summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xCommModule/client.pl4
-rwxr-xr-xCommModule/server.pl25
-rw-r--r--Makefile7
-rw-r--r--cacertupload.pl59
-rw-r--r--includes/account.php878
-rw-r--r--includes/account_stuff.php367
-rw-r--r--includes/general.php191
-rw-r--r--includes/general_stuff.php4
-rw-r--r--includes/keygen.php128
-rw-r--r--includes/lib/account.php85
-rw-r--r--includes/lib/check_weak_key.php318
-rw-r--r--includes/lib/general.php115
-rw-r--r--includes/lib/l10n.php343
-rw-r--r--includes/loggedin.php60
-rw-r--r--includes/mysql.php.sample5
-rw-r--r--includes/notary.inc.php1347
-rw-r--r--includes/wot.inc.php539
-rw-r--r--locale/.gitignore3
-rw-r--r--locale/Makefile184
-rw-r--r--locale/escape_special_chars.php80
-rwxr-xr-xlocale/make.php35
-rw-r--r--pages/account/0.php3
-rw-r--r--pages/account/10.php19
-rw-r--r--pages/account/12.php45
-rw-r--r--pages/account/13.php85
-rw-r--r--pages/account/16.php20
-rw-r--r--pages/account/17.php122
-rw-r--r--pages/account/18.php183
-rw-r--r--pages/account/20.php16
-rw-r--r--pages/account/22.php178
-rw-r--r--pages/account/24.php6
-rw-r--r--pages/account/27.php6
-rw-r--r--pages/account/29.php4
-rw-r--r--pages/account/3.php70
-rw-r--r--pages/account/30.php1
-rw-r--r--pages/account/33.php2
-rw-r--r--pages/account/35.php117
-rw-r--r--pages/account/38.php29
-rw-r--r--pages/account/4.php175
-rw-r--r--pages/account/40.php57
-rw-r--r--pages/account/41.php21
-rw-r--r--pages/account/43.php1591
-rw-r--r--pages/account/44.php8
-rw-r--r--pages/account/49.php16
-rw-r--r--pages/account/5.php39
-rw-r--r--pages/account/50.php6
-rw-r--r--pages/account/57.php107
-rw-r--r--pages/account/58.php61
-rw-r--r--pages/account/59.php284
-rw-r--r--pages/account/6.php266
-rw-r--r--pages/account/8.php4
-rw-r--r--pages/gpg/0.php10
-rw-r--r--pages/gpg/2.php24
-rw-r--r--pages/index/0.php141
-rw-r--r--pages/index/10.php13
-rw-r--r--pages/index/11.php52
-rw-r--r--pages/index/13.php18
-rw-r--r--pages/index/21.php37
-rw-r--r--pages/index/3.php59
-rw-r--r--pages/index/4.php10
-rw-r--r--pages/wot/11.php52
-rw-r--r--pages/wot/14.php47
-rw-r--r--pages/wot/15.php2
-rw-r--r--pages/wot/2.php25
-rw-r--r--pages/wot/4.php74
-rw-r--r--pages/wot/5.php5
-rw-r--r--pages/wot/6.php189
-rw-r--r--pages/wot/9.php9
-rw-r--r--password.dat.sample2
-rw-r--r--scripts/21de-ate-essen-email.txt97
-rw-r--r--scripts/21de-ate-essen-mail.php.txt135
-rw-r--r--scripts/22de-ate-aachen-email.txt133
-rw-r--r--scripts/22de-ate-aachen-mail.php.txt141
-rw-r--r--scripts/23au-ate-canberra-email.txt31
-rw-r--r--scripts/23au-ate-canberra-mail.php.txt142
-rw-r--r--scripts/24de-blit2010-email.txt15
-rw-r--r--scripts/24de-blit2010-mail.php.txt147
-rw-r--r--scripts/25de-ate-hamburg-mail.php.txt143
-rw-r--r--scripts/25de-ate-hamburg-mail.txt67
-rw-r--r--scripts/26us-lisa2010-email.txt26
-rw-r--r--scripts/26us-lisa2010-mail.php.txt151
-rw-r--r--scripts/27au-ate-melbourne-email.txt31
-rw-r--r--scripts/27au-ate-melbourne-mail.php.txt156
-rw-r--r--scripts/28au-ate-melbourne-email.txt17
-rw-r--r--scripts/28au-ate-melbourne-mail.php.txt156
-rw-r--r--scripts/29au-ate-brisbane-email.txt38
-rw-r--r--scripts/29au-ate-brisbane-mail.php.txt78
-rw-r--r--scripts/30de-ate-muenchen-email.txt46
-rw-r--r--scripts/30de-ate-muenchen-mail.php.txt146
-rw-r--r--scripts/31de-lt2011-berlin-email.txt20
-rw-r--r--scripts/31de-lt2011-berlin-mail.php.txt152
-rw-r--r--scripts/32de-ate-bonn-email.txt38
-rw-r--r--scripts/32de-ate-bonn-mail.php.txt151
-rw-r--r--scripts/33us-ate-wdc-email.txt40
-rw-r--r--scripts/33us-ate-wdc-mail.php.txt108
-rw-r--r--scripts/34us-ate-wdc-email.txt21
-rw-r--r--scripts/35us-ate-ny-email.txt22
-rw-r--r--scripts/36us-ate-ny-email.txt34
-rw-r--r--scripts/37de-blit2011-email.txt18
-rw-r--r--scripts/38us-fudcon2012-email.txt17
-rw-r--r--scripts/49de-lt2013-berlin-email.txt17
-rw-r--r--scripts/49de-lt2013-berlin-mail.php.txt (renamed from scripts/38us-fudcon2012-mail.php.txt)56
-rw-r--r--scripts/50de-ate-luebeck-email.txt91
-rw-r--r--scripts/50de-ate-luebeck-mail.php.txt123
-rw-r--r--scripts/51at-ate-graz-email.txt91
-rw-r--r--scripts/51at-ate-graz-mail.php.txt126
-rw-r--r--scripts/52at-ate-wien-email.txt91
-rw-r--r--scripts/52at-ate-wien-mail.php.txt130
-rwxr-xr-xscripts/areacheck.php64
-rw-r--r--scripts/ate-bi-email.txt124
-rw-r--r--scripts/ate-bi-mail.php78
-rw-r--r--scripts/ate-d-email.txt127
-rw-r--r--scripts/ate-d-mail.php.txt85
-rw-r--r--scripts/ate-de09-email.txt117
-rw-r--r--scripts/ate-de09-mail.php.txt88
-rw-r--r--scripts/ate-de11-email.txt37
-rw-r--r--scripts/ate-de11-mail.php.txt92
-rw-r--r--scripts/ate-f-email.txt40
-rw-r--r--scripts/ate-f-mail.php.txt83
-rw-r--r--scripts/ate-goteborg-s16-email.txt58
-rw-r--r--scripts/ate-goteborg-s16-mail.php.txt110
-rw-r--r--scripts/ate-hh-email.txt40
-rw-r--r--scripts/ate-hh-mail.php.txt164
-rw-r--r--scripts/ate-l-email.txt40
-rw-r--r--scripts/ate-l-mail.php.txt84
-rw-r--r--scripts/ate-m-email.txt36
-rw-r--r--scripts/ate-m-mail.php.txt83
-rw-r--r--scripts/ate-nl01-email.txt88
-rw-r--r--scripts/ate-nl01-mail.php.txt89
-rw-r--r--scripts/ate-s-email.txt40
-rw-r--r--scripts/ate-s-mail.php.txt83
-rw-r--r--scripts/ate-sydney-au20-email.txt30
-rw-r--r--scripts/ate-sydney-au20-mail.php.txt130
-rw-r--r--scripts/ate-us02-email.txt27
-rw-r--r--scripts/ate-us02-mail.php.txt97
-rw-r--r--scripts/blit-de15-email.txt23
-rw-r--r--scripts/blit-de15-mail.php.txt105
-rw-r--r--scripts/cebitemail.txt36
-rwxr-xr-xscripts/cron/permissionreview.php250
-rwxr-xr-xscripts/cron/refresh_stats.php307
-rwxr-xr-xscripts/cron/removedead.php (renamed from scripts/removedead.php)13
-rwxr-xr-xscripts/cron/updatesort.php (renamed from scripts/updatesort.php)17
-rwxr-xr-xscripts/cron/warning.php (renamed from scripts/warning.php)57
-rwxr-xr-xscripts/db_migrations/version2.sh96
-rw-r--r--scripts/koelnemail.txt28
-rw-r--r--scripts/lisa-us13-email.txt12
-rw-r--r--scripts/lisa-us13-mail.php.txt96
-rw-r--r--scripts/mail-weak-keys.php12
-rw-r--r--scripts/mailing archive/45au-ate-melbourne-email.txt32
-rw-r--r--scripts/mailing archive/45au-ate-melbourne-mail.php.txt (renamed from scripts/35us-ate-ny-mail.php.txt)43
-rw-r--r--scripts/mailing archive/46us-ate-raleigh-email.txt41
-rw-r--r--scripts/mailing archive/46us-ate-raleigh-mail.php.txt (renamed from scripts/36us-ate-ny-mail.php.txt)47
-rw-r--r--scripts/mailing archive/47us-fudcon-lawrence-email.txt26
-rw-r--r--scripts/mailing archive/47us-fudcon-lawrence-mail.php.txt (renamed from scripts/37de-blit2011-mail.php.txt)41
-rw-r--r--scripts/mailing archive/48de-ate-kiel-email.txt68
-rw-r--r--scripts/mailing archive/48de-ate-kiel-mail.php.txt (renamed from scripts/34us-ate-wdc-mail.php.txt)50
-rw-r--r--scripts/mailing archive/oa01-allowance.php.txt (renamed from scripts/oa01-allowance.php.txt)0
-rw-r--r--scripts/mailing archive/oa01-allowance.txt (renamed from scripts/oa01-allowance.txt)316
-rw-r--r--scripts/mailing archive/oa02-mailingtextCats.txt71
-rw-r--r--scripts/mailing archive/oa02-mailingtextPoints.txt79
-rw-r--r--scripts/mailing archive/oa02-mailingtextPointsCats.txt82
-rw-r--r--scripts/mailing archive/oa02-orgainformation.php.txt119
-rw-r--r--scripts/mailing archive/thawte_DE.txt (renamed from scripts/thawte_DE.txt)0
-rw-r--r--scripts/mailing archive/thawte_EN.txt (renamed from scripts/thawte_EN.txt)0
-rw-r--r--scripts/mailing archive/thawte_ES.txt (renamed from scripts/thawte_ES.txt)0
-rw-r--r--scripts/mailing archive/thawte_FR.txt (renamed from scripts/thawte_FR.txt)0
-rw-r--r--scripts/mailing archive/thawte_NL.txt (renamed from scripts/thawte_NL.txt)0
-rw-r--r--scripts/mailing archive/thawte_RU.txt (renamed from scripts/thawte_RU.txt)0
-rw-r--r--scripts/mission-hills-ca-us17-email.txt17
-rw-r--r--scripts/mission-hills-ca-us17-mail.php.txt115
-rwxr-xr-xscripts/nearest.php34
-rw-r--r--scripts/osd-copenhagen-dk18-email.txt35
-rw-r--r--scripts/osd-copenhagen-dk18-mail.php.txt120
-rw-r--r--scripts/ost-de14-email.txt22
-rw-r--r--scripts/ost-de14-mail.php.txt100
-rw-r--r--scripts/resetpermissions.php71
-rw-r--r--scripts/scale8x-los-angeles-ca-us19-email.txt36
-rw-r--r--scripts/scale8x-los-angeles-ca-us19-mail.php.txt125
-rw-r--r--scripts/sfd-de12-email.txt24
-rw-r--r--scripts/sfd-de12-mail.php.txt94
-rw-r--r--stamp/style.css91
-rw-r--r--www/account.php43
-rw-r--r--www/advertising.php6
-rw-r--r--www/api/ccsr.php3
-rw-r--r--www/cap.php62
-rw-r--r--www/capnew.php10
-rw-r--r--www/cats/cats_import.php4
-rw-r--r--www/certs/CAcert_Root_Certificates.msibin0 -> 1593344 bytes
-rw-r--r--www/coapnew.php10
-rw-r--r--www/disputes.php82
-rw-r--r--www/gpg.php247
-rw-r--r--www/images/btn_paynowCC_LG.gifbin2432 -> 2410 bytes
-rw-r--r--www/images/btn_subscribeCC_LG.gifbin0 -> 2172 bytes
-rw-r--r--www/index.php62
-rw-r--r--www/keygenIE.js609
-rw-r--r--www/policy/CertificationPracticeStatement.php72
-rw-r--r--www/policy/DisputeResolutionPolicy.php407
-rw-r--r--www/policy/OrganisationAssurancePolicy.php141
-rw-r--r--www/policy/PrivacyPolicy.html4
-rw-r--r--www/sqldump.php22
-rw-r--r--www/stats.php428
-rw-r--r--www/styles/default.css453
-rw-r--r--www/ttp.php28
-rw-r--r--www/wot.php280
204 files changed, 9997 insertions, 10390 deletions
diff --git a/CommModule/client.pl b/CommModule/client.pl
index 323ee27..bf92b27 100755
--- a/CommModule/client.pl
+++ b/CommModule/client.pl
@@ -595,7 +595,7 @@ sub OpenPGPextractExpiryDate ($)
# Sets the locale according to the users preferred language
sub setUsersLanguage($)
{
- my $lang="de_DE";
+ my $lang="en_US";
print "Searching for the language of the user $_[0]\n";
my @a=$dbh->selectrow_array("select language from users where id='".int($_[0])."'");
$lang = $1 if($a[0]=~m/(\w+_[\w.@]+)/);
@@ -887,7 +887,7 @@ sub HandleCerts($$)
my $body = _("Hi")." $user{fname},\n\n";
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row{'email'}.$row{'CN'});
$body .= "https://www.cacert.org/account.php?id=".($server?"15":"6")."&cert=$row{id}\n\n";
- $body .= _("If you have not imported CAcert´s root certificate, please go to:")."\n";
+ $body .= _("If you have not imported CAcert's root certificate, please go to:")."\n";
$body .= "https://www.cacert.org/index.php?id=3\n";
$body .= "Root cert fingerprint = A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B\n";
$body .= "Root cert fingerprint = 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33\n\n";
diff --git a/CommModule/server.pl b/CommModule/server.pl
index eb5113a..6084042 100755
--- a/CommModule/server.pl
+++ b/CommModule/server.pl
@@ -502,9 +502,28 @@ sub SignX509($$$$$$$$)
{
open OUT,">$wid/extfile";
print OUT "basicConstraints = critical, CA:FALSE\n";
+ print OUT "keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement\n";
print OUT "extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC\n";
- print OUT "keyUsage = digitalSignature, keyEncipherment\n";
print OUT "authorityInfoAccess = OCSP;URI:$OCSPUrl\n";
+
+ my $CRLUrl="";
+ if($root==0)
+ {
+ $CRLUrl="http://crl.cacert.org/revoke.crl";
+ }
+ elsif($root==1)
+ {
+ $CRLUrl="http://crl.cacert.org/class3-revoke.crl";
+ }
+ elsif($root==2)
+ {
+ $CRLUrl="http://crl.cacert.org/class3s-revoke.crl";
+ }
+ else
+ {
+ $CRLUrl="http://crl.cacert.org/root${root}.crl";
+ }
+ print OUT "crlDistributionPoints = URI:${CRLUrl}\n";
print OUT "subjectAltName = $san\n" if(length($san));
close OUT;
$extfile=" -extfile $wid/extfile ";
@@ -936,10 +955,10 @@ sub analyze($)
if($bytes[1] == 0) # NUL Request
{
SysLog "NUL Request detected.\n";
- if($fields[1])
+ if($fields[1] =~ /^\d+\.\d+$/)
{
open OUT,">timesync.sh";
- print OUT "date -u $fields[1]\n";
+ print OUT "date -u '$fields[1]'\n";
print OUT "hwclock --systohc\n";
close OUT;
}
diff --git a/Makefile b/Makefile
deleted file mode 100644
index 914d979..0000000
--- a/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-all:
- xgettext -s -o messages.po --no-wrap --foreign-user includes/*.php www/*.php pages/account/*.php pages/index/*.php pages/wot/*.php pages/gpg/*.php pages/disputes/*.php pages/help/*.php pages/disputes/*.php scripts/removedead.php
- perl cacertupload.pl
- cd locale; php make.php
-
-other: all
- cat messages.po|sed "s/CHARSET/iso-8859-1/"|sed "s/PACKAGE VERSION/CAcert/"|sed "s/This file is put in the public domain./This file is distributed under the same license as the CAcert package./"|sed "s/# SOME DESCRIPTIVE TITLE.//" > messages.po
diff --git a/cacertupload.pl b/cacertupload.pl
deleted file mode 100644
index 991570b..0000000
--- a/cacertupload.pl
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/usr/bin/perl
-
-#LibreSSL - CAcert web application
-#Copyright (C) 2004-2008 CAcert Inc.
-#
-#This program is free software; you can redistribute it and/or modify
-#it under the terms of the GNU General Public License as published by
-#the Free Software Foundation; version 2 of the License.
-#
-#This program is distributed in the hope that it will be useful,
-#but WITHOUT ANY WARRANTY; without even the implied warranty of
-#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#GNU General Public License for more details.
-#
-#You should have received a copy of the GNU General Public License
-#along with this program; if not, write to the Free Software
-#Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-
-use LWP::UserAgent;
-$ua = LWP::UserAgent->new(agent => 'Translingo Client 1.0');
-use HTTP::Request::Common qw(POST);
-
-my $translingo_password;
-my $translingo_account;
-
-# Read Account&Password from file
-eval `cat password.dat`;
-
-$ua->cookie_jar({});
-$ua->timeout(10000);
-
-my $req = POST 'http://translingo.cacert.org/login.php',
-[
-];
-# ggf. Referer faken
-$req->referer('http://translingo.cacert.org/');
- $ua->request($req)->as_string;
-
-# 1.Test - Umgebung
-my $req = POST 'http://translingo.cacert.org/login.php',
-[
- username => $translingo_account,
- password => $translingo_password,
- submit => 'Login',
-];
-# ggf. Referer faken
-$req->referer('http://translingo.cacert.org/');
-$ua->request($req)->as_string;
-
-# 2.Test - FileUpload
-my $req = POST 'http://translingo.cacert.org/upload.php',
-Content_Type => 'form-data',
-Content => [
- project => '1',
- fileformat => '1',
- pofile => ["messages.po" => "messages.po", 'Content_Type' => "application/x-gettext"],
-];
-print $ua->request($req)->as_string;
-
diff --git a/includes/account.php b/includes/account.php
index 55c9f7a..55110bf 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -10,12 +10,15 @@
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
require_once("../includes/loggedin.php");
+ require_once("../includes/lib/l10n.php");
+ require_once("../includes/lib/check_weak_key.php");
+ require_once("../includes/notary.inc.php");
loadem("account");
@@ -27,7 +30,7 @@
$orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
$memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
$domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);
-
+ $ticketno=""; if(array_key_exists('ticketno',$_REQUEST)) $ticketno=$_REQUEST['ticketno'];
if(!$_SESSION['mconn'])
{
@@ -68,9 +71,7 @@
}
$oldid=0;
$_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
- $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ if(check_email_exists($_REQUEST['email'])==true)
{
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
@@ -81,7 +82,7 @@
if($checkemail != "OK")
{
showheader(_("My CAcert.org Account!"));
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
} else {
@@ -122,9 +123,9 @@
exit;
}
$row = mysql_fetch_assoc($res);
- $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
- $body .= _("You are receiving this email because you or someone else")."\n";
- $body .= _("has changed the default email on your account.")."\n\n";
+ $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
+ $body .= _("You are receiving this email because you or someone else ".
+ "has changed the default email on your account.")."\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
@@ -148,8 +149,13 @@
$delcount = 0;
if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
{
+ $deltitle=false;
foreach($_REQUEST['delid'] as $id)
{
+ if (!$deltitle) {
+ echo _('The following email addresses have been removed:')."<br>\n";
+ $deltitle=true;
+ }
$id = intval($id);
$query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
`email`!='".$_SESSION['profile']['email']."'";
@@ -158,17 +164,7 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
- $query = "select `emailcerts`.`id`
- from `emaillink`,`emailcerts` where
- `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
- `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
- group by `emailcerts`.`id`";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
-
- $query = "update `email` set `deleted`=NOW() where `id`='$id'";
- mysql_query($query);
+ account_email_delete($row['id']);
$delcount++;
}
}
@@ -177,11 +173,9 @@
{
echo _("You did not select any email accounts for removal.");
}
- if($delcount > 0)
+ if(0 == $delcount)
{
- echo _("The following accounts have been removed:")."<br>\n";
- } else {
- echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
+ echo _("You did not select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
}
showfooter();
@@ -190,6 +184,14 @@
if($process != "" && $oldid == 3)
{
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
+
if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
{
showheader(_("My CAcert.org Account!"));
@@ -238,6 +240,11 @@
$_REQUEST['keytype'] = "MS";
$csr = clean_csr($_REQUEST['optionalCSR']);
}
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
}
if($oldid == 4)
@@ -313,15 +320,18 @@
showfooter();
exit;
}
-
+
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
$query = "insert into emailcerts set
- `CN`='$defaultemail',
+ `CN`='$defaultemail',
`keytype`='NS',
`memid`='".intval($_SESSION['profile']['id'])."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
- `rootcert`='".intval($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@@ -332,20 +342,20 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $res=`openssl spkac -verify -in $CSRname`;
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
if($csr == "")
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
-
+
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
{
$id = 4;
@@ -354,7 +364,7 @@
showfooter();
exit;
}
-
+
$tmpfname = tempnam("/tmp", "id4CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
@@ -365,8 +375,8 @@
$csrsubject="";
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
- if(strlen($user['mname']) == 1)
- $user['mname'] .= '.';
+ if(strlen($user['mname']) == 1)
+ $user['mname'] .= '.';
if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
$csrsubject = "/CN=CAcert WoT User";
if($_SESSION['_config']['incname'] == 1)
@@ -413,14 +423,16 @@
showfooter();
exit;
}
- $query = "insert into emailcerts set
- `CN`='$defaultemail',
+ $query = "insert into emailcerts set
+ `CN`='$defaultemail',
`keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='".mysql_real_escape_string($csrsubject)."',
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@@ -454,10 +466,10 @@
csrf_check("adddomain");
if(strstr($_REQUEST['newdomain'],"\x00"))
{
- showheader(_("My CAcert.org Account!"));
- echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
+ showfooter();
+ exit;
}
list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
@@ -572,7 +584,7 @@
{
showheader(_("My CAcert.org Account!"));
//echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
} else {
@@ -619,11 +631,9 @@
{
$row = mysql_fetch_assoc($res);
echo $row['domain']."<br>\n";
- mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'");
- $dres = mysql_query("select * from `domlink` where `domid`='$id'");
- while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
+ account_domain_delete($row['id']);
}
+
}
}
else
@@ -637,13 +647,21 @@
if($process != "" && $oldid == 10)
{
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
+
$CSR = clean_csr($_REQUEST['CSR']);
if(strpos($CSR,"---BEGIN")===FALSE)
{
- // In case the CSR is missing the ---BEGIN lines, add them automatically:
- $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
+ // In case the CSR is missing the ---BEGIN lines, add them automatically:
+ $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
}
-
+
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
showheader(_("My CAcert.org Account!"));
@@ -651,7 +669,13 @@
showfooter();
exit;
}
-
+
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -696,7 +720,7 @@
showfooter();
exit;
}
-
+
if (($weakKey = checkWeakKeyCSR(file_get_contents(
$_SESSION['_config']['tmpfname']))) !== "")
{
@@ -705,7 +729,7 @@
showfooter();
exit;
}
-
+
$id = 11;
if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
{
@@ -718,7 +742,7 @@
$subject = "";
$count = 0;
$supressSAN=0;
- if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
+ if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
if(is_array($_SESSION['_config']['rows']))
foreach($_SESSION['_config']['rows'] as $row)
@@ -747,19 +771,23 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
{
- $query = "insert into `domaincerts` set
+ $query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `description`='".$_SESSION['_config']['description']."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
- $query = "insert into `domaincerts` set
+ $query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `description`='".$_SESSION['_config']['description']."'";
} else {
showheader(_("My CAcert.org Account!"));
echo _("Domain not verified.");
@@ -821,27 +849,28 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
- $query = "insert into `domaincerts` set
- `domid`='".$row['domid']."',
+ $query = "insert into `domaincerts` set
+ `domid`='".$row['domid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',".
