.`to` + WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) + GROUP BY `users`.`id` + HAVING `distance` <= '$maxdist' + ORDER BY `distance` "; + echo $query; + + // comment next line when starting to send mail not only to me + // $query = "select * from `users` where `email` like 'cacerttest%'"; + + $res = mysql_query($query); + $xrows = mysql_num_rows($res); + + while($row = mysql_fetch_assoc($res)) + { + // uncomment next line to send mails ... + sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + } + // 1x cc to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + // 1x mailing report to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + + // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 + sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + echo "invitation sent to $xrows recipients.\n"; + +?> diff --git a/scripts/DumpWeakCerts.pl b/scripts/DumpWeakCerts.pl index 85648fe..580390e 100755..100644 --- a/scripts/DumpWeakCerts.pl +++ b/scripts/DumpWeakCerts.pl @@ -1,6 +1,7 @@ #!/usr/bin/perl # Script to dump weak RSA certs (Exponent 3 or Modulus size < 1024) according to https://bugs.cacert.org/view.php?id=918 # and https://wiki.cacert.org/Arbitrations/a20110312.1 +# Extended to be used for https://bugs.cacert.org/view.php?id=954 use strict; use warnings; @@ -26,12 +27,15 @@ my $cert_CN; my $cert_expire; my $cert_filename; my $cert_serial; +my $cert_recid; my $user_email; my $user_firstname; my $reason; +my $grace_time_days = 0; # 14 used for bug#918 + my @row; sub IsWeak($) { @@ -40,6 +44,16 @@ sub IsWeak($) { my $ModulusSize = 0; my $Exponent = 0; my $result = 0; + + +# Code for Testing only! Hardcoding some filenames to fail the tests. +# +# if ($CertFileName eq '../crt/server/301/server-301988.crt' || +# $CertFileName eq '../crt/client/258/client-258856.crt' || +# $CertFileName eq '../crt/orgserver/2/orgserver-2635.crt' || +# $CertFileName eq '../crt/orgclient/0/orgclient-808.crt') { +# return "Test"; +# } # Do key size and exponent checking for RSA keys open(CERTTEXT, '-|', "openssl x509 -in $CertFileName -noout -text") || die "Cannot start openssl"; @@ -76,9 +90,9 @@ sub IsWeak($) { # Select only certificates expiring in more than two weeks, since two weeks will probably be needed as turnaround time # Get all domain certificates $sth_certs = $dbh->prepare( - "SELECT `dc`.`domid`, `dc`.`CN`, `dc`.`expire`, `dc`.`crt_name`, `dc`.`serial` ". + "SELECT `dc`.`domid`, `dc`.`CN`, `dc`.`expire`, `dc`.`crt_name`, `dc`.`serial`, `dc`.`id` ". " FROM `domaincerts` AS `dc` ". - " WHERE `dc`.`revoked`=0 AND `dc`.`expire` > DATE_ADD(NOW(), INTERVAL 14 DAY)"); + " WHERE `dc`.`revoked`=0 AND `dc`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)"); $sth_certs->execute(); $sth_userdata = $dbh->prepare( @@ -86,13 +100,13 @@ $sth_userdata = $dbh->prepare( " FROM `domains` AS `d`, `users` AS `u` ". " WHERE `d`.`memid`=`u`.`id` AND `d`.`id`=?"); -while(($cert_domid, $cert_CN, $cert_expire, $cert_filename, $cert_serial) = $sth_certs->fetchrow_array) { +while(($cert_domid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) { if (-f $cert_filename) { $reason = IsWeak($cert_filename); if ($reason) { $sth_userdata->execute($cert_domid); ($user_email, $user_firstname) = $sth_userdata->fetchrow_array(); - print join("\t", ('DomainCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial)). "\n"; + print join("\t", ('DomainCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n"; $sth_userdata->finish(); } } @@ -101,9 +115,9 @@ $sth_certs->finish(); # Get all email certificates $sth_certs = $dbh->prepare( - "SELECT `ec`.`memid`, `ec`.`CN`, `ec`.`expire`, `ec`.`crt_name`, `ec`.`serial` ". + "SELECT `ec`.`memid`, `ec`.`CN`, `ec`.`expire`, `ec`.`crt_name`, `ec`.`serial`, `ec`.`id` ". " FROM `emailcerts` AS `ec` ". - " WHERE `ec`.`revoked`=0 AND `ec`.`expire` > DATE_ADD(NOW(), INTERVAL 14 DAY)"); + " WHERE `ec`.`revoked`=0 AND `ec`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)"); $sth_certs->execute(); $sth_userdata = $dbh->prepare( @@ -111,13 +125,13 @@ $sth_userdata = $dbh->prepare( " FROM `users` AS `u` ". " WHERE `u`.`id`=?"); -while(($cert_userid, $cert_CN, $cert_expire, $cert_filename, $cert_serial) = $sth_certs->fetchrow_array) { +while(($cert_userid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) { if (-f $cert_filename) { $reason = IsWeak($cert_filename); if ($reason) { $sth_userdata->execute($cert_userid); ($user_email, $user_firstname) = $sth_userdata->fetchrow_array(); - print join("\t", ('EmailCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial)). "\n"; + print join("\t", ('EmailCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n"; $sth_userdata->finish(); } } @@ -126,9 +140,9 @@ $sth_certs->finish(); # Get all Org Server certificates, notify all admins of the Org! $sth_certs = $dbh->prepare( - "SELECT `dc`.`orgid`, `dc`.`CN`, `dc`.`expire`, `dc`.`crt_name`, `dc`.`serial` ". + "SELECT `dc`.`orgid`, `dc`.`CN`, `dc`.`expire`, `dc`.`crt_name`, `dc`.`serial`, `dc`.`id` ". " FROM `orgdomaincerts` AS `dc` ". - " WHERE `dc`.`revoked`=0 AND `dc`.`expire` > DATE_ADD(NOW(), INTERVAL 14 DAY)"); + " WHERE `dc`.`revoked`=0 AND `dc`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)"); $sth_certs->execute(); $sth_userdata = $dbh->prepare( @@ -136,13 +150,13 @@ $sth_userdata = $dbh->prepare( " FROM `users` AS `u`, `org` ". " WHERE `u`.`id`=`org`.`memid` and `org`.`orgid`=?"); -while(($cert_orgid, $cert_CN, $cert_expire, $cert_filename, $cert_serial) = $sth_certs->fetchrow_array) { +while(($cert_orgid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) { if (-f $cert_filename) { $reason = IsWeak($cert_filename); if ($reason) { $sth_userdata->execute($cert_orgid); while(($user_email, $user_firstname) = $sth_userdata->fetchrow_array()) { - print join("\t", ('OrgServerCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial)). "\n"; + print join("\t", ('OrgServerCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n"; } $sth_userdata->finish(); } @@ -152,9 +166,9 @@ $sth_certs->finish(); # Get all Org Email certificates, notify all admins of the Org! $sth_certs = $dbh->prepare( - "SELECT `ec`.`orgid`, `ec`.`CN`, `ec`.`expire`, `ec`.`crt_name`, `ec`.`serial` ". + "SELECT `ec`.`orgid`, `ec`.`CN`, `ec`.`expire`, `ec`.`crt_name`, `ec`.`serial`, `ec`.`id` ". " FROM `orgemailcerts` AS `ec` ". - " WHERE `ec`.`revoked`=0 AND `ec`.`expire` > DATE_ADD(NOW(), INTERVAL 14 DAY)"); + " WHERE `ec`.`revoked`=0 AND `ec`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)"); $sth_certs->execute(); $sth_userdata = $dbh->prepare( @@ -162,13 +176,13 @@ $sth_userdata = $dbh->prepare( " FROM `users` AS `u`, `org` ". " WHERE `u`.`id`=`org`.`memid` and `org`.`orgid`=?"); -while(($cert_orgid, $cert_CN, $cert_expire, $cert_filename, $cert_serial) = $sth_certs->fetchrow_array) { +while(($cert_orgid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) { if (-f $cert_filename) { $reason = IsWeak($cert_filename); if ($reason) { $sth_userdata->execute($cert_orgid); while(($user_email, $user_firstname) = $sth_userdata->fetchrow_array()) { - print join("\t", ('OrgEmailCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial)). "\n"; + print join("\t", ('OrgEmailCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n"; } $sth_userdata->finish(); } diff --git a/scripts/assurer.php b/scripts/assurer.php index c649fbf..d85a2a6 100644 --- a/scripts/assurer.php +++ b/scripts/assurer.php @@ -30,7 +30,7 @@ $query = " select u.email, fname, lname, sum(n.points) from users u, notary n where n.to=u.id - and not exists(select 1 from cats_passed cp where cp.user_id=u.id) + and not EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`) and exists(select 1 from notary n2 where n2.from=u.id and year(n2.`when`)>2007) and (select count(*) from notary n3 where n3.from=u.id) > 1 group by email, fname, lname diff --git a/scripts/db_migrations/version1.sh b/scripts/db_migrations/version1.sh new file mode 100755 index 0000000..48e24f9 --- /dev/null +++ b/scripts/db_migrations/version1.sh @@ -0,0 +1,164 @@ +#!