//`csr_name`='".$row['csr_name']."', // RACE CONDITION
"`created`='".$row['created']."',
- `modified`=NOW(),
+ `modified`=NOW(),
`rootcert`='".$row['rootcert']."',
`type`='".$row['type']."',
- `pkhash`='".$row['pkhash']."'";
+ `pkhash`='".$row['pkhash']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","server",$newid);
@@ -922,7 +951,7 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
+ $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
@@ -953,7 +982,7 @@
foreach($_REQUEST['delid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
+ $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
@@ -979,6 +1008,24 @@
exit;
}
+ if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
{
showheader(_("My CAcert.org Account!"));
@@ -988,7 +1035,7 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
+ $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -996,28 +1043,29 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
- $query = "insert into emailcerts set
- `memid`='".$row['memid']."',
+ $query = "insert into emailcerts set
+ `memid`='".$row['memid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `keytype`='".$row['keytype']."',
+ `csr_name`='".$row['csr_name']."',
+ `created`='".$row['created']."',
`modified`=NOW(),
`disablelogin`='".$row['disablelogin']."',
`codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."'";
+ `rootcert`='".$row['rootcert']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","client",$newid);
@@ -1061,7 +1109,7 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
+ $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -1090,7 +1138,7 @@
foreach($_REQUEST['delid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
+ $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -1116,26 +1164,47 @@
if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
{
- showheader(_("My CAcert.org Account!"));
- //echo _("Now changing the settings for the following certificates:")."<br>\n";
- foreach($_REQUEST as $id => $val)
- {
- //echo $id."<br/>";
- if(substr($id,0,5)=="cert_")
- {
- $id = intval(substr($id,5));
- $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
- //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
- mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
- //$row = mysql_fetch_assoc($res);
- }
- }
- echo(_("Certificate settings have been changed.")."<br/>\n");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,5)=="cert_")
+ {
+ $cid = intval(substr($id,5));
+ $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
+ mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ if(!empty($_REQUEST['check_comment_'.$cid])) {
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
}
+ if($oldid == 6 && $_REQUEST['certid'] != "")
+ {
+ if(trim($_REQUEST['description']) != ""){
+ $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $description= "";
+ }
+
+ if(trim($_REQUEST['disablelogin']) == "1"){
+ $disablelogin = 1;
+ }else{
+ $disablelogin = 0;
+ }
+
+ mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+
if($oldid == 13 && $process != "")
{
csrf_check("perschange");
@@ -1152,42 +1221,42 @@
$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
- if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
- {
- $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
- $id = $oldid;
+ if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
+ {
+ $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
+ $id = $oldid;
$oldid=0;
- }
+ }
if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
@@ -1205,7 +1274,7 @@
$ddres = mysql_query($ddquery);
$ddrow = mysql_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
-
+
if($_SESSION['profile']['points'] == 0)
{
$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
@@ -1257,7 +1326,7 @@
where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
- //!!!Should be rewritten
+ //!!!Should be rewritten
$_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
$_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
@@ -1330,9 +1399,9 @@
where `id`='".$_SESSION['profile']['id']."'");
echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
- $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
- $body .= _("You are receiving this email because you or someone else")."\n";
- $body .= _("has changed the password on your account.")."\n";
+ $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
+ $body .= _("You are receiving this email because you or someone else ".
+ "has changed the password on your account.")."\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
@@ -1370,6 +1439,13 @@
}
$_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
$_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
+
+
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
}
if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
@@ -1399,6 +1475,12 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
if(@count($_SESSION['_config']['emails']) > 0)
$id = 17;
}
@@ -1445,6 +1527,7 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+
$emails .= "SPKAC = $spkac";
if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
{
@@ -1454,14 +1537,16 @@
showfooter();
exit;
}
-
- $query = "insert into `orgemailcerts` set
- `CN`='$defaultemail',
+
+ $query = "insert into `orgemailcerts` set
+ `CN`='$defaultemail',
+ `ou`='".$_SESSION['_config']['OU']."',
`keytype`='NS',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1473,19 +1558,19 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $res=`openssl spkac -verify -in $CSRname`;
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
-
+
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
{
$id = 17;
@@ -1494,7 +1579,7 @@
showfooter();
exit;
}
-
+
$tmpfname = tempnam("/tmp", "id17CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
@@ -1544,14 +1629,16 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
- $query = "insert into `orgemailcerts` set
- `CN`='$defaultemail',
+ $query = "insert into `orgemailcerts` set
+ `CN`='$defaultemail',
+ `ou`='".$_SESSION['_config']['OU']."',
`keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject',
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1601,32 +1688,34 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- $query = "insert into `orgemailcerts` set
- `orgid`='".$row['orgid']."',
+ $query = "insert into `orgemailcerts` set
+ `orgid`='".$row['orgid']."',
`CN`='".$row['CN']."',
+ `ou`='".$row['ou']."',
`subject`='".$row['subject']."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `keytype`='".$row['keytype']."',
+ `csr_name`='".$row['csr_name']."',
+ `created`='".$row['created']."',
`modified`=NOW(),
`codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."'";
+ `rootcert`='".$row['rootcert']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","orgclient",$newid);
@@ -1718,10 +1807,43 @@
exit;
}
+ if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+ if($oldid == 18 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
+ {
+ $id=18;
+ $_SESSION['_config']['orgfilterid']=$_REQUEST['orgfilterid'];
+ $_SESSION['_config']['sorting']=$_REQUEST['sorting'];
+ $_SESSION['_config']['status']=$_REQUEST['status'];
+ }
+
+ if($oldid == 18 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
+ {
+ $id=18;
+ $_SESSION['_config']['orgfilterid']=0;
+ $_SESSION['_config']['sorting']=0;
+ $_SESSION['_config']['status']=0;
+ }
+
if($process != "" && $oldid == 20)
{
$CSR = clean_csr($_REQUEST['CSR']);
-
+
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
$id = 20;
@@ -1730,7 +1852,13 @@
showfooter();
exit;
}
-
+
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -1780,7 +1908,7 @@
if($process != "" && $oldid == 21)
{
$id = 21;
-
+
if(!file_exists($_SESSION['_config']['tmpfname']))
{
showheader(_("My CAcert.org Account!"));
@@ -1788,7 +1916,7 @@
showfooter();
exit;
}
-
+
if (($weakKey = checkWeakKeyCSR(file_get_contents(
$_SESSION['_config']['tmpfname']))) !== "")
{
@@ -1806,8 +1934,8 @@
exit;
}
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
$query = "select * from `org`,`orginfo` where
`orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
`orginfo`.`id`=`org`.`orgid` and
@@ -1837,7 +1965,7 @@
if(is_array($_SESSION['_config']['rows']))
foreach($_SESSION['_config']['rows'] as $row)
$csrsubject .= "/commonName=$row";
- $SAN="";
+ $SAN="";
if(is_array($_SESSION['_config']['altrows']))
foreach($_SESSION['_config']['altrows'] as $subalt)
{
@@ -1854,25 +1982,27 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
- $query = "insert into `orgdomaincerts` set
- `CN`='".$_SESSION['_config']['rows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type'";
- } else {
- $query = "insert into `orgdomaincerts` set
- `CN`='".$_SESSION['_config']['altrows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type'";
- }
- mysql_query($query);
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".$_SESSION['_config']['rows']['0']."',
+ `orgid`='".$org['id']."',
+ `created`=NOW(),
+ `subject`='$csrsubject',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `type`='$type',
+ `description`='".$_SESSION['_config']['description']."'";
+ } else {
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".$_SESSION['_config']['altrows']['0']."',
+ `orgid`='".$org['id']."',
+ `created`=NOW(),
+ `subject`='$csrsubject',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `type`='$type',
+ `description`='".$_SESSION['_config']['description']."'";
+ }
+ mysql_query($query);
$CSRid = mysql_insert_id();
$CSRname=generatecertpath("csr","orgserver",$CSRid);
@@ -1922,31 +2052,32 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- $query = "insert into `orgdomaincerts` set
- `orgid`='".$row['orgid']."',
+ $query = "insert into `orgdomaincerts` set
+ `orgid`='".$row['orgid']."',
`CN`='".$row['CN']."',
- `csr_name`='".$row['csr_name']."',
+ `csr_name`='".$row['csr_name']."',
`created`='".$row['created']."',
- `modified`=NOW(),
- `subject`='".$row['subject']."',
+ `modified`=NOW(),
+ `subject`='".$row['subject']."',
`type`='".$row['type']."',
- `rootcert`='".$row['rootcert']."'";
+ `rootcert`='".$row['rootcert']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
//echo "NewID: $newid<br/>\n";
@@ -2047,6 +2178,40 @@
exit;
}
+ if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+ if($oldid == 22 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
+ {
+ $id=22;
+ $_SESSION['_config']['dorgfilterid']=$_REQUEST['dorgfilterid'];
+ $_SESSION['_config']['dsorting']=$_REQUEST['dsorting'];
+ $_SESSION['_config']['dstatus']=$_REQUEST['dstatus'];
+ }
+
+ if($oldid == 22 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
+ {
+ $id=22;
+ $_SESSION['_config']['dorgfilterid']=0;
+ $_SESSION['_config']['dsorting']=0;
+ $_SESSION['_config']['dstatus']=0;
+ }
+
+
if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
@@ -2144,9 +2309,9 @@
if($oldid == 29 && $process != "")
{
- $domain = mysql_real_escape_string(stripslashes(trim($domainname)));
+ $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
- $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($_SESSION['_config']['domid'])."'");
+ $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
{
@@ -2156,20 +2321,20 @@
}
}
- if(($oldid == 29 || $oldid == 30) && $process != _("Cancel"))
+ if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
{
- $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
+ $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
- `orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
+ `orgdomains`.`id`='".intval($domid)."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
- $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
+ $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
- `orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
+ `orgdomains`.`id`='".intval($domid)."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
@@ -2177,23 +2342,23 @@
if($oldid == 29 && $process != "")
{
- $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
- mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'");
+ $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
+ mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
- echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
+ echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
showfooter();
exit;
}
if($oldid == 30 && $process != "")
{
- $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
+ $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
$domain = $row['domain'];
- mysql_query("delete from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'");
+ mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
- echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
+ echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
showfooter();
exit;
}
@@ -2210,7 +2375,7 @@
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
{
- $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
+ $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
@@ -2222,7 +2387,7 @@
mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
}
- $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
+ $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
@@ -2245,8 +2410,7 @@
$orgid = 0;
}
- if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 ||
- $id == 35 || $oldid == 35)
+ if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
{
$query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
$_macc = mysql_num_rows(mysql_query($query));
@@ -2259,6 +2423,19 @@
}
}
+ if($id == 35 || $oldid == 35)
+ {
+ $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
+ $is_orguser = mysql_num_rows(mysql_query($query));
+ if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You don't have access to this area.");
+ showfooter();
+ exit;
+ }
+ }
+
if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
{
$orgid = intval($_SESSION['_config']['orgid']);
@@ -2288,8 +2465,21 @@
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
} else {
$row = mysql_fetch_assoc($res);
- mysql_query("insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
- `masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
+ if ( !is_assurer(intval($row['id'])) )
+ {
+ $id = $oldid;
+ $oldid=0;
+ $_SESSION['_config']['errmsg'] =
+ _("The user is not an Assurer yet");
+ } else {
+ mysql_query(
+ "insert into `org`
+ set `memid`='".intval($row['id'])."',
+ `orgid`='".intval($_SESSION['_config']['orgid'])."',
+ `masteracc`='$masteracc',
+ `OU`='$OU',
+ `comments`='$comments'");
+ }
}
}
@@ -2351,7 +2541,7 @@
{
csrf_check("mainlang");
$lang = mysql_real_escape_string($_REQUEST['lang']);
- foreach($_SESSION['_config']['translations'] as $key => $val)
+ foreach(L10n::$translations as $key => $val)
{
if($key == $lang)
{
@@ -2412,8 +2602,8 @@
exit;
}
- if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
- ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
+ if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
+ ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
$_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
{
$id = 53;
@@ -2423,7 +2613,7 @@
$locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
$name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
$long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
- $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
+ $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
$action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
if($locid > 0 && $action == "edit")
@@ -2510,7 +2700,18 @@
$oldid=0;
}
- if($oldid == 43 && $_REQUEST['action'] == "updatedob")
+ //check if ticket number was entered
+ if ( $id == 43 || $oldid == 43 || $id == 44 || $oldid == 44) {
+ $ticketvalidation = FALSE;
+ if ($ticketno != "" ) {
+ $ticketno = mysql_real_escape_string(trim($_REQUEST['ticketno']));
+ $ticketvalidation = valid_ticket_number($ticketno);
+ }
+
+ $_SESSION['ticketno'] = $ticketno;
+ }
+
+ if($oldid == 43 && $_REQUEST['action'] == "updatedob" && $ticketvalidation==TRUE)
{
$id = 43;
$oldid=0;
@@ -2522,13 +2723,19 @@
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);
$userid = intval($_REQUEST['userid']);
- $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
- $details = mysql_fetch_assoc(mysql_query($query));
- $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
- `new-lname`='$lname',`new-dob`='$year-$month-$day',`uid`='$userid',`adminid`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
mysql_query($query);
+ write_se_log($userid, $_SESSION['profile']['id'],'AD Name/DOB Change',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+ }
+
+ if($oldid == 43 && $_REQUEST['action'] == 'revokecert' && $ticketvalidation==TRUE)
+ {
+ $userid = intval($_REQUEST['userid']);
+ revoke_all_private_cert($userid);
+ write_se_log($userid, $_SESSION['profile']['id'], 'AD Revoke all certificates',$ticketno);
+ $id=43;
}
if($oldid == 48 && $_REQUEST['domain'] == "")
@@ -2554,7 +2761,7 @@
$_REQUEST['email'] = $row['email'];
}
- if($oldid == 44)
+ if($oldid == 44 && $ticketvalidation==TRUE)
{
showheader(_("My CAcert.org Account!"));
if(intval($_REQUEST['userid']) <= 0)
@@ -2566,20 +2773,23 @@
printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
- $body = sprintf(_("Hi %s,"),$row['fname'])."\n";
- $body .= _("You are receiving this email because a CAcert administrator")."\n";
- $body .= _("has changed the password on your account.")."\n";
+ $body = sprintf(_("Hi %s,"),$row['fname'])."\n\n";
+ $body .= _("You are receiving this email because a CAcert administrator ".
+ "has changed the password on your account.")."\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body,
"support@cacert.org", "", "", "CAcert Support");
-
+ write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'AD reset password',$ticketno);
}
showfooter();
exit;
+ }else{
+ $_SESSION['ticketmsg']='No password reset taken. Ticket number is missing!';
}
+
if($process != "" && $oldid == 45)
{
$CSR = clean_csr($CSR);
@@ -2629,7 +2839,7 @@
showfooter();
exit;
}
-
+
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
showheader(_("My CAcert.org Account!"));
@@ -2638,7 +2848,7 @@
exit;
}
- $query = "insert into `domaincerts` set
+ $query = "insert into `domaincerts` set
`CN`='".$_SESSION['_config']['0.CN']."',
`domid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW()";
@@ -2672,45 +2882,58 @@
}
}
- if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0)
+ /* presently not needed
+ if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['tverify'];
mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change tverify status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+ }
+ */
+ if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation==TRUE)
+ {
+ csrf_check('admsetassuret');
+ $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer'];
+ mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change assurer staus',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+ }
+
+ if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation==TRUE)
+ {
+ $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer_blocked'];
+ mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change assurer blocked status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
- {
- csrf_check('admsetassuret');
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer'];
- mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
- }
-
- if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
- {
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer_blocked'];
- mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
- }
-
- if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
- {
- csrf_check('admactlock');
+ if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation==TRUE)
+ {
+ csrf_check('admactlock');
$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locked'];
mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change locked status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0)
+ if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation==TRUE)
{
csrf_check('admcodesign');
$memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']);
@@ -2718,9 +2941,12 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['codesign'];
mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change codesign status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0)
+ if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation==TRUE)
{
csrf_check('admorgadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
@@ -2728,9 +2954,12 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['orgadmin'];
mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change org assuer status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0)
+ if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation==TRUE)
{
csrf_check('admttpadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
@@ -2738,9 +2967,12 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['ttpadmin'];
mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change ttp admin status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0)
+ if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
$query = "select * from `users` where `id`='$memid'";
@@ -2749,18 +2981,24 @@
if($ver > 2)
$ver = 0;
mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change advertising admin status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0)
+ if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locadmin'];
mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change location admin status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0)
+ if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation==TRUE)
{
csrf_check('admsetadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['admin']);
@@ -2768,42 +3006,57 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['admin'];
mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change SE status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0)
+ if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['general']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['general'];
mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change general status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0)
+ if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['country']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['country'];
mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change country status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0)
+ if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['regional']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['regional'];
mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change regional status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0)
+ if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['radius']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['radius'];
mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change radius status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
if($id == 50)
@@ -2827,25 +3080,52 @@
if($oldid == 50 && $process != "")
{
$_REQUEST['userid'] = intval($_REQUEST['userid']);
- $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'");
- if(mysql_num_rows($res) > 0)
- {
- $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01'
- WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
+ if (trim($_REQUEST['arbitrationno'])==""){
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not enter an arbitration number entry.");
+ showfooter();
+ exit;
+ }
+ if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
+ showfooter();
+ exit;
}
+ if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
+ showfooter();
+ exit;
+ }
+ if (check_client_cert_running($_REQUEST['userid'],1) ||
+ check_server_cert_running($_REQUEST['userid'],1) ||
+ check_gpg_cert_running($_REQUEST['userid'],1)) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("The CCA retention time for at least one certificate is not over. Can't continue."));
+ showfooter();
+ exit;
+ }
+ if (check_is_orgadmin($_REQUEST['userid'],1)) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("The user is listed as Organisation Administrator. Can't continue."));
+ showfooter();
+ exit;
+ }
+ account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
+ write_se_log($_REQUEST['userid'], $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno']));
+ }
+
+ if(($id == 51 || $id == 52 || $oldid == 52))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You don't have access to this area.\nThe Tverify programme is terminated as of 16th November 2010" );
+ showfooter();
+ exit;
}
+ /* this area not needed as the The Tverify programme is Terminated as of 16th November 2010
+
if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
{
showheader(_("My CAcert.org Account!"));
@@ -2853,7 +3133,6 @@
showfooter();
exit;
}
-
if($oldid == 52)
{
$uid = intval($_REQUEST['uid']);
@@ -2927,7 +3206,7 @@
while($row = mysql_fetch_assoc($res))
$body .= $row['comment']."\n";
$body .= "\n";
-
+
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
@@ -2948,7 +3227,7 @@
$body .= "\n";
$body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n";
-
+
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
@@ -2959,6 +3238,21 @@
showfooter();
exit;
}
+ */
+ if($id == 59){
+ if ($oldid == 43 && $_SESSION['profile']['admin'] == 1) {
+ write_se_log($_REQUEST['userid'], $_SESSION['profile']['id'], 'AD View account history', $_REQUEST['ticketno']);
+ $_SESSION['support']=1;
+ }ELSEIF ($oldid == 13 && $_REQUEST['userid'] == $_SESSION['profile']['id']){
+ $_SESSION['support']=0;
+ }ELSE{
+ showheader(_("My CAcert.org Account!"));
+ echo _("You do not have access to this page.");
+ showfooter();
+ exit;
+ }
+ }
+
if(intval($cert) > 0)
$_SESSION['_config']['cert'] = intval($cert);
@@ -2966,6 +3260,4 @@
$_SESSION['_config']['orgid'] = intval($orgid);
if(intval($memid) > 0)
$_SESSION['_config']['memid'] = intval($memid);
- if(intval($domid) > 0)
- $_SESSION['_config']['domid'] = intval($domid);
?>
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index 108bd57..dbebf6a 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -172,7 +172,7 @@ function hideall() {
</div>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('mydetails')">+ <?=_("My Details")?></h3>
- <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><?
+ <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("View/Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><?
if($_SESSION['profile']['id'] == 1 || $_SESSION['profile']['id'] == 5897)
echo "<li><a href='sqldump.php'>SQL Dump</a></li>";
?></ul>
@@ -209,7 +209,7 @@ function hideall() {
<ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul>
</div>
<? } ?>
-<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3>
<ul class="menu" id="orgadmin"><? if($_SESSION['profile']['orgadmin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul>
@@ -262,6 +262,7 @@ function hideall() {
<ul class="menu" id="advertising"><li><a href="advertising.php?id=1"><?=_("New Ad")?></a></li><li><a href="advertising.php?id=0"><?=_("View Ads")?></a></li></ul>
</div>
<? } ?>
+ <? include("about_menu.php"); ?>
</div>
<div id="content">
<div class="story">
@@ -280,365 +281,7 @@ function hideall() {
<div id="siteInfo"><a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="account.php?id=38"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
<a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a>
| &copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
-</div>
-</body>
+</div>
+</body>
</html><?