/bin/sh +# LibreSSL - CAcert web application +# Copyright (C) 2004-2011 CAcert Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + +# script to do database migrations + +# This particular version migrates from the preversioned state to version 1 +# If you want to reuse it for further migrations you probably should pay special +# attention because you have to adjust it a bit + +set -e # script fails if any command fails + +STDIN=0 +STDOUT=1 +STDERR=2 + +if [ "$1" = "--help" ]; then + cat >&$STDERR <<- USAGE + Usage: $0 [MYSQL_OPTIONS] + You have to specify all options needed by "mysql" as if you had started + the MySQL command line client directly (including the name of the + database to operate on). The MySQL user used has to have enough + privileges to do all necessary operations (among others CREATE, ALTER, + DROP, UPDATE, INSERT, DELETE). + You might need to enter the mysql password multiple times if you + specify the -p option. + USAGE + exit 1 +fi + +mysql_opt=" --batch --skip-column-names $@" + +schema_version=$( mysql $mysql_opt <<- 'SQL' + CREATE TABLE IF NOT EXISTS `schema_version` ( + `id` int(11) PRIMARY KEY auto_increment, + `version` int(11) NOT NULL UNIQUE, + `when` datetime NOT NULL + ) DEFAULT CHARSET=latin1; + + SELECT MAX(`version`) FROM `schema_version`; +SQL +) + +if [ $schema_version != "NULL" ]; then + cat >&$STDERR <<- ERROR + Error: database schema is not in the right version to do the migration! + Expected version: 0 (i.e. the version before there was versioning) + ERROR + exit 2 +fi + + +mysql $mysql_opt <<- 'SQL' + -- CCA agreements and such + CREATE TABLE `user_agreements` ( + `id` int(11) PRIMARY KEY auto_increment, + + -- the user that agrees + `memid` int(11) NOT NULL, + + -- user that is involved in the agreement (e.g. Assurer) + `secmemid` int(11) DEFAULT NULL, + + -- what is being agreed to? e.g. CCA + `document` varchar(50) DEFAULT NULL, + + -- when did the agreement take place? + `date` datetime DEFAULT NULL, + + -- whether the user actively agreed or if the agreement took place via + -- an indirect process (e.g. Assurance) + `active` int(1) NOT NULL, + + -- in which process did the agreement take place (e.g. certificate + -- issuance, account creation, assurance) + `method` varchar(100) NOT NULL, + + -- user comment + `comment` varchar(100) DEFAULT NULL + ) DEFAULT CHARSET=latin1; + + + -- description for all certs to make identifying a cert easier + ALTER TABLE `domaincerts` ADD `description` varchar(100) NOT NULL + DEFAULT ''; + ALTER TABLE `emailcerts` ADD `description` varchar(100) NOT NULL + DEFAULT ''; + ALTER TABLE `gpg` ADD `description` varchar(100) NOT NULL + DEFAULT ''; + ALTER TABLE `orgdomaincerts` ADD `description` varchar(100) NOT NULL + DEFAULT ''; + ALTER TABLE `orgemailcerts` ADD `description` varchar(100) NOT NULL + DEFAULT ''; + + + -- Bugs #855, #863, #864, #888 + ALTER TABLE `notary` + -- allow for marking as deleted instead of really deleting + ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', + + -- add "TOPUP" as method for point transfers (for TTP) + MODIFY `method` + enum( + 'Face to Face Meeting', + 'Trusted Third Parties', + 'Thawte Points Transfer', + 'Administrative Increase', + 'CT Magazine - Germany', + 'Temporary Increase', + 'Unknown', + 'TOPUP' + ) NOT NULL DEFAULT 'Face to Face Meeting'; + + + + -- Organisation Assurance + ALTER TABLE `orginfo` + -- which Organisation Assurer entered the organisation? + ADD `creator_id` int(11) NOT NULL DEFAULT '0', + + -- when was the organisation entered? + ADD `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', + + -- allow for marking as deleted instead of really deleting + ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00'; + + ALTER TABLE `org` + -- which Organisation Assurer assigned the Organisation Admin? + ADD `creator_id` int(11) NOT NULL DEFAULT '0', + + -- when was the Organisation Admin assigned? + ADD `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', + + -- allow for marking as deleted instead of really deleting + ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00'; + + + + + -- Update schema version number + INSERT INTO `schema_version` + (`version`, `when`) VALUES + ('1' , NOW() ); +SQL + + +echo "Database successfully migrated to version 1" +exit 0 + diff --git a/scripts/mail-weak-keys.php b/scripts/mail-weak-keys.php index 018bd64..95c0e4f 100755..100644 --- a/scripts/mail-weak-keys.php +++ b/scripts/mail-weak-keys.php @@ -137,7 +137,7 @@ CAcert Suport Team $num_client = 0; $num_orgdomain = 0; $num_orgclient = 0; - $action_date = '2011-04-??'; + $action_date = '2011-07-15'; $in = fopen("php://stdin", "r"); while($in_string = rtrim(fgets($in, 255))) { list($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial) = explode("\t", $in_string); diff --git a/scripts/mass-revoke.php b/scripts/mass-revoke.php new file mode 100644 index 0000000..18c036b --- /dev/null +++ b/scripts/mass-revoke.php @@ -0,0 +1,89 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +# Companion script to DumpWeakCerts.pl, takes output and revokes weak certs +# Only first and last column ($cert_type and $cert_recid) are used, the others +# are ignored + +include_once("../includes/mysql.php"); +# Main + +$num_domain = 0; +$num_client = 0; +$num_orgdomain = 0; +$num_orgclient = 0; + +$num_failures = 0; + +$in = fopen("php://stdin", "r"); + +# The restriction on revoked timestamp os only "to be sure" for non-Org certs, +# but Org certs (email and serer) may be included multiple times in the output +# of DumpWeakCerts.pl (once for each OrgAdmin). +while($in_string = rtrim(fgets($in))) { + list($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, + $cert_serial, $cert_recid) = explode("\t", $in_string); + + if ($cert_type == "DomainCert") { + $query = "UPDATE `domaincerts` SET `revoked`='1970-01-01 10:00:01' + where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'"; + + if (!mysql_query($query)) { + $num_failures++; + } + $num_domain+=mysql_affected_rows(); + + } else if ($cert_type == "EmailCert") { + $query = "UPDATE `emailcerts` SET `revoked`='1970-01-01 10:00:01' + where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'"; + + if (!mysql_query($query)) { + $num_failures++; + } + $num_client+=mysql_affected_rows(); + + } else if ($cert_type == "OrgServerCert") { + $query = "UPDATE `orgdomaincerts` SET `revoked`='1970-01-01 10:00:01' + where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'"; + + if (!mysql_query($query)) { + $num_failures++; + } + $num_orgdomain+=mysql_affected_rows(); + + } else if ($cert_type == "OrgEmailCert") { + $query = "UPDATE `orgemailcerts` SET `revoked`='1970-01-01 10:00:01' + where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'"; + + if (!mysql_query($query)) { + $num_failures++; + } + $num_orgclient+=mysql_affected_rows(); + } +} + +fclose($in); + +echo "Certificates revoked: ". + "$num_domain server certs, ". + "$num_client client certs, ". + "$num_orgdomain Org server certs, ". + "$num_orgclient Org client certs.\n"; +echo "Update failures: $num_failures\n"; +?> diff --git a/scripts/oa01-allowance.php.txt b/scripts/oa01-allowance.php.txt new file mode 100644 index 0000000..50374e3 --- /dev/null +++ b/scripts/oa01-allowance.php.txt @@ -0,0 +1,93 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/mysql.php"); + + $lines = ""; + $fp = fopen("oa01-allowance.txt", "r"); + while(!feof($fp)) + { + $line = trim(fgets($fp, 4096)); + $lines .= wordwrap($line, 75, "\n")."\n"; + } + fclose($fp); + +// --- Variable parameters --- begin + +// $country +// "" (empty) email to _all_ countries +// "DE" 2-digit country code, eg. email to Germany Org's only + +// $status +// Status: 1 mails to org contacts only +// 2 mails to org admins only +// 3 mails to org contacts + org admins + +// $subject +// sample: +// with +// mailing subject results in +// a) $country = "" +// "[CAcert.org] Allowance to publish Organisation Assurance on CAcert website" +// b) $country = "DE" +// "[CAcert.org] Allowance to publish Organisation Assurance on CAcert website (DE)" + + +//OA Allowance +$country = ""; // "DE" or "" +$status = 3; // 1, 2 or 3 3 = 1+2 +$subject = "Allowance to publish Organisation Assurance on CAcert website"; + + +// --- Variable parameters --- end + +$query = "SELECT orginfo.contact as email, orginfo.O, 1 as status + FROM orginfo + WHERE (orginfo.C like '$country%' and (1=$status or 3=$status)) + UNION + Select users.email, orginfo.O, 2 as status + FROM users + inner join org on users.id = org.memid + inner join orginfo on org.orgid=orginfo.id + WHERE (orginfo.C like '$country%' and (2=$status or 3=$status)) + ORDER BY O"; + + + echo $query; + + // comment next line when starting to send mail not only to me + // $query = "select * from `users` where `email` like 'cacerttest%'"; + + $res = mysql_query($query); + $xrows = mysql_num_rows($res); + + while($row = mysql_fetch_assoc($res)) + { + // uncomment next line to send mails ... + sendmail($row['email'], "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")") , $lines, "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1); + } + // 1x cc to oao.cacert.org + sendmail("oao@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")"), $lines, "oao@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1); + // 1x mailing report to oao.cacert.org + sendmail("oao@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")")." - Report", "oa-mailing sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1); + + // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20110608.1 + sendmail("bernhard@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")")." - Report", "oa-mailing sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1); + + echo "oa-mailing sent to $xrows recipients.\n"; +?> diff --git a/scripts/oa01-allowance.txt b/scripts/oa01-allowance.txt new file mode 100644 index 0000000..ea23fa4 --- /dev/null +++ b/scripts/oa01-allowance.txt @@ -0,0 +1,159 @@ +(Dutch, German and French version see below)
+
+Dear sir or madam,
+
+CAcert plans to add a new section to its homepage. This section will contain
+a listing of companies and organisations assured by
+CAcert's Organisation Assurance.
+
+You, as a representative or an Organisation Administrator of such an
+organisation, are asked for your approval to give us the name, the logo and
+the location of your company. The reference will be listed on
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList. This listing
+is a resource for other companies planning to use CAcert Certificates.
+
+We kindly ask you to tell us for what purpose you use your CAcert certificate.
+Please check the specific items:
+
+ [ ] - Client Certs
+ [ ] - E-mail Certs
+ [ ] - Server Certs
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+"If you are satisfied with our services, tell others. If not, come back to us."
+
+Additionally, we plan a testimonial page in the future where you are able to
+tell about your experience with CAcert.
+
+If you have any questions, suggestions or criticisms please do not hesitate to
+contact us on mailto:support@cacert.org,
+mailto:cacert-orga-assurer@lists.cacert.org or contact the Organisation Assurer
+who originaly assured you organisation. You can revoke your assent any time.
+
+Thank you for your support.
+
+For the Organisation Assurance Team
+
+---------------------------------------------------
+
+[German Version]
+
+Sehr geehrte Damen und Herren,
+
+CAcert plant eine Umgestaltung des Internetauftritts. Dazu gehoert auch die
+Auflistung von Unternehmen und Organisationen, die durch CAcert im Rahmen der
+Organisation Assurance geprueft wurden.
+
+Wir wuerden gerne Ihre Organisation (Name, Sitz und Logo) als Referenz auf der
+Seite http://wiki.cacert.org/OrganisationAssurance/OrganisationList nennen.
+Als Ansprechpartner oder Organisationsadministrator einer solchen Organisation
+benoetigen wir dazu Ihr Einverstaendnis.
+
+Ueber Informationen, wie in welcher Weise Ihre Organisation CAcert-Zertifikate
+einsetzt, wuerden wir und sehr freuen. Wählen Sie einfach die verwendeten
+Einsatzgebiete aus dieser Liste aus:
+
+ [ ] - Client Certs
+ [ ] - E-Mail Certs
+ [ ] - Server Certs
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+"Wenn Sie zufrieden sind mit unserem Service, sagen Sie es weiter. Wenn Sie
+nicht zufrieden sind, sagen Sie es uns."
+
+In diesem Zusammenhang planen wir auch eine Testimonal Seite, auf der Sie
+selbst ueber ihre Erfahrungen berichten koennen.