}
-
- /**
- * Produces a log entry with the error message with log level E_USER_WARN
- * and a random ID an returns a message that can be displayed to the user
- * including the generated ID
- *
- * @param $errormessage string
- * The error message that should be logged
- * @return string containing the generated ID that can be displayed to the
- * user
- */
- function failWithId($errormessage) {
- $errorId = rand();
- trigger_error("$errormessage. ID: $errorId", E_USER_WARNING);
- return sprintf(_("Something went wrong when processing your request. ".
- "Please contact %s for help and provide them with the ".
- "following ID: %d"),
- "<a href='mailto:support@cacert.org?subject=System%20Error%20-%20".
- "ID%3A%20$errorId'>support@cacert.org</a>",
- $errorId);
- }
-
- /**
- * Checks whether the given CSR contains a vulnerable key
- *
- * @param $csr string
- * The CSR to be checked
- * @param $encoding string [optional]
- * The encoding the CSR is in (for the "-inform" parameter of OpenSSL,
- * currently only "PEM" (default) or "DER" allowed)
- * @return string containing the reason if the key is considered weak,
- * empty string otherwise
- */
- function checkWeakKeyCSR($csr, $encoding = "PEM")
- {
- // non-PEM-encodings may be binary so don't use echo
- $descriptorspec = array(
- 0 => array("pipe", "r"), // STDIN for child
- 1 => array("pipe", "w"), // STDOUT for child
- );
- $encoding = escapeshellarg($encoding);
- $proc = proc_open("openssl req -inform $encoding -text -noout",
- $descriptorspec, $pipes);
-
- if (is_resource($proc))
- {
- fwrite($pipes[0], $csr);
- fclose($pipes[0]);
-
- $csrText = "";
- while (!feof($pipes[1]))
- {
- $csrText .= fread($pipes[1], 8192);
- }
- fclose($pipes[1]);
-
- if (($status = proc_close($proc)) !== 0 || $csrText === "")
- {
- return _("I didn't receive a valid Certificate Request, hit ".
- "the back button and try again.");
- }
- } else {
- return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
- }
-
-
- return checkWeakKeyText($csrText);
- }
-
- /**
- * Checks whether the given X509 certificate contains a vulnerable key
- *
- * @param $cert string
- * The X509 certificate to be checked
- * @param $encoding string [optional]
- * The encoding the certificate is in (for the "-inform" parameter of
- * OpenSSL, currently only "PEM" (default), "DER" or "NET" allowed)
- * @return string containing the reason if the key is considered weak,
- * empty string otherwise
- */
- function checkWeakKeyX509($cert, $encoding = "PEM")
- {
- // non-PEM-encodings may be binary so don't use echo
- $descriptorspec = array(
- 0 => array("pipe", "r"), // STDIN for child
- 1 => array("pipe", "w"), // STDOUT for child
- );
- $encoding = escapeshellarg($encoding);
- $proc = proc_open("openssl x509 -inform $encoding -text -noout",
- $descriptorspec, $pipes);
-
- if (is_resource($proc))
- {
- fwrite($pipes[0], $cert);
- fclose($pipes[0]);
-
- $certText = "";
- while (!feof($pipes[1]))
- {
- $certText .= fread($pipes[1], 8192);
- }
- fclose($pipes[1]);
-
- if (($status = proc_close($proc)) !== 0 || $certText === "")
- {
- return _("I didn't receive a valid Certificate Request, hit ".
- "the back button and try again.");
- }
- } else {
- return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
- }
-
-
- return checkWeakKeyText($certText);
- }
-
- /**
- * Checks whether the given SPKAC contains a vulnerable key
- *
- * @param $spkac string
- * The SPKAC to be checked
- * @param $spkacname string [optional]
- * The name of the variable that contains the SPKAC. The default is
- * "SPKAC"
- * @return string containing the reason if the key is considered weak,
- * empty string otherwise
- */
- function checkWeakKeySPKAC($spkac, $spkacname = "SPKAC")
- {
- /* Check for the debian OpenSSL vulnerability */
-
- $spkac = escapeshellarg($spkac);
- $spkacname = escapeshellarg($spkacname);
- $spkacText = `echo $spkac | openssl spkac -spkac $spkacname`;
- if ($spkacText === null) {
- return _("I didn't receive a valid Certificate Request, hit the ".
- "back button and try again.");
- }
-
- return checkWeakKeyText($spkacText);
- }
-
- /**
- * Checks whether the given text representation of a CSR or a SPKAC contains
- * a weak key
- *
- * @param $text string
- * The text representation of a key as output by the
- * "openssl <foo> -text -noout" commands
- * @return string containing the reason if the key is considered weak,
- * empty string otherwise
- */
- function checkWeakKeyText($text)
- {
- /* Which public key algorithm? */
- if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text,
- $algorithm))
- {
- return failWithId("checkWeakKeyText(): Couldn't extract the ".
- "public key algorithm used");
- } else {
- $algorithm = $algorithm[1];
- }
-
-
- if ($algorithm === "rsaEncryption")
- {
- if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text,
- $keysize))
- {
- return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
- "key size");
- } else {
- $keysize = intval($keysize[1]);
- }
-
- if ($keysize < 1024)
- {
- return sprintf(_("The keys that you use are very small ".
- "and therefore insecure. Please generate stronger ".
- "keys. More information about this issue can be ".
- "found in %sthe wiki%s"),
- "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
- "</a>");
- } elseif ($keysize < 2048) {
- // not critical but log so we have some statistics about
- // affected users
- trigger_error("checkWeakKeyText(): Certificate for small ".
- "key (< 2048 bit) requested", E_USER_NOTICE);
- }
-
-
- $debianVuln = checkDebianVulnerability($text, $keysize);
- if ($debianVuln === true)
- {
- return sprintf(_("The keys you use have very likely been ".
- "generated with a vulnerable version of OpenSSL which ".
- "was distributed by debian. Please generate new keys. ".
- "More information about this issue can be found in ".
- "%sthe wiki%s"),
- "<a href='//wiki.cacert.org/WeakKeys#DebianVulnerability'>",
- "</a>");
- } elseif ($debianVuln === false) {
- // not vulnerable => do nothing
- } else {
- return failWithId("checkWeakKeyText(): Something went wrong in".
- "checkDebianVulnerability()");
- }
-
- if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text,
- $exponent))
- {
- return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
- "exponent");
- } else {
- $exponent = $exponent[1]; // exponent might be very big =>
- //handle as string using bc*()
-
- if (bccomp($exponent, "3") === 0)
- {
- return sprintf(_("The keys you use might be insecure. ".
- "Although there is currently no known attack for ".
- "reasonable encryption schemes, we're being ".
- "cautious and don't allow certificates for such ".
- "keys. Please generate stronger keys. More ".
- "information about this issue can be found in ".
- "%sthe wiki%s"),
- "<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>",
- "</a>");
- } elseif (!(bccomp($exponent, "65537") >= 0 &&
- (bccomp($exponent, "100000") === -1 ||
- // speed things up if way smaller than 2^256
- bccomp($exponent, bcpow("2", "256")) === -1) )) {
- // 65537 <= exponent < 2^256 recommended by NIST
- // not critical but log so we have some statistics about
- // affected users
- trigger_error("checkWeakKeyText(): Certificate for ".
- "unsuitable exponent '$exponent' requested",
- E_USER_NOTICE);
- }
- }
- }
-
- /* No weakness found */
- return "";
- }
-
- /**
- * Reimplement the functionality of the openssl-vulnkey tool
- *
- * @param $text string
- * The text representation of a key as output by the
- * "openssl <foo> -text -noout" commands
- * @param $keysize int [optional]
- * If the key size is already known it can be provided so it doesn't
- * have to be parsed again. This also skips the check whether the key
- * is an RSA key => use wisely
- * @return TRUE if key is vulnerable, FALSE otherwise, NULL in case of error
- */
- function checkDebianVulnerability($text, $keysize = 0)
- {
- $keysize = intval($keysize);
-
- if ($keysize === 0)
- {
- /* Which public key algorithm? */
- if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text,
- $algorithm))
- {
- trigger_error("checkDebianVulnerability(): Couldn't extract ".
- "the public key algorithm used", E_USER_WARNING);
- return null;
- } else {
- $algorithm = $algorithm[1];
- }
-
- if ($algorithm !== "rsaEncryption") return false;
-
- /* Extract public key size */
- if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text,
- $keysize))
- {
- trigger_error("checkDebianVulnerability(): Couldn't parse the ".
- "RSA key size", E_USER_WARNING);
- return null;
- } else {
- $keysize = intval($keysize[1]);
- }
- }
-
- // $keysize has been made sure to contain an int
- $blacklist = "/usr/share/openssl-blacklist/blacklist.RSA-$keysize";
- if (!(is_file($blacklist) && is_readable($blacklist)))
- {
- if (in_array($keysize, array(512, 1024, 2048, 4096)))
- {
- trigger_error("checkDebianVulnerability(): Blacklist for ".
- "$keysize bit keys not accessible. Expected at ".
- "$blacklist", E_USER_ERROR);
- return null;
- }
-
- trigger_error("checkDebianVulnerability(): $blacklist is not ".
- "readable. Unsupported key size?", E_USER_WARNING);
- return false;
- }
-
-
- /* Extract RSA modulus */
- if (!preg_match('/^\s*Modulus \(\d+ bit\):\n'.
- '((?:\s*[0-9a-f][0-9a-f]:(?:\n)?)+[0-9a-f][0-9a-f])$/m',
- $text, $modulus))
- {
- trigger_error("checkDebianVulnerability(): Couldn't extract the ".
- "RSA modulus", E_USER_WARNING);
- return null;
- } else {
- $modulus = $modulus[1];
- // strip whitespace and colon leftovers
- $modulus = str_replace(array(" ", "\t", "\n", ":"), "", $modulus);
-
- // when using "openssl xxx -text" first byte was 00 in all my test
- // cases but 00 not present in the "openssl xxx -modulus" output
- if ($modulus[0] === "0" && $modulus[1] === "0")
- {
- $modulus = substr($modulus, 2);
- } else {
- trigger_error("checkDebianVulnerability(): First byte is not ".
- "zero", E_USER_NOTICE);
- }
-
- $modulus = strtoupper($modulus);
- }
-
-
- /* calculate checksum and look it up in the blacklist */
- $checksum = substr(sha1("Modulus=$modulus\n"), 20);
-
- // $checksum and $blacklist should be safe, but just to make sure
- $checksum = escapeshellarg($checksum);
- $blacklist = escapeshellarg($blacklist);
- exec("grep $checksum $blacklist", $dummy, $debianVuln);
- if ($debianVuln === 0) // grep returned something => it is on the list
- {
- return true;
- } elseif ($debianVuln === 1) { // grep returned nothing
- return false;
- } else {
- trigger_error("checkDebianVulnerability(): Something went wrong ".
- "when looking up the key with checksum $checksum in the ".
- "blacklist $blacklist", E_USER_ERROR);
- return null;
- }
-
- // Should not get here
- return null;
- }
-?>
diff --git a/includes/general.php b/includes/general.php
index 8481018..d89c0e6 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -15,13 +15,16 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+
+ require_once(dirname(__FILE__)."/lib/general.php");
+
session_name("cacert");
session_start();
- session_register("_config");
- session_register("profile");
- session_register("signup");
- session_register("lostpw");
+// session_register("_config");
+// session_register("profile");
+// session_register("signup");
+// session_register("lostpw");
// if($_SESSION['profile']['id'] > 0)
// session_regenerate_id();
@@ -39,6 +42,7 @@
require_once($_SESSION['_config']['filepath']."/includes/mysql.php");
require_once($_SESSION['_config']['filepath'].'/includes/lib/account.php');
+ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
if(array_key_exists('HTTP_HOST',$_SERVER) &&
$_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] &&
@@ -70,122 +74,8 @@
}
}
- $lang = "";
- if(array_key_exists("lang",$_REQUEST))
- $lang=mysql_escape_string(substr(trim($_REQUEST['lang']), 0, 5));
- if($lang != "")
- $_SESSION['_config']['language'] = $lang;
-
- //if($_SESSION['profile']['id'] == 1 && 1 == 2)
- // echo $_SESSION['_config']['language'];
-
- $_SESSION['_config']['translations'] = array(
- "ar_JO" => "&#1575;&#1604;&#1593;&#1585;&#1576;&#1610;&#1577;",
- "bg_BG" => "&#1041;&#1098;&#1083;&#1075;&#1072;&#1088;&#1089;&#1082;&#1080;",
- "cs_CZ" => "&#268;e&scaron;tina",
- "da_DK" => "Dansk",
- "de_DE" => "Deutsch",
- "el_GR" => "&Epsilon;&lambda;&lambda;&eta;&nu;&iota;&kappa;&#940;",
- "en_AU" => "English",
- "eo_EO" => "Esperanto",
- "es_ES" => "Espa&#xf1;ol",
- "fa_IR" => "Farsi",
- "fi_FI" => "Suomi",
- "fr_FR" => "Fran&#xe7;ais",
- "he_IL" => "&#1506;&#1489;&#1512;&#1497;&#1514;",
- "hr_HR" => "Hrvatski",
- "hu_HU" => "Magyar",
- "is_IS" => "&Iacute;slenska",
- "it_IT" => "Italiano",
- "ja_JP" => "&#26085;&#26412;&#35486;",
- "ka_GE" => "Georgian",
- "nl_NL" => "Nederlands",
- "pl_PL" => "Polski",
- "pt_PT" => "Portugu&#xea;s",
- "pt_BR" => "Portugu&#xea;s Brasileiro",
- "ru_RU" => "&#x420;&#x443;&#x441;&#x441;&#x43a;&#x438;&#x439;",
- "ro_RO" => "Rom&acirc;n&#259;",
- "sv_SE" => "Svenska",
- "tr_TR" => "T&#xfc;rk&#xe7;e",
- "zh_CN" => "&#x4e2d;&#x6587;(&#x7b80;&#x4f53;)");
-
- $value=array();
-
- if(!(array_key_exists('language',$_SESSION['_config']) && $_SESSION['_config']['language'] != ""))
- {
- $bits = explode(",", strtolower(str_replace(" ", "", mysql_real_escape_string(array_key_exists('HTTP_ACCEPT_LANGUAGE',$_SERVER)?$_SERVER['HTTP_ACCEPT_LANGUAGE']:""))));
- foreach($bits as $lang)
- {
- $b = explode(";", $lang);
- if(count($b)>1 && substr($b[1], 0, 2) == "q=")
- $c = floatval(substr($b[1], 2));
- else
- $c = 1;
- $value["$c"] = trim($b[0]);
- }
-
- krsort($value);
-
- reset($value);
-
- foreach($value as $key => $val)
- {
- $val = substr(escapeshellarg($val), 1, -1);
- $short = substr($val, 0, 2);
- if($val == "en" || $short == "en")
- {
- $_SESSION['_config']['language'] = "en";
- break;
- }
- if(file_exists($_SESSION['_config']['filepath']."/locale/$val/LC_MESSAGES/messages.mo"))
- {
- $_SESSION['_config']['language'] = $val;
- break;
- }
- if(file_exists($_SESSION['_config']['filepath']."/locale/$short/LC_MESSAGES/messages.mo"))
- {
- $_SESSION['_config']['language'] = $short;
- break;
- }
- }
- }
- if(!array_key_exists('_config',$_SESSION) || !array_key_exists('language',$_SESSION['_config']) || strlen($_SESSION['_config']['language']) != 5)
- {
- $lang = array_key_exists('language',$_SESSION['_config'])?$_SESSION['_config']['language']:"";
- $_SESSION['_config']['language'] = "en_AU";
- foreach($_SESSION['_config']['translations'] as $key => $val)
- {
- if(substr($lang, 0, 2) == substr($key, 0, 2))
- {
- $_SESSION['_config']['language'] = $val;
- break;
- }
- }
- }
-
- $_SESSION['_config']['recode'] = "html..latin-1";
- if($_SESSION['_config']['language'] == "zh_CN")
- {
- $_SESSION['_config']['recode'] = "html..gb2312";
- } else if($_SESSION['_config']['language'] == "pl_PL" || $_SESSION['_config']['language'] == "hu_HU") {
- $_SESSION['_config']['recode'] = "html..ISO-8859-2";
- } else if($_SESSION['_config']['language'] == "ja_JP") {
- $_SESSION['_config']['recode'] = "html..SHIFT-JIS";
- } else if($_SESSION['_config']['language'] == "ru_RU") {
- $_SESSION['_config']['recode'] = "html..ISO-8859-5";
- } else if($_SESSION['_config']['language'] == "lt_LT") {
- $_SESSION['_config']['recode'] = "html..ISO-8859-13";
- }
-
- putenv("LANG=".$_SESSION['_config']['language']);
- setlocale(LC_ALL, $_SESSION['_config']['language']);
- $domain = 'messages';
- bindtextdomain($domain, $_SESSION['_config']['filepath']."/locale");
- textdomain($domain);
-
- //if($_SESSION['profile']['id'] == -1)
- // echo $_SESSION['_config']['language']." - ".$_SESSION['_config']['filepath']."/locale";
-
+ L10n::detect_language();
+ L10n::init_gettext();
if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0)
{
@@ -328,7 +218,8 @@
//echo "Points due to name matches: $points<br/>";
- $do = `grep '$pwd' /usr/share/dict/american-english`;
+ $shellpwd = escapeshellarg($pwd);
+ $do = `grep $shellpwd /usr/share/dict/american-english`;
if($do)
$points--;
@@ -600,10 +491,6 @@
return(0);
}
- if($points >= 300)
- return(200);
- if($points >= 200)
- return(150);
if($points >= 150)
return(35);
if($points >= 140)
@@ -632,14 +519,6 @@
return(utf8_decode($data));
}
- function screenshot($img)
- {
- if(file_exists("../screenshots/".$_SESSION['_config']['language']."/$img"))
- return("/screenshots/".$_SESSION['_config']['language']."/$img");
- else
- return("/screenshots/en/$img");
- }
-
function signmail($to, $subject, $message, $from, $replyto = "")
{
if($replyto == "")
@@ -657,17 +536,22 @@
$myemail = mysql_real_escape_string($email);
if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
{
- list($username,$domain)=split('@',$email);
+ list($username,$domain)=explode('@',$email,2);
$dom = escapeshellarg($domain);
$line = trim(`dig +short MX $dom 2>&1`);
#echo $email."-$dom-$line-\n";
#echo `dig +short mx heise.de 2>&1`."-<br>\n";
$list = explode("\n", $line);
- foreach($list as $row)
- list($pri, $mxhosts[]) = explode(" ", substr(trim($row), 0, -1));
+ foreach($list as $row) {
+ if(!strstr($row, " ")) {
+ continue;
+ }
+ list($pri, $mxhosts[]) = explode(" ", trim($row), 2);
+ }
$mxhosts[] = $domain;
-#print_r($mxhosts); die;
+ array_walk($mxhosts, function(&$mx) { $mx = trim($mx, '.'); } );
+
foreach($mxhosts as $key => $domain)
{
$fp = @fsockopen($domain,25,$errno,$errstr,5);
@@ -849,37 +733,7 @@
return($text);
}
- // returns 0 if $userID is an Assurer
- // Otherwise :
- // Bit 0 is always set
- // Bit 1 is set if 100 Assurance Points are not reached
- // Bit 2 is set if Assurer Test is missing
- // Bit 3 is set if the user is not allowed to be an Assurer (assurer_blocked > 0)
- function get_assurer_status($userID)
- {
- $Result = 0;
- $query = mysql_query('SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '.
- ' WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = \''.(int)intval($userID).'\'');
- if(mysql_num_rows($query) < 1)
- {
- $Result |= 5;
- }
-
- $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now()');
- $row = mysql_fetch_assoc($query);
- if ($row['points'] < 100) {
- $Result |= 3;
- }
-
- $query = mysql_query('SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\'');
- $row = mysql_fetch_assoc($query);
- if ($row['assurer_blocked'] > 0) {
- $Result |= 9;
- }
-
- return $Result;
- }
-
+
// returns text message to be shown to the user given the result of is_no_assurer
function no_assurer_text($Status)
{
@@ -948,4 +802,5 @@
return $res;
}
+
?>
diff --git a/includes/general_stuff.php b/includes/general_stuff.php
index 80cd8a7..4c1bd30 100644
--- a/includes/general_stuff.php
+++ b/includes/general_stuff.php
@@ -16,6 +16,8 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
+
if(!function_exists("showheader"))
{
function showbodycontent($title = "CAcert.org", $title2 = "")
@@ -60,7 +62,7 @@ google_color_border = "FFFFFF";
<? include("about_menu.php"); ?>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('trans')">+ <?=_("Translations")?></h3>
- <ul class="menu" id="trans"><? foreach($_SESSION['_config']['translations'] as $key => $val) { ?><li><a href="<?=$_SERVER['SCRIPT_NAME']?>?id=<?=intval(array_key_exists('id',$_REQUEST)?$_REQUEST['id']:0)?>&amp;lang=<?=$key?>"><?=$val?></a></li><? } ?></ul>
+ <ul class="menu" id="trans"><? foreach(L10n::$translations as $key => $val) { ?><li><a href="<?=$_SERVER['SCRIPT_NAME']?>?id=<?=intval(array_key_exists('id',$_REQUEST)?$_REQUEST['id']:0)?>&amp;lang=<?=$key?>"><?=$val?></a></li><? } ?></ul>
</div>
<? if(array_key_exists('mconn',$_SESSION) && $_SESSION['mconn']) { ?>
<div class="relatedLinks">
diff --git a/includes/keygen.php b/includes/keygen.php
new file mode 100644
index 0000000..2713a81
--- /dev/null
+++ b/includes/keygen.php
@@ -0,0 +1,128 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
+
+ <noscript>
+ <p><?=_('You have to enable JavaScript to generate certificates in the browser.')?></p>
+ <p><?=_('If you don\'t want to do that for any reason, you can use '.
+ 'manually created certificate requests instead.')?></p>
+ </noscript>
+
+ <div id="noActiveX" style="color:red">
+ <p><?=_('Could not initialize ActiveX object required for certificate generation.')?></p>
+ <p><?=_('You have to enable ActiveX for this to work. On Windows Vista, Windows 7 and '.
+ 'later versions you have to add this website to the list of trusted sites '.
+ 'in the internet settings.')?></p>
+ <p><?php
+ printf(_('Go to "Extras -> Internet Options -> Security -> Trusted '.
+ 'Websites", click on "Custom Level", set "ActiveX control '.
+ 'elements that are not marked as safe initialized on start in '.
+ 'scripts" to "Confirm" and click "OK". Now click "Sites", add '.
+ '"%s" and "%s" to your list of trusted sites and make the '.
+ 'changes come into effect by clicking "Close" and "OK".'),
+ 'https://'.$_SESSION['_config']['normalhostname'],
+ 'https://'.$_SESSION['_config']['securehostname'])?>
+ </p>
+ </div>
+
+ <form method="post" style="display:none" action="account.php"
+ id="CertReqForm">
+ <input type="hidden" name="oldid" value="<?=intval($id)?>" />
+ <input type="hidden" id="CSR" name="CSR" />
+ <input type="hidden" name="keytype" value="MS" />
+
+ <p><?=_('Security level')?>:
+ <select id="SecurityLevel">
+ <option value="high" selected="selected"><?=_('High')?></option>
+ <option value="medium"><?=_('Medium')?></option>
+ <option value="custom"><?=_('Custom')?>&hellip;</option>
+ </select>
+ </p>
+
+ <fieldset id="customSettings" style="display:none">
+ <legend><?=_('Custom Parameters')?></legend>
+
+ <p><?=_('Cryptography Provider')?>:
+ <select id="CspProvider"></select>
+ </p>
+ <p><?=_('Algorithm')?>: <select id="algorithm"></select></p>
+ <p><?=_('Keysize')?>:
+ <input id="keySize" type="number" />
+ <?=_('Minimum Size')?>: <span id="keySizeMin"></span>,
+ <?=_('Maximum Size')?>: <span id="keySizeMax"></span>,
+ <?php
+ // TRANSLATORS: this specifies the step between two valid key
+ // sizes. E.g. if the step is 512 and the minimum is 1024 and
+ // the maximum is 2048, then only 1024, 1536 and 2048 bits may
+ // be specified as key size.
+ echo _('Step')?>: <span id="keySizeStep"></span></p>
+ <p style="color:red"><?php
+ printf(_('Please note that RSA key sizes smaller than %d bit '.
+ 'will not be accepted by CAcert.'),
+ 2048)?>
+ </p>
+ </fieldset>
+
+ <p><input type="submit" id="GenReq" name="GenReq" value="<?=_('Create Certificate')?>" /></p>
+ <p id="generatingKeyNotice" style="display:none">
+ <?=_('Generating your key. Please wait')?>&hellip;</p>
+ </form>
+
+ <!-- Error messages used in the JavaScript. Defined here so they can be
+ translated without passing the JavaScript code through PHP -->
+ <p id="createRequestErrorChooseAlgorithm" style="display:none">
+ <?=_('Could not generate certificate request. Probably you need to '.
+ 'choose a different algorithm.')?>
+ </p>
+ <p id="createRequestErrorConfirmDialogue" style="display:none">
+ <?=_('Could not generate certificate request. Please confirm the '.
+ 'dialogue if you are asked if you want to generate the key.')?>
+ </p>
+ <p id="createRequestErrorConnectDevice" style="display:none">
+ <?=_('Could not generate certificate request. Please make sure the '.
+ 'cryptography device (e.g. the smartcard) is connected.')?>
+ </p>
+ <p id="createRequestError" style="display:none">
+ <?=_('Could not generate certificate request.')?>
+ </p>
+ <p id="invalidKeySizeError" style="display:none">
+ <?=_('You have specified an invalid key size')?>
+ </p>
+ <p id="unsupportedPlatformError" style="display:none">
+ <?=_('Could not initialize the cryptographic module for your '.
+ 'platform. Currently we support Microsoft Windows XP, Vista '.
+ 'and 7. If you\'re using one of these platforms and see this '.
+ 'error message anyway you might have to enable ActiveX as '.
+ 'described in the red explanation text and accept loading of '.
+ 'the module.')?>
+ </p>
+
+ <script type="text/javascript" src="keygenIE.js"></script>
+
+<? } else { ?>
+ <p>
+ <form method="post" action="account.php">
+ <input type="hidden" name="keytype" value="NS">
+ <?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
+
+ <input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
+ <input type="hidden" name="oldid" value="<?=intval($id)?>">
+ </form>
+ </p>
+<? }
diff --git a/includes/lib/account.php b/includes/lib/account.php
index f7a24fa..e311668 100644
--- a/includes/lib/account.php
+++ b/includes/lib/account.php
@@ -17,32 +17,79 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-function fix_assurer_flag($userID)
+/**
+ * Function to recalculate the cached Assurer status
+ *
+ * @param int $userID
+ * if the user ID is not given the flag will be recalculated for all users
+ *
+ * @return bool
+ * false if there was an error on fixing the flag. This does NOT return the
+ * new value of the flag
+ */
+function fix_assurer_flag($userID = NULL)
{
- // Update Assurer-Flag on users table if 100 points.
- // Should the number of points be SUM(points) or SUM(awarded)?
- $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE '.
- '`u`.`id` = \''.(int)intval($userID).'\' AND '.
- 'EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv` '.
- 'WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND '.
- '`cp`.`user_id` = `u`.`id`) AND '.
- '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '.
- 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) >= 100');
- // Challenge has been passed and non-expired points >= 100
+ // Update Assurer-Flag on users table if 100 points and CATS passed.
+ //
+ // We may have some performance issues here if no userID is given
+ // there are ~150k assurances and ~220k users currently
+ // but the exists-clause on cats_passed should be a good filter
+ $sql = '
+ UPDATE `users` AS `u` SET `assurer` = 1
+ WHERE '.(
+ ($userID === NULL) ?
+ '`u`.`assurer` = 0' :
+ '`u`.`id` = \''.intval($userID).'\''
+ ).'
+ AND EXISTS(
+ SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv`
+ WHERE `cp`.`variant_id` = `cv`.`id`
+ AND `cv`.`type_id` = 1
+ AND `cp`.`user_id` = `u`.`id`
+ )
+ AND (
+ SELECT SUM(`points`) FROM `notary` AS `n`
+ WHERE `n`.`to` = `u`.`id`
+ AND (`n`.`expire` > now()
+ OR `n`.`expire` IS NULL)
+ ) >= 100';
+ $query = mysql_query($sql);
if (!$query) {
return false;
}
-
+ // Challenge has been passed and non-expired points >= 100
+
// Reset flag if requirements are not met
- $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE '.
- '`u`.`id` = \''.(int)intval($userID).'\' AND '.
- '(NOT EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS '.
- '`cv` WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 '.
- 'AND `cp`.`user_id` = `u`.`id`) OR '.
- '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '.
- 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100)');
+ //
+ // Also a bit performance critical but assurer flag is only set on
+ // ~5k accounts
+ $sql = '
+ UPDATE `users` AS `u` SET `assurer` = 0
+ WHERE '.(
+ ($userID === NULL) ?
+ '`u`.`assurer` <> 0' :
+ '`u`.`id` = \''.intval($userID).'\''
+ ).'
+ AND (
+ NOT EXISTS(
+ SELECT 1 FROM `cats_passed` AS `cp`,
+ `cats_variant` AS `cv`
+ WHERE `cp`.`variant_id` = `cv`.`id`
+ AND `cv`.`type_id` = 1
+ AND `cp`.`user_id` = `u`.`id`
+ )
+ OR (
+ SELECT SUM(`points`) FROM `notary` AS `n`
+ WHERE `n`.`to` = `u`.`id`
+ AND (
+ `n`.`expire` > now()
+ OR `n`.`expire` IS NULL
+ )
+ ) < 100
+ )';
+ $query = mysql_query($sql);
if (!$query) {
return false;
}
diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php
new file mode 100644
index 0000000..217b885
--- /dev/null
+++ b/includes/lib/check_weak_key.php
@@ -0,0 +1,318 @@
+<?php /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+// failWithId()
+require_once 'general.php';
+
+
+/**
+* Checks whether the given CSR contains a vulnerable key
+*
+* @param $csr string
+* The CSR to be checked
+* @param $encoding string [optional]
+* The encoding the CSR is in (for the "-inform" parameter of OpenSSL,
+* currently only "PEM" (default) or "DER" allowed)
+* @return string containing the reason if the key is considered weak,
+* empty string otherwise
+*/
+function checkWeakKeyCSR($csr, $encoding = "PEM")
+{
+ $encoding = escapeshellarg($encoding);
+ $status = runCommand("openssl req -inform $encoding -text -noout",
+ $csr, $csrText);
+ if ($status === true) {
+ return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
+ }
+
+ if ($status !== 0 || $csrText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit ".
+ "the back button and try again.");
+ }
+
+ return checkWeakKeyText($csrText);
+}
+
+/**
+ * Checks whether the given X509 certificate contains a vulnerable key
+ *
+ * @param $cert string
+ * The X509 certificate to be checked
+ * @param $encoding string [optional]
+ * The encoding the certificate is in (for the "-inform" parameter of
+ * OpenSSL, currently only "PEM" (default), "DER" or "NET" allowed)
+ * @return string containing the reason if the key is considered weak,
+ * empty string otherwise
+ */
+function checkWeakKeyX509($cert, $encoding = "PEM")
+{
+ $encoding = escapeshellarg($encoding);
+ $status = runCommand("openssl x509 -inform $encoding -text -noout",
+ $cert, $certText);
+ if ($status === true) {
+ return failWithId("checkWeakKeyX509(): Failed to start OpenSSL");
+ }
+
+ if ($status !== 0 || $certText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit ".
+ "the back button and try again.");
+ }
+
+ return checkWeakKeyText($certText);
+}
+
+/**
+ * Checks whether the given SPKAC contains a vulnerable key
+ *
+ * @param $spkac string
+ * The SPKAC to be checked
+ * @param $spkacname string [optional]
+ * The name of the variable that contains the SPKAC. The default is
+ * "SPKAC"
+ * @return string containing the reason if the key is considered weak,
+ * empty string otherwise
+ */
+function checkWeakKeySPKAC($spkac, $spkacname = "SPKAC")
+{
+ $spkacname = escapeshellarg($spkacname);
+ $status = runCommand("openssl spkac -spkac $spkacname", $spkac, $spkacText);
+ if ($status === true) {
+ return failWithId("checkWeakKeySPKAC(): Failed to start OpenSSL");
+ }
+
+ if ($status !== 0 || $spkacText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit the ".
+ "back button and try again.");
+ }
+
+ return checkWeakKeyText($spkacText);
+}
+
+/**
+ * Checks whether the given text representation of a CSR or a SPKAC contains
+ * a weak key
+ *
+ * @param $text string
+ * The text representation of a key as output by the
+ * "openssl <foo> -text -noout" commands
+ * @return string containing the reason if the key is considered weak,
+ * empty string otherwise
+ */
+function checkWeakKeyText($text)
+{
+ /* Which public key algorithm? */
+ if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text,
+ $algorithm))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't extract the ".
+ "public key algorithm used.\nData:\n$text");
+ } else {
+ $algorithm = $algorithm[1];
+ }
+
+
+ if ($algorithm === "rsaEncryption")
+ {
+ if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text,
+ $keysize))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
+ "key size.\nData:\n$text");
+ } else {
+ $keysize = intval($keysize[1]);
+ }
+
+ if ($keysize < 2048)
+ {
+ return sprintf(_("The keys that you use are very small ".
+ "and therefore insecure. Please generate stronger ".
+ "keys. More information about this issue can be ".
+ "found in %sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
+ "</a>");
+ }
+
+
+ $debianVuln = checkDebianVulnerability($text, $keysize);
+ if ($debianVuln === true)
+ {
+ return sprintf(_("The keys you use have very likely been ".
+ "generated with a vulnerable version of OpenSSL which ".
+ "was distributed by debian. Please generate new keys. ".
+ "More information about this issue can be found in ".
+ "%sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#DebianVulnerability'>",
+ "</a>");
+ } elseif ($debianVuln === false) {
+ // not vulnerable => do nothing
+ } else {
+ return failWithId("checkWeakKeyText(): Something went wrong in".
+ "checkDebianVulnerability().\nKeysize: $keysize\n".
+ "Data:\n$text");
+ }
+
+ if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text,
+ $exponent))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
+ "exponent.\nData:\n$text");
+ } else {
+ $exponent = $exponent[1]; // exponent might be very big =>
+ //handle as string using bc*()
+
+ if (bccomp($exponent, "3") === 0)
+ {
+ return sprintf(_("The keys you use might be insecure. ".
+ "Although there is currently no known attack for ".
+ "reasonable encryption schemes, we're being ".
+ "cautious and don't allow certificates for such ".
+ "keys. Please generate stronger keys. More ".
+ "information about this issue can be found in ".
+ "%sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>",
+ "</a>");
+ } elseif (!(bccomp($exponent, "65537") >= 0 &&
+ (bccomp($exponent, "100000") === -1 ||
+ // speed things up if way smaller than 2^256
+ bccomp($exponent, bcpow("2", "256")) === -1) )) {
+ // 65537 <= exponent < 2^256 recommended by NIST
+ // not critical but log so we have some statistics about
+ // affected users
+ trigger_error("checkWeakKeyText(): Certificate for ".
+ "unsuitable exponent '$exponent' requested",
+ E_USER_NOTICE);
+ }
+ }
+ }
+
+ /* No weakness found */
+ return "";
+}
+
+/**
+ * Reimplement the functionality of the openssl-vulnkey tool
+ *
+ * @param $text string
+ * The text representation of a key as output by the
+ * "openssl <foo> -text -noout" commands
+ * @param $keysize int [optional]
+ * If the key size is already known it can be provided so it doesn't
+ * have to be parsed again. This also skips the check whether the key
+ * is an RSA key => use wisely
+ * @return TRUE if key is vulnerable, FALSE otherwise, NULL in case of error
+ */
+function checkDebianVulnerability($text, $keysize = 0)
+{
+ $keysize = intval($keysize);
+
+ if ($keysize === 0)
+ {
+ /* Which public key algorithm? */
+ if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text,
+ $algorithm))
+ {
+ trigger_error("checkDebianVulnerability(): Couldn't extract ".
+ "the public key algorithm used.\nData:\n$text",
+ E_USER_WARNING);
+ return null;
+ } else {
+ $algorithm = $algorithm[1];
+ }
+
+ if ($algorithm !== "rsaEncryption") return false;
+
+ /* Extract public key size */
+ if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text,
+ $keysize))
+ {
+ trigger_error("checkDebianVulnerability(): Couldn't parse the ".
+ "RSA key size.\nData:\n$text", E_USER_WARNING);
+ return null;
+ } else {
+ $keysize = intval($keysize[1]);
+ }
+ }
+
+ // $keysize has been made sure to contain an int
+ $blacklist = "/usr/share/openssl-blacklist/blacklist.RSA-$keysize";
+ if (!(is_file($blacklist) && is_readable($blacklist)))
+ {
+ if (in_array($keysize, array(512, 1024, 2048, 4096)))
+ {
+ trigger_error("checkDebianVulnerability(): Blacklist for ".
+ "$keysize bit keys not accessible. Expected at ".
+ "$blacklist", E_USER_ERROR);
+ return null;
+ }
+
+ trigger_error("checkDebianVulnerability(): $blacklist is not ".
+ "readable. Unsupported key size?", E_USER_WARNING);
+ return false;
+ }
+
+
+ /* Extract RSA modulus */
+ if (!preg_match('/^\s*Modulus \(\d+ bit\):\n'.
+ '((?:\s*[0-9a-f][0-9a-f]:(?:\n)?)+[0-9a-f][0-9a-f])$/m',
+ $text, $modulus))
+ {
+ trigger_error("checkDebianVulnerability(): Couldn't extract the ".
+ "RSA modulus.\nData:\n$text", E_USER_WARNING);
+ return null;
+ } else {
+ $modulus = $modulus[1];
+ // strip whitespace and colon leftovers
+ $modulus = str_replace(array(" ", "\t", "\n", ":"), "", $modulus);
+
+ // when using "openssl xxx -text" first byte was 00 in all my test
+ // cases but 00 not present in the "openssl xxx -modulus" output
+ if ($modulus[0] === "0" && $modulus[1] === "0")
+ {
+ $modulus = substr($modulus, 2);
+ } else {
+ trigger_error("checkDebianVulnerability(): First byte is not ".
+ "zero", E_USER_NOTICE);
+ }
+
+ $modulus = strtoupper($modulus);
+ }
+
+
+ /* calculate checksum and look it up in the blacklist */
+ $checksum = substr(sha1("Modulus=$modulus\n"), 20);
+
+ // $checksum and $blacklist should be safe, but just to make sure
+ $checksum = escapeshellarg($checksum);
+ $blacklist = escapeshellarg($blacklist);
+ $debianVuln = runCommand("grep $checksum $blacklist");
+ if ($debianVuln === 0) // grep returned something => it is on the list
+ {
+ return true;
+ } elseif ($debianVuln === 1) {
+ // grep returned nothing
+ return false;
+ } else {
+ trigger_error("checkDebianVulnerability(): Something went wrong ".
+ "when looking up the key with checksum $checksum in the ".
+ "blacklist $blacklist", E_USER_ERROR);
+ return null;
+ }
+
+ // Should not get here
+ return null;
+}
diff --git a/includes/lib/general.php b/includes/lib/general.php
index 25d2561..85b132d 100644
--- a/includes/lib/general.php
+++ b/includes/lib/general.php
@@ -47,4 +47,117 @@ function get_user_id_from_cert($serial, $issuer_cn)
return -1;
}
-?>
+/**
+ * Produces a log entry with the error message with log level E_USER_WARN
+ * and a random ID an returns a message that can be displayed to the user
+ * including the generated ID
+ *
+ * @param $errormessage string
+ * The error message that should be logged
+ * @return string containing the generated ID that can be displayed to the
+ * user
+ */
+function failWithId($errormessage) {
+ $errorId = rand();
+ trigger_error("$errormessage. ID: $errorId", E_USER_WARNING);
+ return sprintf(_("Something went wrong when processing your request. ".
+ "Please contact %s for help and provide them with the ".
+ "following ID: %d"),
+ "<a href='mailto:support@cacert.org?subject=System%20Error%20-%20".
+ "ID%3A%20$errorId'>support@cacert.org</a>",
+ $errorId);
+}
+
+
+/**
+ * Runs a command on the shell and return it's exit code and output
+ *
+ * @param string $command
+ * The command to run. Make sure that you escapeshellarg() any non-constant
+ * parts as this is executed on a shell!
+ * @param string|bool $input
+ * The input that is passed to the command via STDIN, if true the real
+ * STDIN is passed through
+ * @param string|bool $output
+ * The output the command wrote to STDOUT (this is passed as reference),
+ * if true the output will be written to the real STDOUT. Output is ignored
+ * by default
+ * @param string|bool $errors
+ * The output the command wrote to STDERR (this is passed as reference),
+ * if true (default) the output will be written to the real STDERR
+ *
+ * @return int|bool
+ * The exit code of the command, true if the execution of the command
+ * failed (true because then
+ * <code>if (runCommand('echo "foo"')) handle_error();</code> will work)
+ */
+function runCommand($command, $input = "", &$output = null, &$errors = true) {
+ $descriptorspec = array();
+
+ if ($input !== true) {
+ $descriptorspec[0] = array("pipe", "r"); // STDIN for child
+ }
+
+ if ($output !== true) {
+ $descriptorspec[1] = array("pipe", "w"); // STDOUT for child
+ }
+
+ if ($errors !== true) {
+ $descriptorspec[2] = array("pipe", "w"); // STDERR for child
+ }
+
+ $proc = proc_open($command, $descriptorspec, $pipes);
+
+ if (is_resource($proc))
+ {
+ if ($input !== true) {
+ fwrite($pipes[0], $input);
+ fclose($pipes[0]);
+ }
+
+ if ($output !== true) {
+ $output = stream_get_contents($pipes[1]);
+ }
+
+ if ($errors !== true) {
+ $errors = stream_get_contents($pipes[2]);
+ }
+
+ return proc_close($proc);
+
+ } else {
+ return true;
+ }
+}
+
+ // returns 0 if $userID is an Assurer
+ // Otherwise :
+ // Bit 0 is always set
+ // Bit 1 is set if 100 Assurance Points are not reached
+ // Bit 2 is set if Assurer Test is missing
+ // Bit 3 is set if the user is not allowed to be an Assurer (assurer_blocked > 0)
+ function get_assurer_status($userID)
+ {
+ $Result = 0;
+ $query = mysql_query('SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '.
+ ' WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = \''.(int)intval($userID).'\'');
+ if(mysql_num_rows($query) < 1)
+ {
+ $Result |= 5;
+ }
+
+ $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now()');
+ $row = mysql_fetch_assoc($query);
+ if ($row['points'] < 100) {
+ $Result |= 3;
+ }
+
+ $query = mysql_query('SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\'');
+ $row = mysql_fetch_assoc($query);
+ if ($row['assurer_blocked'] > 0) {
+ $Result |= 9;
+ }
+
+ return $Result;
+ }
+ \ No newline at end of file
diff --git a/includes/lib/l10n.php b/includes/lib/l10n.php
new file mode 100644
index 0000000..85b7aff
--- /dev/null
+++ b/includes/lib/l10n.php
@@ -0,0 +1,343 @@
+<?php /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+/**
+ * This class provides some functions for language handling
+ */
+class L10n {
+ /**
+ * These are tranlations we currently support.
+ *
+ * If another translation is added, it doesn't suffice to have gettext set
+ * up, you also need to add it here, because it acts as a white list.
+ *
+ * @var array("ISO-language code" => "native name of the language")
+ */
+ public static $translations = array(
+ "ar" => "&#1575;&#1604;&#1593;&#1585;&#1576;&#1610;&#1577;",
+ "bg" => "&#1041;&#1098;&#1083;&#1075;&#1072;&#1088;&#1089;&#1082;&#1080;",
+ "cs" => "&#268;e&scaron;tina",
+ "da" => "Dansk",
+ "de" => "Deutsch",
+ "el" => "&Epsilon;&lambda;&lambda;&eta;&nu;&iota;&kappa;&#940;",
+ "en" => "English",
+ "es" => "Espa&#xf1;ol",
+ "fi" => "Suomi",
+ "fr" => "Fran&#xe7;ais",
+ "hu" => "Magyar",
+ "it" => "Italiano",
+ "ja" => "&#26085;&#26412;&#35486;",
+ "lv" => "Latvie&scaron;u",
+ "nl" => "Nederlands",
+ "pl" => "Polski",
+ "pt" => "Portugu&#xea;s",
+ "pt-br" => "Portugu&#xea;s Brasileiro",
+ "ru" => "&#x420;&#x443;&#x441;&#x441;&#x43a;&#x438;&#x439;",
+ "sv" => "Svenska",
+ "tr" => "T&#xfc;rk&#xe7;e",
+ "zh-cn" => "&#x4e2d;&#x6587;(&#x7b80;&#x4f53;)",
+ "zh-tw" => "&#x4e2d;&#x6587;(&#33274;&#28771;)",
+ );
+
+ /**
+ * setlocale needs a language + region code for whatever reason so here's
+ * the mapping from a translation code to locales with the region that
+ * seemed the most common for this language
+ *
+ * You probably never need this. Use {@link set_translation()} to change the
+ * language instead of manually calling setlocale().