+
+Bei Fragen, Anregungen oder Kritik erreichen Sie uns jederzeit unter
+mailto:support@cacert.org und mailto:cacert-orga-assurer@lists.cacertg.org oder
+kontaktieren Sie den Organisations Assurer, der Ihre Organisation ueberprueft
+hat. Sie haben jederzeit das Recht, Ihr Einverstaendnis zu widerrufen.
+
+Im Name von CAcert bedanke sich das Organisation Assurance Team herzlich
+fuer Ihre Unterstuetzung.
+
+---------------------------------------------------
+
+[French Version]
+
+Madame, Monsieur,
+
+CAcert a decide d'ajouter une nouvelle section a son site internet. Cette
+section contient une liste des entreprises et organisations accreditees
+par CAcert.
+
+Vous, en tant que representant ou administrateur d'une telle organisation,
+il vous est demande votre approbation pour nous donner le nom, le logo et le
+lieu de votre entreprise. La reference sera ajoutee sur
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList. Cette
+inscription serait utile pour encourager d'autres organisations a utiliser
+des certificats CAcert.
+
+Nous vous prions de nous dire a quelles fins vous utilisez vos certificats
+CAcert. S'il vous plaît, precisez les elements suivants :
+
+ [ ] - Certificats client (SSL)
+ [ ] - Certificats pour courriel (email)
+ [ ] - Certificats Serveur (SSL)
+ [ ] - Signature de document
+ [ ] - Signature du code de logiciels informatique
+
+"Si vous êtes satisfaits de nos services, faite le nous savoir. Dans le cas
+contraire, nous sommes a votre ecoute."
+
+De plus, nous prevoyons de realiser a l'avenir une page avec des temoignages ou
+vous pourrez parler de votre experience avec CAcert.
+
+Si vous avez des questions, des suggestions ou des critiques, n'hesitez pas
+s'il vous plaît a nous contacter sur mailto:support@cacert.org,
+mailto:cacert-orga-assurer@lists.cacert.org, ou contacter
+l'Accrediteur d'Organisation qui a realise votre inscription initialement.
+Vous pouvez retirer votre referencement a tout moment de notre site internet
+sur simple demande.
+
+Merci pour votre soutien.
+
+L'equipe des Accrediteurs d'Organisations.
+
+---------------------------------------------------
+
+[Dutch Version]
+
+Geachte dames/heren,
+
+Uw organisatie (of bedrijf) is reeds gewaarmerkt door CAcert.
+
+Gedurende dat proces bent u aangewezen als contactpersoon of als organisatie
+adminstrator, en daarom ontvangt u deze email.
+
+In het kader van een reorganisatie van CAcert websites willen wij uw organisatie
+graag als referentie toevoegen op de pagina:
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList.
+Daarom verzoeken wij u bij deze om toestemming om de naam van uw organisatie
+toe te voegen aan deze referentiepagina.
+
+Zodat ook andere organisaties zichzelf kunnen informeren over de verschillende
+toepassingen van onze certificaten, of kunnen profiteren van uw ervaring,
+verzoeken wij tevens om het gebruik van certificaten binnen uw organisatie
+te benoemen:
+
+ [ ] - Client Certificaten
+ [ ] - Email Certificaten
+ [ ] - Server Certificaten
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+
+"Wanneer u tevreden bent over onze service, vertel het verder. Wanneer u niet
+tevreden bent, vertel het ons."
+Binnen deze context plannen wij ook een Testimonal pagina, waar u zelf over uw
+ervaringen kunt berichten.
+
+Voor vragen, opmerkingen of kritiek kunt u ons ten alle tijden bereiken onder
+mailto:support@cacert.org of mailto:cacert-orga-assurer@lists.cacertg.org.
+U kunt ook contact opnemen met de Organisation Assurer die uw organisatie
+gewaarmerkt heeft.
+
+Uw Organisation Assurance Team.
\ No newline at end of file diff --git a/www/account.php b/www/account.php index 434053f..d1dd695 100644 --- a/www/account.php +++ b/www/account.php @@ -64,6 +64,10 @@ die("No such file."); } exit; + } else if ($id == 37) { + $protocol = $_SERVER['HTTPS'] ? 'https' : 'http'; + $newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs'; + header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved } else { showheader(_("My CAcert.org Account!")); includeit($id, "account"); diff --git a/www/cats/cats_import.php b/www/cats/cats_import.php index 6d77a75..56dd0cf 100644 --- a/www/cats/cats_import.php +++ b/www/cats/cats_import.php @@ -24,6 +24,8 @@ API for CATS to import passed tests into main CAcert database. */ +require_once('../../includes/lib/account.php'); + function sanitize_string($buffer) { return htmlentities(utf8_decode($buffer), (int)ENQ_QUOTES); } @@ -154,8 +156,7 @@ if (!$query) { } // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)? -$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID).'\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp` WHERE `tp`.`user_id` = `u`.`id`) AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100;'); // Challenge has been passed and non-expired points >= 100 -if (!$query) { +if (!fix_assurer_flag($userID)) { echo 'Invalid query'."\r\n"; trigger_error('Invalid query', E_USER_ERROR); exit(); diff --git a/www/index.php b/www/index.php index fb215c6..5f7fc14 100644 --- a/www/index.php +++ b/www/index.php @@ -148,13 +148,16 @@ if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname']) { - $query = "select * from `emailcerts` where `serial`='$_SERVER[SSL_CLIENT_M_SERIAL]' and `revoked`=0 and disablelogin=0 and - UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + include_once("../includes/lib/general.php"); + $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'], + $_SERVER['SSL_CLIENT_I_DN_CN']); + + if($user_id >= 0) { - $row = mysql_fetch_assoc($res); - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]' and `deleted`=0 and `locked`=0")); + $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( + "select * from `users` where + `id`='$user_id' and `deleted`=0 and `locked`=0")); + if($_SESSION['profile']['id'] != 0) { $_SESSION['profile']['loggedin'] = 1; @@ -332,6 +335,8 @@ $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>"; $_SESSION['_config']['oldlocation'] = "account.php?id=13"; } + if (checkpwlight($pword) < 3) + $_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1"; if($_SESSION['_config']['oldlocation'] != "") header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']); else @@ -628,6 +633,27 @@ if(!array_key_exists('signup',$_SESSION) || $_SESSION['signup']['year'] < 1900) $_SESSION['signup']['year'] = "19XX"; + if ($id == 12) + { + $protocol = $_SERVER['HTTPS'] ? 'https' : 'http'; + $newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs'; + header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved + } + + if ($id == 19) + { + $protocol = $_SERVER['HTTPS'] ? 'https' : 'http'; + $newUrl = $protocol . '://wiki.cacert.org/FAQ/Privileges'; + header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved + } + + if ($id == 8) + { + $protocol = $_SERVER['HTTPS'] ? 'https' : 'http'; + $newUrl = $protocol . '://wiki.cacert.org/Board'; + header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved + } + showheader(_("Welcome to CAcert.org")); includeit($id); showfooter(); diff --git a/www/policy/CAcertCommunityAgreement.php b/www/policy/CAcertCommunityAgreement.php index cf9b4e6..3106eb1 100644 --- a/www/policy/CAcertCommunityAgreement.php +++ b/www/policy/CAcertCommunityAgreement.php @@ -457,7 +457,7 @@ You are also bound by <a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php"> Dispute Resolution Policy</a> (DRP => COD7). </li><li> - <a href="http://www.cacert.org/index.php?id=10"> + <a href="PrivacyPolicy.html"> Privacy Policy</a> (PP => COD5). </li><li> <a href="http://svn.cacert.org/CAcert/principles.html"> diff --git a/www/policy/CertificationPracticeStatement.php b/www/policy/CertificationPracticeStatement.php index 9d16805..e17056b 100644 --- a/www/policy/CertificationPracticeStatement.php +++ b/www/policy/CertificationPracticeStatement.php @@ -69,7 +69,7 @@ a:hover { <a href="PolicyOnPolicy.html"><img src="cacert-draft.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br /> Creation date: 20060726<br /> Status: DRAFT p20091108<br /> -<!-- $Id: CertificationPracticeStatement.php,v 1.1 2009-11-21 22:34:00 philipp Exp $ --> +<!