+ *
+ * @var array(string => string)
+ */
+ private static $locales = array(
+ "ar" => "ar_JO",
+ "bg" => "bg_BG",
+ "cs" => "cs_CZ",
+ "da" => "da_DK",
+ "de" => "de_DE",
+ "el" => "el_GR",
+ "en" => "en_US",
+ "es" => "es_ES",
+ "fa" => "fa_IR",
+ "fi" => "fi_FI",
+ "fr" => "fr_FR",
+ "he" => "he_IL",
+ "hr" => "hr_HR",
+ "hu" => "hu_HU",
+ "id" => "id_ID",
+ "is" => "is_IS",
+ "it" => "it_IT",
+ "ja" => "ja_JP",
+ "ka" => "ka_GE",
+ "ko" => "ko_KR",
+ "lv" => "lv_LV",
+ "nb" => "nb_NO",
+ "nl" => "nl_NL",
+ "pl" => "pl_PL",
+ "pt" => "pt_PT",
+ "pt-br" => "pt_BR",
+ "ro" => "ro_RO",
+ "ru" => "ru_RU",
+ "sl" => "sl_SI",
+ "sv" => "sv_SE",
+ "th" => "th_TH",
+ "tr" => "tr_TR",
+ "uk" => "uk_UA",
+ "zh-cn" => "zh_CN",
+ "zh-tw" => "zh_TW",
+ );
+
+ /**
+ * Auto-detects the language that should be used and sets it. Only works for
+ * HTTP, not in a command line script.
+ *
+ * Priority:
+ * <ol>
+ * <li>explicit parameter "lang" passed in HTTP (e.g. via GET)</li>
+ * <li>existing setting in the session (stick to the setting we had before)
+ * </li>
+ * <li>auto-detect via the HTTP Accept-Language header sent by the user
+ * agent</li>
+ * </ol>
+ */
+ public static function detect_language() {
+ if ( (self::get_translation() != "")
+ // already set in the session?
+ &&
+ !(array_key_exists("lang", $_REQUEST) &&
+ trim($_REQUEST["lang"]) != "")
+ // explicit parameter?
+ )
+ {
+ if ( self::set_translation(self::get_translation()) ) {
+ return;
+ }
+ }
+
+
+ $languages = array();
+
+ // parse Accept-Language header
+ if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER)) {
+ $bits = explode(",", strtolower(
+ str_replace(" ", "", $_SERVER['HTTP_ACCEPT_LANGUAGE'])
+ ));
+ foreach($bits as $lang)
+ {
+ $b = explode(";", $lang);
+ if(count($b)>1 && substr($b[1], 0, 2) == "q=")
+ $c = floatval(substr($b[1], 2));
+ else
+ $c = 1;
+
+ if ($c != 0)
+ {
+ $languages[trim($b[0])] = $c;
+ }
+ }
+ }
+
+ // check if there is an explicit language given as parameter
+ if(array_key_exists("lang",$_REQUEST) && trim($_REQUEST["lang"]) != "")
+ {
+ // higher priority than those values in the header
+ $languages[strtolower(trim($_REQUEST["lang"]))] = 2.0;
+ }
+
+ arsort($languages, SORT_NUMERIC);
+
+ // this is used to be compatible with browsers like internet
+ // explorer which only provide the language code including the
+ // region not without. Also handles the fallback to English (qvalues
+ // may only have three digits after the .)
+ $fallbacks = array("en" => 0.0005);
+
+ foreach($languages as $lang => $qvalue)
+ {
+ // ignore any non-conforming values (that's why we don't need to
+ // mysql_real_escape() or escapeshellarg(), but take care of
+ // the '*')
+ // spec: ( ( 1*8ALPHA *( "-" 1*8ALPHA ) ) | "*" )
+ if ( preg_match('/^(?:([a-zA-Z]{1,8})(?:-[a-zA-Z]{1,8})*|\*)$/',
+ $lang, $matches) !== 1 ) {
+ continue;
+ }
+ $lang_prefix = $matches[1]; // usually two-letter language code
+ $fallbacks[$lang_prefix] = $qvalue;
+
+ $chosen_translation = "";
+ if ($lang === '*') {
+ // According to the standard '*' matches anything but any
+ // language explicitly specified. So in theory if there
+ // was an explicit mention of "en" with a lower priority
+ // this would be incorrect, but that's too much trouble.
+ $chosen_translation = "en";
+ } else {
+ $lang_length = strlen($lang);
+ foreach (self::$translations as $translation => $ignore)
+ {
+ // May match exactly or on every '-'
+ if ( $translation === $lang ||
+ substr($translation, 0, $lang_length + 1)
+ === $lang.'-'
+ )
+ {
+ $chosen_translation = $translation;
+ break;
+ }
+ }
+ }
+
+ if ($chosen_translation !== "")
+ {
+ if (self::set_translation($chosen_translation)) {
+ return;
+ }
+ }
+ }
+
+ // No translation found yet => try the prefixes
+ arsort($fallbacks, SORT_NUMERIC);
+ foreach ($fallbacks as $lang => $qvalue) {
+ if (self::set_translation($lang)) {
+ return;
+ }
+ }
+
+ // should not get here, as the fallback of "en" is provided and that
+ // should always work => log an error
+ trigger_error("L10n::detect_language(): could not set language",
+ E_USER_WARNING);
+ }
+
+ /**
+ * Get the set translation
+ *
+ * @return string
+ * a translation code or the empty string if not set
+ */
+ public static function get_translation() {
+ if (array_key_exists('language', $_SESSION['_config'])) {
+ return $_SESSION['_config']['language'];
+ } else {
+ return "";
+ }
+ }
+
+ /**
+ * Set the translation to use.
+ *
+ * @param string $translation_code
+ * the translation code as specified in the keys of {@link $translations}
+ *
+ * @return bool
+ * <ul>
+ * <li>true if the translation has been set successfully</li>
+ * <li>false if the $translation_code was not contained in the white
+ * list or could not be set for other reasons (e.g. setlocale()
+ * failed because the locale has not been set up on the system -
+ * details will be logged)</li>
+ * </ul>
+ */
+ public static function set_translation($translation_code) {
+ // check $translation_code against whitelist
+ if ( !array_key_exists($translation_code, self::$translations) ) {
+ // maybe it's a locale as previously used in the system? e.g. en_AU
+ if ( preg_match('/^([a-z][a-z])_([A-Z][A-Z])$/', $translation_code,
+ $matches) !== 1 ) {
+ return false;
+ }
+
+ $lang_code = $matches[1];
+ $region_code = strtolower($matches[2]);
+
+ if ( array_key_exists("${lang_code}-${region_code}",
+ self::$translations) ) {
+ $translation_code = "${lang_code}-${region_code}";
+ } elseif ( array_key_exists($lang_code, self::$translations) ) {
+ $translation_code = $lang_code;
+ } else {
+ return false;
+ }
+ }
+
+ // map translation to locale
+ if ( !array_key_exists($translation_code, self::$locales) ) {
+ // weird. maybe you added a translation but haven't added a
+ // translation to locale mapping in self::locales?
+ trigger_error("L10n::set_translation(): could not map the ".
+ "translation $translation_code to a locale", E_USER_WARNING);
+ return false;
+ }
+ $locale = self::$locales[$translation_code];
+
+ // set up locale
+ if ( !putenv("LANG=$locale") ) {
+ trigger_error("L10n::set_translation(): could not set the ".
+ "environment variable LANG to $locale", E_USER_WARNING);
+ return false;
+ }
+ if ( !setlocale(LC_ALL, $locale) ) {
+ trigger_error("L10n::set_translation(): could not setlocale() ".
+ "LC_ALL to $locale", E_USER_WARNING);
+ return false;
+ }
+
+
+ // only set if we're running in a server not in a script
+ if (isset($_SESSION)) {
+ // save the setting
+ $_SESSION['_config']['language'] = $translation_code;
+
+
+ // Set up the recode settings needed e.g. in PDF creation
+ $_SESSION['_config']['recode'] = "html..latin-1";
+
+ if($translation_code === "zh-cn" || $translation_code === "zh-tw")
+ {
+ $_SESSION['_config']['recode'] = "html..gb2312";
+
+ } else if($translation_code === "pl" || $translation_code === "hu") {
+ $_SESSION['_config']['recode'] = "html..ISO-8859-2";
+
+ } else if($translation_code === "ja") {
+ $_SESSION['_config']['recode'] = "html..SHIFT-JIS";
+
+ } else if($translation_code === "ru") {
+ $_SESSION['_config']['recode'] = "html..ISO-8859-5";
+
+ } else if($translation_code == "lt") { // legacy, keep for reference
+ $_SESSION['_config']['recode'] = "html..ISO-8859-13";
+
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Sets up the text domain used by gettext
+ *
+ * @param string $domain
+ * the gettext domain that should be used, defaults to "messages"
+ */
+ public static function init_gettext($domain = 'messages') {
+ bindtextdomain($domain, $_SESSION['_config']['filepath'].'/locale');
+ textdomain($domain);
+ }
+} \ No newline at end of file
diff --git a/includes/loggedin.php b/includes/loggedin.php
index bf6b455..4f9b8e8 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -17,20 +17,30 @@
*/
include_once("../includes/lib/general.php");
+ require_once("../includes/lib/l10n.php");
+ include_once("../includes/mysql.php");
+
+ if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
+ $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
+ }
+ if(!isset($_SESSION['profile']['id']) || !isset($_SESSION['profile']['loggedin'])) {
+ $_SESSION['profile']['id'] = 0;
+ $_SESSION['profile']['loggedin'] = 0;
+ }
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
{
$uid = $_SESSION['profile']['id'];
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($$key);
+ //session_unregister($key);
}
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
@@ -49,14 +59,14 @@
{
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($$key);
+ //session_unregister($key);
}
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
@@ -68,16 +78,16 @@
} else {
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
- unset($_SESSION['_config']['oldlocation']);
+ $_SESSION['_config']['oldlocation'] = '';
foreach($_GET as $key => $val)
{
@@ -110,18 +120,12 @@
if($_SESSION['profile']['language'] == "")
{
- $query = "update `users` set `language`='".$_SESSION['_config']['language']."'
+ $query = "update `users` set `language`='".L10n::get_translation()."'
where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
} else {
- $_SESSION['_config']['language'] = $_SESSION['profile']['language'];
-
- putenv("LANG=".$_SESSION['_config']['language']);
- setlocale(LC_ALL, $_SESSION['_config']['language']);
-
- $domain = 'messages';
- bindtextdomain("$domain", $_SESSION['_config']['filepath']."/locale");
- textdomain("$domain");
+ L10n::set_translation($_SESSION['profile']['language']);
+ L10n::init_gettext();
}
}
@@ -132,9 +136,9 @@
$_SESSION['profile'] = "";
foreach($_SESSION as $key => $value)
{
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
header("location: https://".$normalhost."/index.php");
@@ -143,11 +147,11 @@
if($_SESSION['profile']['loggedin'] < 1)
{
- unset($_SESSION['_config']['oldlocation']);
+ $_SESSION['_config']['oldlocation'] = '';
foreach($_REQUEST as $key => $val)
{
- if($_SESSION['_config']['oldlocation'])
+ if('' != $_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
$key = str_replace(array("\n", "\r"), '', $key);
diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample
index ff5cfc3..10185fc 100644
--- a/includes/mysql.php.sample
+++ b/includes/mysql.php.sample
@@ -28,7 +28,7 @@
function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $fromname = "", $errorsto = "returns@cacert.org", $extra="")
{
- $lines = explode('\n', $message);
+ $lines = explode("\n", $message);
$message = "";
foreach($lines as $line)
{
@@ -64,7 +64,8 @@
fputs($smtp, "DATA\r\n");
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "X-Mailer: CAcert.org Website\r\n");
- fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n");
+ if (array_key_exists("REMOTE_ADDR", $_SERVER))
+ fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n");
fputs($smtp, "Sender: $errorsto\r\n");
fputs($smtp, "Errors-To: $errorsto\r\n");
if($replyto != "")
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index cc0e0eb..52789b4 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
+*/
function query_init ($query)
{
@@ -41,6 +41,15 @@
return intval($row['list']);
}
+ function get_number_of_ttpassurances ($userid)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
+ $row = query_getnextrow($res);
+
+ return intval($row['list']);
+ }
+
function get_number_of_assurees ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
@@ -52,8 +61,8 @@
function get_top_assurer_position ($no_of_assurances)
{
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting'
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting'
GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
return intval(query_get_number_of_rows($res)+1);
}
@@ -83,7 +92,7 @@
$res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
return $res;
}
-
+
function get_received_assurances_summary ($userid)
{
$res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
@@ -106,7 +115,7 @@
function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked)
{
- $apoints = max($row['points'],$row['awarded']);
+ $apoints = max($row['points'], $row['awarded']);
$points += $apoints;
$experience = "&nbsp;";
$revoked = false; # to be coded later (after DB-upgrade)
@@ -129,7 +138,7 @@
$awarded = 100;
}
else
- $experience = 0;
+ $experience = 0;
switch ($row['method'])
{
@@ -192,15 +201,15 @@
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="title"><?=_("Assurer Ranking")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
- </tr>
+ <tr>
+ <td class="title"><?=_("Assurer Ranking")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
+ </tr>
</table>
<br/>
<?
@@ -210,119 +219,124 @@
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
+ <tr>
<?
if ($support == "1")
{
?>
- <td colspan="10" class="title"><?=$title?></td>
+ <td colspan="10" class="title"><?=$title?></td>
<?
} else {
?>
- <td colspan="7" class="title"><?=$title?></td>
-<? }
+ <td colspan="7" class="title"><?=$title?></td>
+<?
+ }
?>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("ID")?></strong></td>
- <td class="DataTD"><strong><?=_("Date")?></strong></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("ID")?></strong></td>
+ <td class="DataTD"><strong><?=_("Date")?></strong></td>
<?
if ($support == "1")
{
?>
- <td class="DataTD"><strong><?=_("When")?></strong></td>
- <td class="DataTD"><strong><?=_("Email")?></strong></td>
-<? } ?>
- <td class="DataTD"><strong><?=_("Who")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Location")?></strong></td>
- <td class="DataTD"><strong><?=_("Method")?></strong></td>
- <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("When")?></strong></td>
+ <td class="DataTD"><strong><?=_("Email")?></strong></td>
+<?
+ }
+?>
+ <td class="DataTD"><strong><?=_("Who")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Location")?></strong></td>
+ <td class="DataTD"><strong><?=_("Method")?></strong></td>
+ <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
<?
if ($support == "1")
{
?>
- <td class="DataTD"><strong><?=_("Revoke")?></strong></td>
+ <td class="DataTD"><strong><?=_("Revoke")?></strong></td>
<?
}
?>
- </tr>
+ </tr>
<?
}
function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support)
{
?>
- <tr>
- <td class="DataTD" colspan="5"><strong><?=$points_txt?>:</strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD">&nbsp;</td>
- <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
- <td class="DataTD"><?=$sumexperience?></td>
+ <tr>
+ <td<?=($support == "1")?' colspan="5"':' colspan="3"'?> class="DataTD"><strong><?=$points_txt?>:</strong></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD">&nbsp;</td>
+ <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
+ <td class="DataTD"><?=$sumexperience?></td>
<?
if ($support == "1")
{
?>
- <td class="DataTD">&nbsp;</td>
+ <td class="DataTD">&nbsp;</td>
<?
}
?>
- </tr>
+ </tr>
</table>
<br/>
<?
}
- function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
+ function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked, $ticketno)
{
- $tdstyle="";
- $emopen="";
- $emclose="";
+ $tdstyle="";
+ $emopen="";
+ $emclose="";
- if ($awarded == $points)
- {
- if ($awarded == "0")
+ if ($awarded == $points)
{
- if ($when < "2006-09-01")
+ if ($awarded == "0")
{
- $tdstyle="style='background-color: #ffff80'";
- $emopen="<em>";
- $emclose="</em>";
+ if ($when < "2006-09-01")
+ {
+ $tdstyle="style='background-color: #ffff80'";
+ $emopen="<em>";
+ $emclose="</em>";
+ }
}
}
- }
?>
- <tr>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
+ <tr>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
<?
- if ($support == "1")
- {
+ if ($support == "1")
+ {
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
-<? }
+<?
+ }
?>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
<?
- if ($support == "1")
- {
- if ($revoked == true)
+ if ($support == "1")
{
+ if ($revoked == true)
+ {
?>
- <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
-<? } else {
+ <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
+<?
+ } else {
?>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
+ }
}
- }
?>
</tr>
<?
@@ -332,14 +346,14 @@
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("Description")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Remark")?></strong></td>
+ <tr>
+ <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("Description")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Remark")?></strong></td>
</tr>
<?
}
@@ -355,36 +369,36 @@
function output_summary_row($title,$points,$points_countable,$remark)
{
?>
- <tr>
- <td class="DataTD"><strong><?=$title?></strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD"><?=$points_countable?></td>
- <td class="DataTD"><?=$remark?></td>
- </tr>
+ <tr>
+ <td class="DataTD"><strong><?=$title?></strong></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD"><?=$points_countable?></td>
+ <td class="DataTD"><?=$remark?></td>
+ </tr>
<?
}
// ************* output given assurances ******************
- function output_given_assurances_content($userid,&$points,&$sum_experience,$support)
+ function output_given_assurances_content($userid,&$points,&$sum_experience,$support, $ticketno)
{
$points = 0;
$sumexperience = 0;
$res = get_given_assurances(intval($userid));
while($row = mysql_fetch_assoc($res))
{
- $fromuser = get_user (intval($row['to']));
+ $fromuser = get_user (intval($row['to']));
$apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
$email = show_email_link ($fromuser['email'],intval($row['to']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked, $ticketno);
}
}
// ************* output received assurances ******************
- function output_received_assurances_content($userid,&$points,&$sum_experience,$support)
+ function output_received_assurances_content($userid,&$points,&$sum_experience,$support, $ticketno)
{
$points = 0;
$sumexperience = 0;
@@ -395,7 +409,7 @@
calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
$email = show_email_link ($fromuser['email'],intval($row['from']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked, $ticketno);
}
}
@@ -430,6 +444,8 @@
break;
case 'Unknown': // to be revoked in the future? limit to max 50 pts?
case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
+ case 'TTP-Assisted': // TTP assurances, limit to 35
+ case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
case '': // to be revoked in the future? limit to max 50 pts?
case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
break;
@@ -575,17 +591,17 @@
return $issue_points;
}
- function output_given_assurances($userid,$support)
+ function output_given_assurances($userid,$support=0, $ticketno)
{
output_assurances_header(_("Assurance Points You Issued"),$support);
- output_given_assurances_content($userid,$points,$sum_experience,$support);
+ output_given_assurances_content($userid,$points,$sum_experience,$support, $ticketno);
output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support);
}
- function output_received_assurances($userid,$support)
+ function output_received_assurances($userid,$support=0, $ticketno)
{
output_assurances_header(_("Your Assurance Points"),$support);
- output_received_assurances_content($userid,$points,$sum_experience,$support);
+ output_received_assurances_content($userid,$points,$sum_experience,$support, $ticketno);
output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience,$support);
}
@@ -602,4 +618,1147 @@
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<?
}
+
+ //functions to do with recording user agreements
+ /**
+ * write_user_agreement()
+ * writes a new record to the table user_agreement
+ *
+ * @param mixed $memid
+ * @param mixed $document
+ * @param mixed $method
+ * @param mixed $comment
+ * @param integer $active
+ * @param integer $secmemid
+ * @return
+ */
+ function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
+ // write a new record to the table user_agreement
+ $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
+ ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
+ $res = mysql_query($query);
+ }
+
+ function get_user_agreement_status($memid, $type="CCA"){
+ //returns 0 - no user agreement, 1- at least one entry
+ $query="SELECT u.`document` FROM `user_agreements` u
+ WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ;
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <=0){
+ return 0;
+ }else{
+ return 1;
+ }
+ }
+
+ function get_first_user_agreement($memid, $active=1, $type="CCA"){
+ //returns an array (`document`,`date`,`method`, `comment`,`active`)
+ if($active==1){
+ $filter="u.`memid`=".$memid;
+ }else{
+ $filter="u.`secmemid`=".$memid;
+ }
+ $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u
+ WHERE u.`document` = '".$type."' AND ".$filter."
+ ORDER BY u.`date` Limit 1;";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) >0){
+ $row = mysql_fetch_assoc($res);
+ $rec['document']= $row['document'];
+ $rec['date']= $row['date'];
+ $rec['method']= $row['method'];
+ $rec['comment']= $row['comment'];
+ $rec['active']= $row['active'];
+ }else{
+ $rec=array();
+ }
+ return $rec;
+ }
+
+ function get_last_user_agreement($memid, $type="CCA"){
+ //returns an array (`document`,`date`,`method`, `comment`,`active`)
+ $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
+ union
+ (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) >0){
+ $row = mysql_fetch_assoc($res);
+ $rec['document']= $row['document'];
+ $rec['date']= $row['date'];
+ $rec['method']= $row['method'];
+ $rec['comment']= $row['comment'];
+ $rec['active']= $row['active'];
+ }else{
+ $rec=array();
+ }
+ return $rec;
+ }
+
+function get_user_agreement($memid){
+ $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = 'CCA' AND (u.`memid`=".$memid." ) order by u.`date` )
+ union
+ (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = 'CCA' AND ( u.`secmemid`=".$memid.") order by u.`date`)
+ union
+ (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` != 'CCA' AND ( u.`memid`=".$memid.") order by u.u.`document`, u.`date`) " ;
+ $res = mysql_query($query);
+
+ return mysql_query($query);
+}
+
+ function delete_user_agreement($memid, $type="CCA"){
+ //deletes all entries to an user for the given type of user agreements
+ mysql_query("delete from `user_agreements` where `memid`='".$memid."'");
+ mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'");
+ }
+
+ // functions for 6.php (assure somebody)
+
+ function AssureHead($confirmation,$checkname)
+ {
+?>
+<form method="post" action="wot.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
+ <tr>
+ <td colspan="2" class="title"><?=$confirmation?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
+ </tr>
+<?
+ }
+
+ function AssureTextLine($field1,$field2)
+ {
+?>
+ <tr>
+ <td class="DataTD"><?=$field1.(empty($field1)?'':':')?></td>
+ <td class="DataTD"><?=$field2?></td>
+ </tr>
+<?