-- $Id: CertificationPracticeStatement.php,v 1.2 2011-07-27 10:41:01 wytze Exp $ --> <font size="-1"> @@ -3623,7 +3623,7 @@ or rulings by Arbitrator. Privacy is covered by the CCA (COD9) and the Privacy Policy -(<a href="http://www.cacert.org/index.php?id=10">COD5</a>). +(<a href="PrivacyPolicy.html">COD5</a>). </p> <h4><a name="p9.4.1" id="p9.4.1">9.4.1. Privacy plan</a></h4> @@ -3999,7 +3999,7 @@ obligations, risks and liabilities on the parties. <p> See the Privacy Policy -(<a href="http://www.cacert.org/index.php?id=10">COD5</a>). +(<a href="PrivacyPolicy.html">COD5</a>). </p> <h3><a name="p9.15.3" id="p9.15.3">9.15.3 Legal Process from External Forums</a></h3> diff --git a/www/policy/PrivacyPolicy.html b/www/policy/PrivacyPolicy.html new file mode 100644 index 0000000..6670e92 --- /dev/null +++ b/www/policy/PrivacyPolicy.html @@ -0,0 +1,114 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> + +<html> +<head><title>Privacy Policy</title></head> +<body> + +<table width="100%"> + +<tr> +<td> PP </td> +<td> </td> +<td width="20%"> </td> +</tr> + +<tr> +<td> POLICY <a href="http://wiki.cacert.org/wiki/PolicyDecisions">m20060629</a> </td> +<td> </td> +<td> + 20060629 +</td> +</tr> + +<tr> +<td> COD5 </td> +<td> </td> +<td> </td> +</tr> + + +<tr> +<td> </td> +<td > <b>Privacy Policy</b> </td> +<td> </td> +</tr> + +</table> + +<h2> 0. Preliminaries </h2> +<p> + This policy discloses what information we gather about you when you visit any of our Web site, and when you issue or use our certificates. It describes how we use that information and how you can control it. +</p> + + + +<h2>1. Website information</h2> +<p> +We collect two kinds of information about website users: 1) data that users volunteer by signing up to our website or when you send us an email via our contact form; and 2) aggregated tracking data we collect when users interact with our site. +</p> + +<h2>2. Personal information</h2> +<p> +When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address, date of birth and some lost pass phrase question and answers. +</p> +<p> +We only share your information with any other organisation when so instructed by a CAcert arbitrator. +</p> + +<h2>3. Aggregated tracking information</h2> +<p> +We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user. +</p> + +<h2>4. Cookies</h2> +<p> +Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them. +</p> +<p> +We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer. +</p> + +<h2>5. Notification of changes</h2> +<p> +If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information. +</p> + +<h2>6. How to update, correct, or delete your information</h2> +<p> +You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link +</p> + +<h2>7. Privacy of certificates</h2> +<p> +CAcert does not automatically publish the certificates through a directory service or the website to other people than the user who requested the certificate. In the future, the user might be able to opt-in for publication of the certificates through a directory server by CAcert. +</p> + +<h2>8. Privacy of user data</h2> +<p> +CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address. No other person related data is published by CAcert. +</p> + +<h2>9. Exceptions</h2> +<p> +A CAcert arbitrator may override this policy in a dispute. +To obtain access to confidential data, a dispute has to be filed. +</p> + +<h2>10. Legal mandates</h2> +<p> +CAcert adopts the Australian privacy regulations. +Please see <a href='http://www.privacy.gov.au/'>http://www.privacy.gov.au/</a> for further details. +Governmental warrants and civil supoenas will be processed through the dispute resolution system, which ensures that valid authority is given to whoever complies with the supoena or the warrant. +</p> + + +<p>If you need to contact us in writing, address your mail to:</p> +<p> +CAcert Inc.<br> +P.O. Box 4107<br> +Denistone East NSW 2112<br> +Australia +</p> + +</body> +</html> diff --git a/www/policy/index.php b/www/policy/index.php index d3bfb06..7101c1f 100644 --- a/www/policy/index.php +++ b/www/policy/index.php @@ -23,6 +23,11 @@ showheader(_("CAcert - Policies")); <ul> <?php +foreach (glob("*.html") as $filename) +{ + echo "<li><a href='$filename'>$filename</a></li>\n"; +} + foreach (glob("*.php") as $filename) { if($filename != "index.php" && $filename != "NRPDisclaimerAndLicence.php") diff --git a/www/wot.php b/www/wot.php index 2bd4622..7fa572f 100644 --- a/www/wot.php +++ b/www/wot.php @@ -206,9 +206,15 @@ if($oldid == 6) { $max = maxpoints(); - $awarded = $newpoints = intval($_POST['points']); - if($newpoints > $max) - $newpoints = $max; + + if (intval($_POST['points']) > $max) { + $awarded = $newpoints = $max; + } elseif (intval($_POST['points']) < 0) { + $awarded = $newpoints = 0; + } else { + $awarded = $newpoints = intval($_POST['points']); + } + $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`"; $res = mysql_query($query); $drow = mysql_fetch_assoc($res); |