+ }
+
+ function AssureBoxLine($type,$text,$checked)
+ {
+?>
+ <tr>
+ <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
+ <td class="DataTD"><?=$text?></td>
+ </tr>
+<?
+ }
+
+ function AssureMethodLine($text,$methods,$remark)
+ {
+ if (count($methods) != 1) {
+?>
+ <tr>
+ <td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
+ <td class="DataTD">
+ <select name="method">
+<?
+ foreach($methods as $val) {
+?>
+ <option value="<?=$val?>"><?=$val?></option>
+<?
+ }
+?>
+ </select>
+ <br />
+ <?=$remark?>
+ </td>
+ </tr>
+<?
+ } else {
+?>
+ <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" />
+<?
+ }
+ }
+
+ function AssureInboxLine($type,$field,$value,$description)
+ {
+?>
+ <tr>
+ <td class="DataTD"><?=$field.(empty($field)?'':':')?></td>
+ <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
+ </tr>
+<?
+ }
+
+ function AssureFoot($oldid,$confirm)
+ {
?>
+ <tr>
+ <td class="DataTD" colspan="2">
+ <input type="submit" name="process" value="<?=$confirm?>" />
+ <input type="submit" name="cancel" value="<?=_("Cancel")?>" />
+ </td>
+ </tr>
+</table>
+<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
+<input type="hidden" name="oldid" value="<?=$oldid?>" />
+</form>
+<?
+ }
+
+ function account_email_delete($mailid){
+ //deletes an email entry from an acount
+ //revolkes all certifcates for that email address
+ //called from www/account.php if($process != "" && $oldid == 2)
+ //called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
+ //called from account_delete
+ $mailid = intval($mailid);
+ revoke_all_client_cert($mailid);
+ $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
+ mysql_query($query);
+ }
+
+ function account_domain_delete($domainid){
+ //deletes an domain entry from an acount
+ //revolkes all certifcates for that domain address
+ //called from www/account.php if($process != "" && $oldid == 9)
+ //called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
+ //called from account_delete
+ $domainid = intval($domainid);
+ revoke_all_server_cert($domainid);
+ mysql_query(
+ "update `domains`
+ set `deleted`=NOW()
+ where `id` = '$domainid'");
+ }
+
+ function account_delete($id, $arbno, $adminid){
+ //deletes an account following the deleted account routnie V3
+ // called from www/account.php if($oldid == 50 && $process != "")
+ //change password
+ $id = intval($id);
+ $arbno = mysql_real_escape_string($arbno);
+ $adminid = intval($adminid);
+ $pool = 'abcdefghijklmnopqrstuvwxyz';
+ $pool .= '0123456789!()§';
+ $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+ srand ((double)microtime()*1000000);
+ $password="";
+ for($index = 0; $index < 30; $index++)
+ {
+ $password .= substr($pool,(rand()%(strlen ($pool))), 1);
+ }
+ mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
+
+ //create new mail for arbitration number
+ $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
+ mysql_query($query);
+ $emailid = mysql_insert_id();
+
+ //set new mail as default
+ $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
+ mysql_query($query);
+
+ //delete all other email address
+ $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ account_email_delete($row['id']);
+ }
+
+ //delete all domains
+ $query = "select `id` from `domains` where `memid`='".$id."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ account_domain_delete($row['id']);
+ }
+
+ //clear alert settings
+ mysql_query(
+ "update `alerts` set
+ `general`='0',
+ `country`='0',
+ `regional`='0',
+ `radius`='0'
+ where `memid`='$id'");
+
+ //set default location
+ $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
+ mysql_query($query);
+
+ //clear listings
+ $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
+ mysql_query($query);
+
+ //set lanuage to default
+ //set default language
+ mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
+ //delete secondary langugaes
+ mysql_query("delete from `addlang` where `userid`='".$id."'");
+
+ //change secret questions
+ for($i=1;$i<=5;$i++){
+ $q="";
+ $a="";
+ for($index = 0; $index < 30; $index++)
+ {
+ $q .= substr($pool,(rand()%(strlen ($pool))), 1);
+ $a .= substr($pool,(rand()%(strlen ($pool))), 1);
+ }
+ $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
+ mysql_query($query);
+ }
+
+ //change personal information to arbitration number and DOB=1900-01-01
+ $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
+ $details = mysql_fetch_assoc(mysql_query($query));
+ $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
+ `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
+ mysql_query($query);
+ $query = "update `users` set `fname`='".$arbno."',
+ `mname`='".$arbno."',
+ `lname`='".$arbno."',
+ `suffix`='".$arbno."',
+ `dob`='1900-01-01'
+ where `id`='".$id."'";
+ mysql_query($query);
+
+ //clear all admin and board flags
+ mysql_query(
+ "update `users` set
+ `assurer`='0',
+ `assurer_blocked`='0',
+ `codesign`='0',
+ `orgadmin`='0',
+ `ttpadmin`='0',
+ `locadmin`='0',
+ `admin`='0',
+ `adadmin`='0',
+ `tverify`='0',
+ `board`='0'
+ where `id`='$id'");
+
+ //block account
+ mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
+ }
+
+
+ function check_email_exists($email){
+ // called from includes/account.php if($process != "" && $oldid == 1)
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $email = mysql_real_escape_string($email);
+ $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+ function check_gpg_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
+ }else{
+ $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+ function check_client_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
+ $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
+ }else{
+ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
+ $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query1);
+ $r1 = mysql_num_rows($res)>0;
+ $res = mysql_query($query2);
+ $r2 = mysql_num_rows($res)>0;
+ return !!($r1 || $r2);
+ }
+
+ function check_server_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query1 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `domaincerts`.`expire` > NOW()
+ and `domaincerts`.`revoked` < `domaincerts`.`created`";
+ $query2 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `revoked`>NOW()";
+ }else{
+ $query1 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `expire`>(NOW()-90*86400)
+ and `revoked`<`created`";
+ $query2 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `revoked`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query1);
+ $r1 = mysql_num_rows($res)>0;
+ $res = mysql_query($query2);
+ $r2 = mysql_num_rows($res)>0;
+ return !!($r1 || $r2);
+ }
+
+ function check_is_orgadmin($uid){
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+
+ // revokation of certificates
+ function revoke_all_client_cert($mailid){
+ //revokes all client certificates for an email address
+ $mailid = intval($mailid);
+ $query = "select `emailcerts`.`id`
+ from `emaillink`,`emailcerts` where
+ `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
+ group by `emailcerts`.`id`";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres)){
+ mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
+ }
+ }
+
+ function revoke_all_server_cert($domainid){
+ //revokes all server certs for an domain
+ $domainid = intval($domainid);
+ $query =
+ "select `domaincerts`.`id`
+ from `domaincerts`
+ where `domaincerts`.`domid` = '$domainid'
+ union distinct
+ select `domaincerts`.`id`
+ from `domaincerts`, `domlink`
+ where `domaincerts`.`id` = `domlink`.`certid`
+ and `domlink`.`domid` = '$domainid'";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ mysql_query(
+ "update `domaincerts`
+ set `revoked`='1970-01-01 10:00:01'
+ where `id` = '".$drow['id']."'
+ and `revoked` = 0");
+ }
+ }
+
+ function revoke_all_private_cert($uid){
+ //revokes all certificates linked to a personal accounts
+ //gpg revokation needs to be added to a later point
+ $uid=intval($uid);
+ $query = "select `id` from `email` where `memid`='".$uid."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ revoke_all_client_cert($row['id']);
+ }
+
+
+ $query = "select `id` from `domains` where `memid`='".$uid."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ revoke_all_server_cert($row['id']);
+ }
+ }
+
+ /**
+ * check_date_format()
+ * checks if the date is entered in the right date format YYYY-MM-DD and
+ * if the date is after the 1st January of the given year
+ *
+ * @param mixed $date
+ * @param integer $year
+ * @return
+ */
+ function check_date_format($date, $year=2000){
+ if (!strpos($date,'-')) {
+ return FALSE;
+ }
+ $arr=explode('-',$date);
+
+ if ((count($arr)!=3)) {
+ return FALSE;
+ }
+ if (intval($arr[0])<=$year) {
+ return FALSE;
+ }
+ if (intval($arr[1])>12 or intval($arr[1])<=0) {
+ return FALSE;
+ }
+ if (intval($arr[2])>31 or intval($arr[2])<=0) {
+ return FALSE;
+ }
+
+ return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
+
+ }
+
+ /**
+ * check_date_difference()
+ * returns false if the date is larger then today + time diffrence
+ *
+ * @param mixed $date
+ * @param integer $diff
+ * @return
+ */
+ function check_date_difference($date, $diff=1){
+ return (strtotime($date)<=time()+$diff*86400);
+ }
+
+/**
+ * write_se_log()
+ * writes an information to the adminlog
+ *
+ * @param mixed $uid - id of the user account
+ * @param mixed $adminid - id of the admin
+ * @param mixed $type - what was changed
+ * @param mixed $info - the ticket / arbitration no or other information
+ * @return
+ */
+function write_se_log($uid, $adminid, $type, $info){
+ //records all support engineer actions changing a user account
+ $uid = intval($uid);
+ $adminid = intval($adminid);
+ $type = mysql_real_escape_string($type);
+ $info = mysql_real_escape_string($info);
+ $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values
+ (Now(), $uid, $adminid, '$type', '$info')";
+ mysql_query($query);
+}
+
+/**
+ * valid_ticket_number()
+ * checks if the entered information is a valid ticket or arbitration number
+ * @param mixed $ticketno
+ * @return
+ */
+function valid_ticket_number($ticketno){
+ //return if a given ticket number is valid
+ //a arbitration case
+ //d dispute action
+ //s support case
+ //m board motion
+ $pattern='/[adsmADSM]\d{8}\./';
+ if (preg_match($pattern, $ticketno)) {
+ return true;
+ }
+ return false;
+}
+
+// function for handling account/43.php
+/**
+ * get_user_data()
+ * returns all data of to an account given by the id
+ * @param mixed $userid - account id
+ * @param mixed $deleted - states if deleted data should be visible , default = 0 - not visible
+ * @return
+ */
+function get_user_data($userid, $deleted=0){
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter=' and `users`.`deleted`=0';
+ }
+ $query = "select * from `users` where `users`.`id`='$userid' ".$filter;
+ return mysql_query($query);
+}
+
+/**
+ * get_alerts()
+ * retrns all alert settings for one user
+ * @param mixed $userid for the requested account
+ * @return
+ */
+function get_alerts($userid){
+ return mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($userid)."'"));
+}
+
+/**
+ * get_email_address()
+ * returns all email address linked to one account
+ * @param mixed $userid
+ * @param string $primary if given the primary email address is not retirned
+ * @param integer $deleted - states if deleted data should be visible , default = 0 - not visible
+ * @return
+ */
+function get_email_address($userid, $primary,$deleted=0){
+ //should be entered in account/2.php
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter=' and `deleted`=0';
+ }
+ if ($primary) {
+ $filter= $filter." and `email`!='".mysql_real_escape_string($primary)."'";
+ }
+ $query = "select * from `email` where `memid`='".$userid."'".$filter." order by `created`";
+ return mysql_query($query);
+}
+
+/**
+ * get_domains()
+ * returns all domains to an account
+ * @param mixed $userid
+ * @param integer $deleted - states if deleted data should be visible , default = 0 - not visible
+ * @return
+ */
+function get_domains($userid, $deleted=0){
+ //should be entered in account/9.php
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter=' and `deleted`=0';
+ }
+ $query = "select * from `domains` where `memid`='".$userid."' and `hash`=''".$filter." order by `created`";
+ return mysql_query($query);
+}
+
+/**
+ * get_training_result()
+ * returns all training results to an account
+ * @param mixed $userid
+ * @return
+ */
+function get_training_result($userid){
+ //should be entered in account/55.php
+ $userid = intval($userid);
+ $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
+ " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".$userid."'".
+ " ORDER BY `CP`.`pass_date`";
+ return mysql_query($query);
+}
+
+/**
+ * get_se_log()
+ * returns all SE log entries to an account
+ * @param mixed $userid
+ * @return
+ */
+function get_se_log($userid){
+ $userid = intval($userid);
+ $query = "SELECT `adminlog`.`when`, `adminlog`.`type`, `adminlog`.`information`, `users`.`fname`, `users`.`lname`
+ FROM `adminlog`, `users`
+ WHERE `adminlog`.`adminid` = `users`.`id` and `adminlog`.`uid`=".$userid."
+ ORDER BY `adminlog`.`when`";
+ return mysql_query($query);
+}
+
+/**
+ * get_client_certs()
+ * returns all client certificates to an account
+ * @param mixed $userid
+ * @param integer $viewall- states if expired certs should be visible , default = 0 - not visible
+ * @return
+ */
+//add to account/5.php
+function get_client_certs($userid,$viewall=0){
+ $userid = intval($userid);
+ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
+ `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ `emailcerts`.`id`,
+ `emailcerts`.`CN`,
+ `emailcerts`.`serial`,
+ `emailcerts`.`disablelogin` as `disablelogin`,
+ `emailcerts`.`description`
+ from `emailcerts`
+ where `emailcerts`.`memid`='".$userid."'";
+ if($viewall != 1)
+ $query .= " AND `revoked`=0 AND `renewed`=0 ";
+ $query .= " GROUP BY `emailcerts`.`id` ";
+ if($viewall != 1)
+ $query .= " HAVING `timeleft` > 0 ";
+ $query .= " ORDER BY `emailcerts`.`modified` desc";
+ return mysql_query($query);
+}
+
+/**
+ * get_server_certs()
+ * returns all server certs to an account
+ * @param mixed $userid
+ * @param integer $viewall states if expired certs should be visible , default = 0 - not visible
+ * @return
+ */
+function get_server_certs($userid,$viewall=0){
+ //add to account/12.php
+ $userid = intval($userid);
+ $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
+ `domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
+ `domaincerts`.`description`
+ from `domaincerts`,`domains`
+ where `memid`='".$userid."' and `domaincerts`.`domid`=`domains`.`id` ";
+ if($viewall != 1)
+ {
+ $query .= "AND `revoked`=0 AND `renewed`=0 ";
+ $query .= "HAVING `timeleft` > 0 ";
+ }
+ $query .= "ORDER BY `domaincerts`.`modified` desc";
+ return mysql_query($query);
+}
+
+/**
+ * get_gpg_certs()
+ * retruns all gpg certs to an account
+ * @param mixed $userid
+ * @param integer $viewall states if expired certs should be visible , default = 0 - not visible
+ * @return
+ */
+function get_gpg_certs($userid,$viewall=0){
+ //add to gpg/2.php
+ $userid = intval($userid);
+ $query = $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
+ UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`expire`) as `expired`,
+ `expire` as `expires`, `id`, `level`,
+ `email`,`keyid`,`description` from `gpg` where `memid`='".$userid."'
+ ORDER BY `issued` desc";
+ return mysql_query($query);
+}
+
+
+
+/**
+ * output_log_email_header()
+ * shows the table header to the email table
+ * @return
+ */
+function output_log_email_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Email, primary bold") ?></td>
+ <td class="DataTD bold"><?= _("Created") ?></td>
+ <td class="DataTD bold"><?= _("Deleted") ?></td>
+ </tr>
+
+ <?
+}
+/**
+ * output_log_email()
+ * shows all email data
+ * @param mixed $row - sql-query array
+ * @param mixed $primary - if given the primary address is highlighted
+ * @return
+ */
+function output_log_email($row,$primary){
+ $italic='';
+ $bold='';
+ if (0==$row['deleted']) {
+ $italic='italic ';
+ }
+ if ($primary==$row['email']) {
+ $bold= 'bold ';
+ }
+ ?>
+ <tr>
+ <td class="DataTD <? $bold . $italic ?>"><?=$row['email']?></td>
+ <td class="DataTD <? $bold . $italic ?>"><?=$row['created']?></td>
+ <td class="DataTD <? $bold . $italic ?>"><?=$row['deleted']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_domains_header()
+ * shows the table header to the domains table
+ * @return
+ */
+function output_log_domains_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Domain") ?></td>
+ <td class="DataTD bold"><?= _("Created") ?></td>
+ <td class="DataTD bold"><?= _("Deleted") ?></td>
+ </tr>
+
+ <?
+}
+
+/**
+ * output_log_domains()
+ * shows the domain data
+ * @param mixed $row - sql-query array
+ * @return
+ */
+function output_log_domains($row){
+ $italic='';
+ if (0==$row['deleted']) {
+ $italic='italic ';
+ }
+ ?>
+ <tr>
+ <td class="DataTD <? $italic ?>"><?=$row['domain']?></td>
+ <td class="DataTD <? $italic ?>"><?=$row['created']?></td>
+ <td class="DataTD <? $italic ?>"><?=$row['deleted']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_agreement_header()
+ * shows the table header to the user agreement table
+ * @return
+ */
+function output_log_agreement_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Agreement") ?></td>
+ <td class="DataTD bold"><?= _("Date") ?></td>
+ <td class="DataTD bold"><?= _("Method") ?></td>
+ <td class="DataTD bold"><?= _("Active ") ?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_agreement()
+ * shows the agreement data
+ * @param mixed $row - sql-query array
+ * @return
+ */
+function output_log_agreement($row){
+ ?>
+ <tr>
+ <td class="DataTD" ><?=$row['document']?></td>
+ <td class="DataTD" ><?=$row['date']?></td>
+ <td class="DataTD" ><?=$row['method']?></td>
+ <td class="DataTD"><?= ($row['active']==0)? _('passive'):_('active')?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_training_header()
+ * shows the table header to the training table
+ * @return
+ */
+function output_log_training_header(){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Agreement") ?></td>
+ <td class="DataTD bold"><?= _("Test") ?></td>
+ <td class="DataTD bold"><?= _("Variant") ?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_training()
+ * shows the training data
+ * @param mixed $row - sql-query array
+ * @return
+ */
+function output_log_training($row){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD"><?=$row['pass_date']?></td>
+ <td class="DataTD"><?=$row['type_text']?></td>
+ <td class="DataTD"><?=$row['test_text']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_se_header()
+ * shows the table header to the SE log table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_log_se_header($support=0){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Date") ?></td>
+ <td class="DataTD bold"><?= _("Type") ?></td>
+ <?if (1==$support) {
+ ?>
+ <td class="DataTD bold"><?= _("Information") ?></td>
+ <td class="DataTD bold"><?= _("Admin") ?></td>
+ <?
+ }?>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_se()
+ * show the SE log data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are added
+ * @return
+ */
+function output_log_se($row, $support=0){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD"><?=$row['when']?></td>
+ <td class="DataTD"><?=$row['type']?></td>
+ <?if (1==$support) {
+ ?>
+ <td class="DataTD"><?=$row['information']?></td>
+ <td class="DataTD"><?=$row['fname'].' '.$row['lname']?></td>
+ <?
+ }?>
+ </tr>
+ <?
+}
+
+/**
+ * output_client_cert_header()
+ * shows the table header to the cleint cert table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_client_cert_header($support=0){
+ //should be added to account/5.php
+ ?>
+ <tr>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <? } ?>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=_("Login")?></td>
+ <?if ($support !=1) { ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <? } ?>
+ </tr>
+ <?
+}
+
+/**
+ * output_client_cert()
+ * show the client cert data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are not visible
+ * @return
+ */
+function output_client_cert($row, $support=0){
+ //should be entered in account/5.php
+ $verified="";
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
+ ?>
+ <tr>
+ <?
+ if($verified != _("Pending") && $verified != _("Revoked")) {
+ if ($support !=1) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+ <? } ?>
+ <td class="DataTD"><?=$verified?></td>
+ <? if ($support !=1) { ?>
+ <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
+ <? } ELSE {?>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <? } ?>
+ <? } else if($verified != _("Revoked")) {
+ if ($support !=1) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+ <? } ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <? } else {
+ if ($support !=1) { ?>
+ <td class="DataTD">&nbsp;</td>
+ <? } ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <? } ?>
+
+ <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+
+ <? if ($support !=1) { ?>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+ <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
+ </td>
+ <? } ELSE { ?>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?> DISABLED/>
+ </td>
+ <? }
+ if ($support !=1) { ?>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+ <? }?>
+ </tr>
+
+ <?
+}
+
+/**
+ * output_log_server_certs_header()
+ * shows the table header to the server cert table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_log_server_certs_header($support=0){
+ //should be entered in account/12.php
+ ?>
+ <tr>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <? } ?>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <?if ($support !=1) { ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <? } ?>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_server_certs()
+ * show the server cert data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are not visible
+ * @return
+ */
+function output_log_server_certs($row, $support=0){
+ //should be entered in account/12.php
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
+ ?>
+ <tr>
+ <? if ($support !=1) {
+ if($verified != _("Pending") && $verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td>
+ <? } else if($verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td>
+ <? } else { ?>
+ <td class="DataTD">&nbsp;</td>
+ <? }
+ }?>
+ <td class="DataTD"><?=$verified?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
+ <? }ELSE{ ?>
+ <td class="DataTD"><?=$row['CN']?></td>
+ <?}?>
+ <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+ <?}?>
+ </tr> <?
+}
+
+/**
+ * output_gpg_certs_header()
+ * shows the table header to the gpg cert table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_gpg_certs_header($support=0){
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=_("Key ID")?></td>
+ <?if ($support !=1) { ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <? }?>
+ </tr>
+ <?
+}
+
+/**
+ * output_gpg_certs()
+ * show the gpg cert data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are not visible
+ * @return
+ */
+function output_gpg_certs($row, $support=0){
+ //should be entered in account/55.php
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ ?>
+ <tr>
+ <? if($verified == _("Valid")) { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$row['email']?></td>
+ <? } ?>
+ <? } else if($verified == _("Pending")) { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=$row['email']?></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$row['email']?></td>
+ <? } ?>
+ <? } ?>
+ <td class="DataTD"><?=$row['expires']?></td>
+ <?if ($support != 1) { ?>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$row['keyid']?></td>
+ <? } ?>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+ <? } ?>
+ </tr>
+ <?
+}
diff --git a/includes/wot.inc.php b/includes/wot.inc.php
deleted file mode 100644
index 884b97f..0000000
--- a/includes/wot.inc.php
+++ /dev/null
@@ -1,539 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2011 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
-
- function query_init ($query)
- {
- return mysql_query($query);
- }
-
- function query_getnextrow ($res)
- {
- $row1 = mysql_fetch_assoc($res);
- return $row1;
- }
-
- function query_get_number_of_rows ($resultset)
- {
- return intval(mysql_num_rows($resultset));
- }
-
- function get_number_of_assurances ($userid)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
- $row = query_getnextrow($res);
-
- return intval($row['list']);
- }
-
- function get_number_of_assurees ($userid)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
- $row = query_getnextrow($res);
-
- return intval($row['list']);
- }
-
- function get_top_assurer_position ($no_of_assurances)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting'
- GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
- return intval(query_get_number_of_rows($res)+1);
- }
-
- function get_top_assuree_position ($no_of_assurees)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting'
- GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
- return intval(query_get_number_of_rows($res)+1);
- }
-
- function get_given_assurances ($userid)
- {
- $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
- return $res;
- }
-
- function get_received_assurances ($userid)
- {
- $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
- return $res;
- }
-
- function get_given_assurances_summary ($userid)
- {
- $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
- return $res;
- }
-
- function get_received_assurances_summary ($userid)
- {
- $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
- return $res;
- }
-
- function get_user ($userid)
- {
- $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
- return mysql_fetch_assoc($res);
- }
-
- function get_cats_state ($userid)
- {
-
- $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
- WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
- return mysql_num_rows($res);
- }
-
- function calc_experience ($row,&$points,&$experience,&$sum_experience)
- {
- $apoints = max($row['points'], $row['awarded']);
-
- $points += $apoints;
-
- $experience = "&nbsp;";
- if ($row['method'] == "Face to Face Meeting")
- {
- $sum_experience = $sum_experience +2;
- $experience = "2";
- }
- return $apoints;
- }
-
- function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded)
- {
- $awarded = calc_points($row);
-
- if ($awarded > 100)
- {
- $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
- $awarded = 100;
- }
- else
- $experience = 0;
-
- switch ($row['method'])
- {
- case 'Thawte Points Transfer':
- case 'CT Magazine - Germany':
- case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
- $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
- $experience=0;
- break;
- default:
- $points += $awarded;
- }
- $sumexperience = $sumexperience + $experience;
- }
-
-
- function show_user_link ($name,$userid)
- {
- $name = trim($name);
- if($name == "")
- {
- if ($userid == 0)
- $name = _("System");
- else
- $name = _("Deleted account");
- }
- else
- $name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>$name</a>";
- return $name;
- }
-
- function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
- {
- $num_of_assurances = get_number_of_assurances (intval($userid));
- $rank_of_assurer = get_top_assurer_position($num_of_assurances);
- }
-
- function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
- {
- $num_of_assurees = get_number_of_assurees (intval($userid));
- $rank_of_assuree = get_top_assuree_position($num_of_assurees);
- }
-
-
-// ************* html table definitions ******************
-
- function output_ranking($userid)
- {
- get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
- get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
-
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="title"><?=_("Assurer Ranking")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
- </tr>
-</table>
-<br/>
-<?
- }
-
- function output_assurances_header($title)
- {
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="7" class="title"><?=$title?></td>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("ID")?></strong></td>
- <td class="DataTD"><strong><?=_("Date")?></strong></td>
- <td class="DataTD"><strong><?=_("Who")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Location")?></strong></td>
- <td class="DataTD"><strong><?=_("Method")?></strong></td>
- <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
- </tr>
-<?
- }
-
- function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience)
- {
-?>
- <tr>
- <td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD">&nbsp;</td>
- <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
- <td class="DataTD"><?=$sumexperience?></td>
- </tr>
-</table>
-<br/>
-<?
- }
-
- function output_assurances_row($assuranceid,$date,$when,$name,$awarded,$points,$location,$method,$experience)
- {
-
- $tdstyle="";
- $emopen="";
- $emclose="";
-
- if ($awarded == $points)
- {
- if ($awarded == "0")
- {
- if ($when < "2006-09-01")
- {
- $tdstyle="style='background-color: #ffff80'";
- $emopen="<em>";
- $emclose="</em>";
- }
- }
- }
-
-?>
- <tr>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
- </tr>
-<?
- }
-
- function output_summary_header()
- {
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("Description")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Remark")?></strong></td>
- </tr>
-<?
- }
-
- function output_summary_footer()
- {
-?>
-</table>
-<br/>
-<?
- }
-
- function output_summary_row($title,$points,$points_countable,$remark)
- {
-?>
- <tr>
- <td class="DataTD"><strong><?=$title?></strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD"><?=$points_countable?></td>
- <td class="DataTD"><?=$remark?></td>
- </tr>
-<?
- }
-
-
-// ************* output given assurances ******************
-
- function output_given_assurances_content($userid,&$points,&$sum_experience)
- {
- $points = 0;
- $sumexperience = 0;
- $res = get_given_assurances(intval($userid));
- while($row = mysql_fetch_assoc($res))
- {
- $fromuser = get_user (intval($row['to']));
- $apoints = calc_experience ($row,$points,$experience,$sum_experience);
- $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
- }
- }
-
-// ************* output received assurances ******************
-
- function output_received_assurances_content($userid,&$points,&$sum_experience)
- {
- $points = 0;
- $sumexperience = 0;
- $res = get_received_assurances(intval($userid));
- while($row = mysql_fetch_assoc($res))
- {
- $fromuser = get_user (intval($row['from']));
- calc_assurances ($row,$points,$experience,$sum_experience,$awarded);
- $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
- }
- }
-
-// ************* output summary table ******************
-
- function check_date_limit ($userid,$age)
- {
- $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
- $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
- return intval(query_get_number_of_rows($res));
- }
-
- function calc_points($row)
- {
- $awarded = intval($row['awarded']);
- if ($awarded == "")
- $awarded = 0;
- if (intval($row['points']) < $awarded)
- $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value
- else
- $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value
- switch ($row['method'])
- {
- case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
- case 'CT Magazine - Germany': // revoke c't (only one test-entry)
- case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
- $points = 0;
- break;
- case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
- if ($points <= 2) // maybe limit to 35/50 pts in the future?
- $points = 0;
- break;
- case 'Unknown': // to be revoked in the future? limit to max 50 pts?
- case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
- case '': // to be revoked in the future? limit to max 50 pts?
- case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
- break;
- default: // should never happen ... ;-)
- $points = 0;
- }
- if ($points < 0) // ignore negative points (bug needs to be fixed)
- $points = 0;
- return $points;
- }
-
- function max_points($userid)
- {
- return output_summary_content ($userid,0);
- }
-
- function output_summary_content($userid,$display_output)
- {
- $sum_points = 0;
- $sum_experience = 0;
- $sum_experience_other = 0;
- $max_points = 100;
- $max_experience = 50;
-
- $experience_limit_reached_txt = _("Limit reached");
-
- if (check_date_limit($userid,18) != 1)
- {
- $max_experience = 10;
- $experience_limit_reached_txt = _("Limit given by PoJAM reached");
- }
- if (check_date_limit($userid,14) != 1)
- {
- $max_experience = 0;
- $experience_limit_reached_txt = _("Limit given by PoJAM reached");
- }
-
- $res = get_received_assurances_summary($userid);
- while($row = mysql_fetch_assoc($res))
- {
- $points = calc_points ($row);
-
- if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
- {
- $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
- $points = $max_points;
- }
- $sum_points += $points*intval($row['number']);
- }
-
- $res = get_given_assurances_summary($userid);
- while($row = mysql_fetch_assoc($res))
- {
- switch ($row['method'])
- {
- case 'Face to Face Meeting': // count Face to Face only
- $sum_experience += 2*intval($row['number']);
- break;
- }
-
- }
-
- if ($sum_points > $max_points)
- {
- $sum_points_countable = $max_points;
- $remark_points = _("Limit reached");
- }
- else
- {
- $sum_points_countable = $sum_points;
- $remark_points = "&nbsp;";
- }
- if ($sum_experience > $max_experience)
- {
- $sum_experience_countable = $max_experience;
- $remark_experience = $experience_limit_reached_txt;
- }
- else
- {
- $sum_experience_countable = $sum_experience;
- $remark_experience = "&nbsp;";
- }
-
- if ($sum_experience_countable + $sum_experience_other > $max_experience)
- {
- $sum_experience_other_countable = $max_experience-$sum_experience_countable;
- $remark_experience_other = $experience_limit_reached_txt;
- }
- else
- {
- $sum_experience_other_countable = $sum_experience_other;
- $remark_experience_other = "&nbsp;";
- }
-
- if ($sum_points_countable < $max_points)
- {
- if ($sum_experience_countable != 0)
- $remark_experience = _("Points on hold due to less assurance points");
- $sum_experience_countable = 0;
- if ($sum_experience_other_countable != 0)
- $remark_experience_other = _("Points on hold due to less assurance points");
- $sum_experience_other_countable = 0;
- }
-
- $issue_points = 0;
- $cats_test_passed = get_cats_state ($userid);
- if ($cats_test_passed == 0)
- {
- $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
- if ($sum_points_countable < $max_points)
- {
- $issue_points_txt = "<strong style='color: red'>";
- $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
- $issue_points_txt .= "</strong>";
- }
- }
- else
- {
- $experience_total = $sum_experience_countable+$sum_experience_other_countable;
- $issue_points_txt = "";
- if ($sum_points_countable == $max_points)
- $issue_points = 10;
- if ($experience_total >= 10)
- $issue_points = 15;
- if ($experience_total >= 20)
- $issue_points = 20;
- if ($experience_total >= 30)
- $issue_points = 25;
- if ($experience_total >= 40)
- $issue_points = 30;
- if ($experience_total >= 50)
- $issue_points = 35;
- if ($issue_points != 0)
- $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
- }
- if ($display_output)
- {
- output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
- output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
- output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
- output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
- }
- return $issue_points;
- }
-
- function output_given_assurances($userid)
- {
- output_assurances_header(_("Assurance Points You Issued"));
- output_given_assurances_content($userid,$points,$sum_experience);
- output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience);
- }
-
- function output_received_assurances($userid)
- {
- output_assurances_header(_("Your Assurance Points"));
- output_received_assurances_content($userid,$points,$sum_experience);
- output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience);
- }
-
- function output_summary($userid)
- {
- output_summary_header();
- output_summary_content($userid,1);
- output_summary_footer();
- }
-
- function output_end_of_page()
- {
-?>
- <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
-<?
- }
-?>
diff --git a/locale/.gitignore b/locale/.gitignore
index 94fd7c6..ac93223 100644
--- a/locale/.gitignore
+++ b/locale/.gitignore
@@ -1,5 +1,6 @@
# Language files are imported from translingo
# => Ignore them
-# Use make.php if you need new ones
+# Use make if you need new ones
*.po
+*.pot
*.mo
diff --git a/locale/Makefile b/locale/Makefile
new file mode 100644
index 0000000..4215a4f
--- /dev/null
+++ b/locale/Makefile
@@ -0,0 +1,184 @@
+#
+# This Makefile will download the translations from our translation server (if
+# they don't exist yet) and compile them. Try target help for more information
+#
+
+################################################################################
+### Download ###
+################################################################################
+
+DOWNLOAD_SERVER := translations.cacert.org
+PO_URL_TEMPLATE := http://$(DOWNLOAD_SERVER)/export/cacert/%/messages.po
+
+# Only use languages that have 10% or more of translated strings
+AUTO_LANGS := \
+en \
+de \
+nl \
+pt_BR \
+fr \
+sv \
+it \
+es \
+hu \
+fi \
+ja \
+bg \
+pt \
+da \
+pl \
+zh_CN \
+ru \
+lv \
+cs \
+zh_TW \
+el \
+tr \
+ar \
+
+LANGS := \
+ar \
+bg \
+cs \
+da \
+de \
+el \
+en \
+es \
+fa \
+fi \
+fr \
+he \
+hr \
+hu \
+id \
+is \
+it \
+ja \
+ka \
+ko \
+lv \
+nb \
+nl \
+pl \
+pt \
+pt_BR \
+ro \
+ru \
+sl \
+sv \
+th \
+tr \
+uk \
+zh_CN \
+zh_TW \
+
+
+PO_FILE_TEMPLATE := %/messages.po
+MO_FILE_TEMPLATE := %/LC_MESSAGES/messages.mo
+
+
+# target: all - Build locales downloading po files
+.PHONY: all
+all: $(AUTO_LANGS)
+
+
+# target: help - Display callable targets
+.PHONY: help
+help:
+ @egrep "^# target:" [Mm]akefile
+
+
+# target: clean - remove the build directories
+RM := rm -rf
+.PHONY: clean
+clean:
+ -$(RM) $(LANGS:%=%/)
+
+
+# target: <lang> - build this particular language
+.PHONY: $(LANGS)
+$(LANGS): %: $(MO_FILE_TEMPLATE)
+
+
+$(LANGS:%=$(MO_FILE_TEMPLATE)): $(MO_FILE_TEMPLATE): $(PO_FILE_TEMPLATE)
+ mkdir -p $(@D)
+#filter obsolete translations
+ grep --invert-match '^#~ ' $< | \
+ msgfmt --check --output-file $@ -
+
+
+.PHONY: $(LANGS:%=$(PO_FILE_TEMPLATE))
+$(LANGS:%=$(PO_FILE_TEMPLATE)):
+ mkdir -p $(@D)
+ wget --output-document - '$(@:$(PO_FILE_TEMPLATE)=$(PO_URL_TEMPLATE))' | \
+ php -f escape_special_chars.php \
+ > $@
+
+
+
+
+################################################################################
+### Upload ###
+################################################################################
+
+UPLOAD_SERVER := $(DOWNLOAD_SERVER)
+SSH_USER := critical
+SSH_OPTIONS :=
+SCP_OPTIONS := $(SSH_OPTIONS)
+
+FILE_OWNER := www-data
+
+POT_UPLOAD_PATH := /var/www/Pootle/po/cacert/templates/messages.pot
+MANAGE_PY := /var/www/Pootle/manage.py
+
+VERSION := Production
+DESCRITPION := LibreSSL - CAcert web application (localisation files)
+COPYRIGHT_YEAR := 2004-$(shell date +\%Y)
+PACKAGE := LibreSSL
+
+GETTEXT_FILE_PATTERN := \
+../CommModule/client.pl \
+../includes/*.php \
+../includes/*/*.php \
+../pages/*/*.php \
+../scripts/*.php \
+../www/*.php \
+../www/*/*.php \
+# ../tverify/*.php \
+# ../tverify/*/*.php \
+
+GETTEXT_FILES := $(wildcard $(GETTEXT_FILE_PATTERN))
+
+# target: template - create the gettext template file, if you want to upload it
+# target: onto the translation server you can directly use the
+# target: target "upload"
+.PHONY: template
+template: messages.pot
+
+# target: template.clean - remove anything that was created during the build of
+# target: the template file
+.PHONY: template.clean
+template.clean:
+ -$(RM) messages.pot
+
+
+# target: upload - upload the template to the translation server
+.PHONY: upload
+upload: messages.pot
+ scp $(SCP_OPTIONS) messages.pot $(SSH_USER)@$(UPLOAD_SERVER):$(POT_UPLOAD_PATH)
+ ssh $(SSH_OPTIONS) $(SSH_USER)@$(UPLOAD_SERVER) "sudo -u $(FILE_OWNER) pootle-update cacert"
+
+# target: upload.clean - remove anything that was created during the upload
+.PHONY: upload.clean
+upload.clean: template.clean
+
+messages.pot: $(GETTEXT_FILES)
+ xgettext --output - --sort-by-file --copyright-holder "CAcert Inc." \
+ --package-name "CAcert" --package-version "$(VERSION)" \
+ --msgid-bugs-address "translations-admin@cacert.org" \
+ --add-comments=TRANSLATORS $^ | \
+ # replace place holders in the lines before the first msgid\
+ sed '1,/^msgid/ { s/SOME DESCRIPTIVE TITLE/$(DESCRITPION)/; s/YEAR/$(COPYRIGHT_YEAR)/; s/PACKAGE/$(PACKAGE)/ }' \
+ > $@
+
diff --git a/locale/escape_special_chars.php b/locale/escape_special_chars.php
new file mode 100644
index 0000000..0f494f1
--- /dev/null
+++ b/locale/escape_special_chars.php
@@ -0,0 +1,80 @@
+#!/usr/bin/php -q
+<?php
+/*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2012 CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+/* Convert special characters in UTF-8 encoded PO files to HTML entities */
+
+define('MSGSTR', 'msgstr');
+define('MSGSTR_LEN', strlen(MSGSTR));
+define('MSGID', 'msgid');
+define('MSGID_LEN', strlen(MSGID));
+
+function is_msgstr($line) {
+ if (strlen($line) < MSGSTR_LEN) {
+ return false;
+ }
+
+ return substr_compare($line, MSGSTR, 0, MSGSTR_LEN) === 0;
+}
+
+function is_msgid($line) {
+ if (strlen($line) < MSGID_LEN) {
+ return false;
+ }
+
+ return substr_compare($line, MSGID, 0, MSGID_LEN) === 0;
+}
+
+
+////////////// Main //////////////
+
+// Skip the metadata (first msgid/msgstr pair)
+while (!feof(STDIN)) {
+ $line = fgets(STDIN);
+
+ echo $line;
+
+ if (is_msgstr($line)) {
+ break;
+ }
+}
+
+// determines if the current line belongs to a msgid or a msgstr
+$msgstr = false;
+
+while (!feof(STDIN)) {
+ $line = fgets(STDIN);
+
+ if (is_msgstr($line)) {
+ $msgstr = true;
+ } elseif (is_msgid($line)) {
+ $msgstr = false;
+ }
+
+ if ($msgstr) {
+ // Escape everything that has a special HTML entity such as
+ // &gt; or &auml; except quote characters
+ $line = htmlentities($line, ENT_NOQUOTES, "UTF-8");
+
+ // Escape everything else -> all characters that don't have a special
+ // HTML entity but are outside the ASCII range
+ $line = mb_convert_encoding($line, "HTML-ENTITIES", "UTF-8");
+ }
+ echo $line;
+}
diff --git a/locale/make.php b/locale/make.php
deleted file mode 100755
index 859d75e..0000000
--- a/locale/make.php
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/bin/php -q
-<?
- $lang = array( "bg" => "bg_BG", "da" => "da_DK", "de" => "de_DE", "es" => "es_ES",
- "fr" => "fr_FR", "fi" => "fi_FI", "he" => "he_IL", "hr" => "hr_HR",
- "hu" => "hu_HU", "it" => "it_IT", "ja" => "ja_JP", "nl" => "nl_NL",
- "pt" => "pt_PT", "ro" => "ro_RO", "ru" => "ru_RU", "fa" => "fa_IR",
- "sv" => "sv_SE", "tr" => "tr_TR", "zh" => "zh_CN", "ar" => "ar_SY",
- "el" => "el_GR", "tl" => "tl_PH", "pl" => "pl_PL", "cs" => "cs_CZ",
- "ka" => "ka_GE", "is" => "is_IS", "ko" => "ko_KR", "nb" => "nb_NO");
-
- if($argc > 1)
- {
- foreach($argv as $key)
- {
- $val = $lang[$key];
- if($val != "")
- {
- $do = `wget -O $key.po "http://translingo.cacert.org/export2.php?pid=1&editlanguage=$val" 2>&1`;
-echo $do;
- echo `mkdir -p $key/LC_MESSAGES/`;
- $do = `msgfmt -o $key/LC_MESSAGES/messages.mo $key.po 2>&1`;
-echo $do;
- }
- }
- } else {
- foreach($lang as $key => $val)
- {
- $do = `wget -O $key.po "http://translingo.cacert.org/export2.php?pid=1&editlanguage=$val" 2>&1`;
-echo $do;
- echo `mkdir -p $key/LC_MESSAGES/`;
- $do = `msgfmt -o $key/LC_MESSAGES/messages.mo $key.po 2>&1`;
-echo $do;
- }
- }
-?>
diff --git a/pages/account/0.php b/pages/account/0.php
index 84b581e..b9b150c 100644
--- a/pages/account/0.php
+++ b/pages/account/0.php
@@ -29,5 +29,4 @@
<p><?=_("Once you have verified your company you will see these menu options. They allow you to issue as many certificates as you like without proving individual email accounts as you like, further more you are able to get your company details on the certificate.")?></p>
<h4><?=_("CAcert Web of Trust")?></h4>
<p><?=_("The Web of Trust system CAcert uses is similar to that many involved with GPG/PGP use, they hold face to face meetings to verify each others photo identities match their GPG/PGP key information. CAcert differs however in that we have modified things to work within the PKI framework, for you to gain trust in the system you must first locate someone already trusted. The trust person depending how many people they've trusted or meet before will determine how many points they can issue to you (the number of points they can issue is listed in the locate assurer section). Once you've met up you can show your ID and you will need to fill out a CAP form which the person assuring your details must retain for verification reasons.")?></p>
-<p><b><?=_("The former TTP (Trusted Third Party) System has been stopped, and is currently not available.")?></b></p>
-<? // "You can also get trust points via the Trust Third Party system where you go to a lawyer, bank manager, accountant, or public notary/juctise of the peace and they via your ID and fill in the TTP form to state they have viewed your ID documents and it appears authentic and true. More information on the TTP system can be found in the TTP sub-menu</p> ?>
+<p><b><?=sprintf(_("For information about the TTP-assisted-assurance program please read %s"),"<a href='//wiki.cacert.org/TTP/TTPuser'>https://wiki.cacert.org/TTP/TTPuser</a>","<a href='//wiki.cacert.org/TTP/TTPAL'>https://wiki.cacert.org/TTP/TTPAL</a>")?></b></p>
diff --git a/pages/account/10.php b/pages/account/10.php
index 704a05c..8908400 100644
--- a/pages/account/10.php
+++ b/pages/account/10.php
@@ -17,7 +17,7 @@
*/
include_once("../includes/shutdown.php");
?>
-<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3>
+<h3><?=_("CAcert Certificate Acceptable Use Policy")?></h3>
<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>
<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>
@@ -26,16 +26,21 @@
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
-<p><b>*** <?=_("Please Note. All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not. If you are a valid organisation and would like more details to appear on certificates, you will need to have at least 50 assurance points and you need to send us a copy of your document of incorporation. Then we can add those details to your certificates. Contact us for more information on our organisational services.")?> ***</b></p>
+<p><b>*** <?=_("Please note: All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not.")?> ***</b></p>
+<p><?=_("If you are a valid organisation and would like the organisation name in the certificates you can apply for an organisation assurance. Contact us via support@cacert.org for more information.")?></p>
<form method="post" action="account.php">
<? if($_SESSION['profile']['points'] >= 50) { ?>
-<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
-<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
+<input type="radio" name="rootcert" value="1"/> <?=_("Sign by class 1 root certificate")?><br />
+<input type="radio" name="rootcert" value="2" checked/> <?=_("Sign by class 3 root certificate")?><br />
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<? } ?>
+<p><?=_("Optional comment, only used in the certificate overview")?><br>
+ <input type="text" name="description" maxlength="80" size=80/></p>
<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p>
-<textarea name="CSR" cols="80" rows="15"></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<textarea name="CSR" cols="80" rows="15"></textarea><br />
+<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
+ <?=_("Please Note: You need to accept the CCA to proceed.")?></p>
+<input type="submit" name="process" value="<?=_("Submit")?>" />
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
diff --git a/pages/account/12.php b/pages/account/12.php
index 44926ca..9058a07 100644
--- a/pages/account/12.php
+++ b/pages/account/12.php
@@ -19,24 +19,26 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
</tr>
<?
$query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
`domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
- UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
+ `domaincerts`.`description`
from `domaincerts`,`domains`
- where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` ";
+ where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` ";
if($viewall != 1)
{
$query .= "AND `revoked`=0 AND `renewed`=0 ";
@@ -49,7 +51,7 @@
{
?>
<tr>
- <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td>
+ <td colspan="8" class="DataTD"><?=_("No certificates are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -62,31 +64,46 @@
$verified = _("Pending");
if($row['revoked'] > 0)
$verified = _("Revoked");
- if($row['revoked'] == 0)
- $row['revoke'] = _("Not Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
?>
<tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td>
<? } else if($verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
+ <td class="DataTD" colspan="8">
+ <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="8">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>"/>&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"/> </td>
</tr>
<? } ?>
+ <tr>
+ <td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
+ </tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
-<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" />
+<input type="hidden" name="oldid" value="<?=$id?>"/>
+<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/>
</form>
-<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
diff --git a/pages/account/13.php b/pages/account/13.php
index e8dad73..ea9811a 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -16,30 +16,33 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
- $res = mysql_query($query);
- $user = mysql_fetch_assoc($res);
+ $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ $user = mysql_fetch_assoc($res);
- $year = intval(substr($user['dob'], 0, 4));
- $month = intval(substr($user['dob'], 5, 2));
- $day = intval(substr($user['dob'], 8, 2));
+ $year = intval(substr($user['dob'], 0, 4));
+ $month = intval(substr($user['dob'], 5, 2));
+ $day = intval(substr($user['dob'], 8, 2));
+ $showdetails = array_key_exists('showdetails', $_REQUEST) && !!intval($_REQUEST['showdetails']);
+ if($showdetails){
+ $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
+ $body .= _("You receive this automatic mail since you yourself or someone ".
+ "else looked up your secret questions and answers for a forgotten ".
+ "password.\n\n".
+ "If it was you who looked up or changed that data, or clicked ".
+ "through the menu in your account, everything is in best order ".
+ "and you can ignore this mail.\n\n".
+ "But if you received this mail without a recognisable reason, ".
+ "there is a danger that an unauthorised person accessed your ".
+ "account, and you should promptly change your password and your ".
+ "secret questions and answers.")."\n\n";
- $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
- $body .= _("You receive this automatic mail since you yourself or")."\n";
- $body .= _("someone else looked up your secret questions and answers")."\n";
- $body .= _("for a forgotten password.")."\n\n";
- $body .= _("If it was you who looked up or changed that data, or clicked")."\n";
- $body .= _("through the menu in your account, everything is in best order and")."\n";
- $body .= _("you can ignore this mail.")."\n\n";
- $body .= _("But if you received this mail without a recognisable reason,")."\n";
- $body .= _("there is a danger that an unauthorised person accessed your")."\n";
- $body .= _("account, and you should promptly change your password and your")."\n";
- $body .= _("secret questions and answers.")."\n\n";
+ $body .= _("Best regards")."\n"._("CAcert Support");
- $body .= _("With kind regards,")."\n\n"._("CAcert Support");
-
- sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support");
+ sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support");
+ }
?>
+
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
@@ -70,24 +73,24 @@
(<?=_("dd/mm/yyyy")?>)</td>
<td class="DataTD"><nobr><select name="day">
<?
- for($i = 1; $i <= 31; $i++)
- {
- echo "<option";
- if($day == $i)
- echo " selected='selected'";
- echo ">$i</option>";
- }
+ for($i = 1; $i <= 31; $i++)
+ {
+ echo "<option";
+ if($day == $i)
+ echo " selected='selected'";
+ echo ">$i</option>";
+ }
?>
</select>
<select name="month">
<?
- for($i = 1; $i <= 12; $i++)
- {
- echo "<option value='$i'";
- if($month == $i)
- echo " selected='selected'";
- echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>";
- }
+ for($i = 1; $i <= 12; $i++)
+ {
+ echo "<option value='$i'";
+ if($month == $i)
+ echo " selected='selected'";
+ echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>";
+ }
?>
</select>
<input type="text" name="year" value="<?=$year?>" size="4"></nobr>
@@ -115,18 +118,25 @@
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?><br>
- (<?=_("dd/mm/yyyy")?>)</td>
+ (<?=_("dd/mm/yyyy")?>)</td>
<td class="DataTD"><?=$day?> <?=ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$month,1,1))))?> <?=$year?></td>
</tr>
<? } ?>
<tr>
+ <td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=$_SESSION['profile']['id']?>"><?=_('Show account history')?></a></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=!$showdetails?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
+ </tr>
+ <? if($showdetails){ ?>
+ <tr>
<td class="DataTD"><?=_("OTP Hash")?><br>
- (<?=_("Not displayed")?>)</td>
+ (<?=_("Not displayed")?>)</td>
<td class="DataTD"><input type="text" name="otphash"></td>
</tr>
<tr>
<td class="DataTD"><?=_("OTP PIN")?><br>
- (<?=_("Not displayed")?>)</td>
+ (<?=_("Not displayed")?>)</td>
<td class="DataTD"><input type="text" name="otppin"></td>
</tr>
<tr>
@@ -153,6 +163,7 @@
<td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td>
</tr>
<tr>
+ <? } ?>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
</tr>
</table>
diff --git a/pages/account/16.php b/pages/account/16.php
index 514ecfd..564463e 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -29,25 +29,25 @@
foreach($_SESSION['_config']['emails'] as $val) { ?>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td>
+ <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"/></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="emails[]"></td>
+ <td class="DataTD"><input type="text" name="emails[]"/></td>
</tr>
<tr>
<td class="DataTD"><?=_("Name")?>:</td>
- <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"></td>
+ <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td>
</tr>
<tr>
<td class="DataTD"><?=_("Department")?>:</td>
- <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"></td>
+ <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
- <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
+ <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br />
+ <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?>
</td>
</tr>
@@ -56,9 +56,15 @@
<td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td>
</tr>
<? } ?>
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <?=_("Optional comment, only used in the certificate overview")?><br />
+ <input type="text" name="description" maxlength="80" size=80 />
+ </td>
+ </tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>">
- <input type="submit" name="process" value="<?=_("Next")?>"></td>
+ <input type="submit" name="process" value="<?=_("Next")?>" /></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
diff --git a/pages/account/17.php b/pages/account/17.php
index 2ba5390..8ac8b65 100644
--- a/pages/account/17.php
+++ b/pages/account/17.php
@@ -14,124 +14,6 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
-<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
-<?=_("You must enable ActiveX for this to work.")?>
-</object>
-<form method="post" action="account.php" name="CertReqForm"><p>
-<input type="hidden" name="session" value="UsedXenroll">
-<?=_("Key Strength:")?> <select name="CspProvider"></select>
-<input type="hidden" name="oldid" value="<?=$id?>">
-<INPUT TYPE=HIDDEN NAME="CSR">
-<input type="hidden" name="keytype" value="MS">
-<?=_("'Enhanced Provider' is generally the best option, which has a key size of 1024bit. If you need a bigger key size you will need to use a different browser.")?>
-<input type="submit" name="GenReq" value="Create Certificate"><br>
-</p></form>
-<script type="text/vbscript" language="vbscript">
-<!--
-Function GetProviderList()
- Dim CspList, cspIndex, ProviderName
- On Error Resume Next
+*/
- count = 0
- base = 0
- enhanced = 0
- CspList = ""
- ProviderName = ""
-
- For ProvType = 0 to 13
- cspIndex = 0
- cec.ProviderType = ProvType
- ProviderName = cec.enumProviders(cspIndex,0)
-
- while ProviderName <> ""
- Set oOption = document.createElement("OPTION")
- oOption.text = ProviderName
- oOption.value = ProvType
- Document.CertReqForm.CspProvider.add(oOption)
- if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
- base = count
- end if
- if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
- enhanced = count
- end if
- cspIndex = cspIndex +1
- ProviderName = ""
- ProviderName = cec.enumProviders(cspIndex,0)
- count = count + 1
- wend
- Next
- Document.CertReqForm.CspProvider.selectedIndex = base
- if enhanced then
- Document.CertReqForm.CspProvider.selectedIndex = enhanced
- end if
-End Function
-
-Function CSR(keyflags)
- CSR = ""
- szName = ""
- cec.HashAlgorithm = "MD5"
- err.clear
- On Error Resume Next
- set options = document.all.CspProvider.options
- index = options.selectedIndex
- cec.providerName = options(index).text
- tmpProviderType = options(index).value
- cec.providerType = tmpProviderType
- cec.KeySpec = 2
- if tmpProviderType < 2 Then
- cec.KeySpec = 1
- end if
- cec.GenKeyFlags = &h04000001 OR keyflags
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- cec.GenKeyFlags = &h04000000 OR keyflags
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
- if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
- cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
- else
- Exit Function
- end if
- end if
- cec.GenKeyFlags = 1 OR keyflags
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- cec.GenKeyFlags = keyflags
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- cec.GenKeyFlags = 0
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-End Function
-
-Sub GenReq_OnClick
- Dim TheForm
- Set TheForm = Document.CertReqForm
- err.clear
- result = CSR(2)
- if len(result)=0 Then
- result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
- Exit Sub
- end if
- TheForm.CSR.Value = result
- TheForm.Submit
- Exit Sub
-End Sub
-
-GetProviderList()
--->
-</script>
-<? } else { ?>
-<p>
-<form method="post" action="account.php">
-<input type="hidden" name="keytype" value="NS">
-<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
-
-
-<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
-</p>
-<? } ?>
+require_once($_SESSION['_config']['filepath'].'/includes/keygen.php');
diff --git a/pages/account/18.php b/pages/account/18.php
index 13dcc30..9ab13b2 100644
--- a/pages/account/18.php
+++ b/pages/account/18.php
@@ -14,60 +14,143 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
+*/
+
+$orgfilterid = array_key_exists('orgfilterid',$_SESSION['_config']) ? intval($_SESSION['_config']['orgfilterid']) : 0;
+$sorting = array_key_exists('sorting',$_SESSION['_config']) ? intval($_SESSION['_config']['sorting']) : 0;
+$status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_config']['status']) : 0;
+?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="9" class="title"><?=_("Organisation Client Certificates")?> </td>
</tr>
<tr>
- <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
- <td class="DataTD"><?=_("Status")?></td>
- <td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
- <td class="DataTD"><?=_("Revoked")?></td>
- <td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="9" class="title"><?=_("Filter/Sorting")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Organisation")?></td>
+ <td colspan="8" class="DataTD" >
+ <select name="orgfilterid">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $orgfilterid ? " selected" : "" ,_("All")) ?>
+<? $query = "select `orginfo`.`O`, `orginfo`.`id`
+ from `org`, `orginfo`
+ where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid`
+ ORDER BY `orginfo`.`O` ";
+ $reso = mysql_query($query);
+ if(mysql_num_rows($reso) >= 1){
+ while($row = mysql_fetch_assoc($reso)){
+ printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']);
+ }
+ }?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Sorting")?></td>
+ <td colspan="8" class="DataTD" >
+ <select name="sorting">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $sorting ? " selected" : "" ,_("expire date (desc)")) ?>
+ <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $sorting ? " selected" : "" ,_("OU, expire date (desc)")) ?>
+ <?=sprintf('<option value="%d"%s>%s</option>',2, 2 == $sorting ? " selected" : "" ,_("Common name, expire date (desc)")) ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Certificate status")?></td>
+ <td colspan="8" class="DataTD" >
+ <select name="status">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $status ? " selected" : "" ,_("Current/Active")) ?>
+ <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $status ? " selected" : "" ,_("All")) ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="9"><input type="submit" name="reset" value="<?=_("Reset")?>" />&nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" name="filter" value="<?=_("Apply filter/sort")?>" /></td>
+ </tr>
+ <tr>
+ <td colspan="9" class="DataTD"> </td>
+ </tr>
<?
- $query = "select UNIX_TIMESTAMP(`oemail`.`created`) as `created`,
- UNIX_TIMESTAMP(`oemail`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
- UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
- `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`,
- UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
- `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`
- from `orgemailcerts` as `oemail`, `org`
- where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
- `org`.`orgid`=`oemail`.`orgid` ";
- if($viewall != 1)
- {
- $query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 ";
- $query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
- }
- $query .= "ORDER BY `oemail`.`modified` desc";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
+ $query = "select UNIX_TIMESTAMP(`oemail`.`created`) as `created`,
+ UNIX_TIMESTAMP(`oemail`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
+ `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
+ `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`,
+ `oemail`.`description`, `oemail`.`ou`, `orginfo`.`O`
+ from `orgemailcerts` as `oemail`, `org`, `orginfo`
+ where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
+ `org`.`orgid`=`oemail`.`orgid` and `orginfo`.`id` = `org`.`orgid`";
+ if($orgfilterid>0)
+ {
+ $query .= "AND `org`.`orgid`=$orgfilterid ";
+ }
+
+ if(0==$status)
+ {
+ $query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 ";
+ $query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
+ }
+ switch ($sorting){
+ case 0:
+ $query .= "ORDER BY `orginfo`.`O`, `oemail`.`expire` desc";
+ break;
+ case 1:
+ $query .= "ORDER BY `orginfo`.`O`, `oemail`.`ou`, `oemail`.`expire` desc";
+ break;
+ case 2:
+ $query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `oemail`.`expire` desc";
+ break;
+ }
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
?>
+
<tr>
- <td colspan="6" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+ <td colspan="9" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
- {
- if($row['timeleft'] > 0)
- $verified = _("Valid");
- if($row['timeleft'] < 0)
- $verified = _("Expired");
- if($row['expired'] == 0)
- $verified = _("Pending");
- if($row['revoked'] > 0)
- $verified = _("Revoked");
- if($row['revoked'] == 0)
- $row['revoke'] = _("Not Revoked");
+ $orgname='';
+ while($row = mysql_fetch_assoc($res))
+ {
+ if ($row['O']<>$orgname) {
+ $orgname=$row['O'];?>
+ <tr>
+ <td colspan="9" class="title"></td>
+ </tr>
+ <tr>
+ <td colspan="9" class="title"><? printf(_("Certificates for %s"), $orgname)?> </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("OU/Department")?></td>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ </tr>
+ <?
+ }
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
?>
<tr>
-<? if($verified == _("Valid") || $verified == _("Expired")) { ?>
+ <td class="DataTD"><?=$row['ou']?></td>
+ <? if($verified == _("Valid") || $verified == _("Expired")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
@@ -80,18 +163,28 @@
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
<? } ?>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<tr>
+ <td class="DataTD" colspan="9">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
<td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
- <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="9"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
</tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
-</form>
-<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
+</form> \ No newline at end of file
diff --git a/pages/account/20.php b/pages/account/20.php
index 510b708..ee16dd4 100644
--- a/pages/account/20.php
+++ b/pages/account/20.php
@@ -17,7 +17,7 @@
*/
include_once("../includes/shutdown.php");
?>
-<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3>
+<h3><?=_("CAcert Certificate Acceptable Use Policy")?></h3>
<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>
<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>
@@ -27,11 +27,13 @@
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<form method="post" action="account.php">
-<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
-<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
+<input type="radio" name="rootcert" value="1" /> <?=_("Sign by class 1 root certificate")?><br />
+<input type="radio" name="rootcert" value="2" checked /> <?=_("Sign by class 3 root certificate")?><br />
+<p> <?=_("Optional comment, only used in the certificate overview")?><br />
+ <input type="text" name="description" maxlength="80" size=80 /></p>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<p><?=_("Paste your CSR below...")?></p>
-<textarea name="CSR" cols="80" rows="15"></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
+<textarea name="CSR" cols="80" rows="15"></textarea><br />
+<input type="submit" name="process" value="<?=_("Submit")?>" />
+<input type="hidden" name="oldid" value="<?=$id?>" />
+</form> \ No newline at end of file
diff --git a/pages/account/22.php b/pages/account/22.php
index 9df8200..0413da0 100644
--- a/pages/account/22.php
+++ b/pages/account/22.php
@@ -14,56 +14,137 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
+*/
+
+$orgfilterid = array_key_exists('dorgfilterid',$_SESSION['_config']) ? intval($_SESSION['_config']['dorgfilterid']) : 0;
+$sorting = array_key_exists('dsorting',$_SESSION['_config']) ? intval($_SESSION['_config']['dsorting']) : 0;
+$status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_config']['dstatus']) : 0;
+?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="8" class="title"><?=_("Organisation Server Certificates")?> </td>
</tr>
<tr>
- <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
- <td class="DataTD"><?=_("Status")?></td>
- <td class="DataTD"><?=_("CommonName")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
- <td class="DataTD"><?=_("Revoked")?></td>
- <td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="8" class="title"><?=_("Filter/Sorting")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Organisation")?></td>
+ <td colspan="7" class="DataTD" >
+ <select name="dorgfilterid">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $orgfilterid ? " selected" : "" ,_("All")) ?>
+<? $query = "select `orginfo`.`O`, `orginfo`.`id`
+ from `org`, `orginfo`
+ where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orginfo`.`id` = `org`.`orgid`
+ ORDER BY `orginfo`.`O` ";
+ $reso = mysql_query($query);
+ if(mysql_num_rows($reso) >= 1){
+ while($row = mysql_fetch_assoc($reso)){
+ printf('<option value="%d"%s>%s</option>',$row['id'], $row['id'] == $orgfilterid ? " selected" : "" , $row['O']);
+ }
+ }?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Sorting")?></td>
+ <td colspan="7" class="DataTD" >
+ <select name="dsorting">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $sorting ? " selected" : "" ,_("expire date (desc)")) ?>
+ <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $sorting ? " selected" : "" ,_("Common name, expire date (desc)")) ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Certificate status")?></td>
+ <td colspan="7" class="DataTD" >
+ <select name="dstatus">
+ <?=sprintf('<option value="%d"%s>%s</option>',0, 0 == $status ? " selected" : "" ,_("Current/Active")) ?>
+ <?=sprintf('<option value="%d"%s>%s</option>',1, 1 == $status ? " selected" : "" ,_("All")) ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="8"><input type="submit" name="reset" value="<?=_("Reset")?>" />&nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" name="filter" value="<?=_("Apply filter/sort")?>" /></td>
+ </tr>
+ <tr>
+ <td colspan="9" class="DataTD"> </td>
+ </tr>
+
<?
- $query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`,
- UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
- UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`,
- `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
- UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
- `orgdomaincerts`.`serial`,
- `orgdomaincerts`.`id` as `id`
- from `orgdomaincerts`,`org`
- where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
- if($viewall != 1)
- {
- $query .= "AND `revoked`=0 AND `renewed`=0 ";
- $query .= "HAVING `timeleft` > 0 ";
- }
- $query .= "ORDER BY `orgdomaincerts`.`modified` desc";
+ $query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`,
+ `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
+ `orgdomaincerts`.`serial`,
+ `orgdomaincerts`.`id` as `id`,
+ `orgdomaincerts`.`description`, `orginfo`.`O`
+ from `orgdomaincerts`,`org`, `orginfo`
+ where `org`.`memid`='".intval($_SESSION['profile']['id'])."'
+ and `orgdomaincerts`.`orgid`=`org`.`orgid` and `orginfo`.`id` = `org`.`orgid`";
+
+ if($orgfilterid>0)
+ {
+ $query .= "AND `org`.`orgid`=$orgfilterid ";
+ }
+
+ if(0==$status)
+ {
+ $query .= "AND `revoked`=0 AND `renewed`=0 ";
+ $query .= "HAVING `timeleft` > 0 ";
+ }
+ switch ($sorting){
+ case 0:
+ $query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`expire` desc";
+ break;
+ case 1:
+ $query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`CN`, `orgdomaincerts`.`expire` desc";
+ break;
+ }
+
+
//echo $query."<br>\n";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
?>
<tr>
- <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td>
+ <td colspan="8" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr>
<? } else {
- while($row = mysql_fetch_assoc($res))
- {
- if($row['timeleft'] > 0)
- $verified = _("Valid");
- if($row['timeleft'] < 0)
- $verified = _("Expired");
- if($row['expired'] == 0)
- $verified = _("Pending");
- if($row['revoked'] > 0)
- $verified = _("Revoked");
+ $orgname='';
+ while($row = mysql_fetch_assoc($res))
+ {
+ if ($row['O']<>$orgname) {
+ $orgname=$row['O'];?>
+ <tr>
+ <td colspan="9" class="title"></td>
+ </tr>
+ <tr>
+ <td colspan="9" class="title"><? printf(_("Certificates for %s"), $orgname)?> </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ </tr>
+ <?
+ }
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
if($row['revoked'] == 0)
$row['revoke'] = _("Not Revoked");
?>
@@ -77,18 +158,29 @@
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
- <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="8">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>" />&#160;&#160;&#160;&#160;
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="9"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
</tr>
<? } ?>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" />
</form>
-<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
+
diff --git a/pages/account/24.php b/pages/account/24.php
index 7f56023..14a47c0 100644
--- a/pages/account/24.php
+++ b/pages/account/24.php
@@ -48,7 +48,11 @@
</tr>
<tr>
<td class="DataTD"><?=_("Country")?>:</td>
- <td class="DataTD"><input type="text" name="C" value="" size="5">(2 letter <a href="http://www.iso.org/iso/english_country_names_and_code_elements">ISO code</a>)</td>
+ <td class="DataTD"><input type="text" name="C" value="" size="5">
+ <?php printf(_('(2 letter %s ISO code %s )'),
+ '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">',
+ '</a>')?>
+ </td>
</tr>
<tr>
<td class="DataTD"><?=_("Comments")?>:</td>
diff --git a/pages/account/27.php b/pages/account/27.php
index 9524620..a1086d4 100644
--- a/pages/account/27.php
+++ b/pages/account/27.php
@@ -41,7 +41,11 @@
</tr>
<tr>
<td class="DataTD"><?=_("Country")?>:</td>
- <td class="DataTD"><input type="text" name="C" value="<?=($row['C'])?>" size="5"> (2 letter <a href="http://www.iso.org/iso/english_country_names_and_code_elements">ISO code</a>)</td>
+ <td class="DataTD"><input type="text" name="C" value="<?=($row['C'])?>" size="5">
+ <?php printf(_('(2 letter %s ISO code %s )'),
+ '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">',
+ '</a>')?>
+ </td>
</tr>
<tr>
<td class="DataTD"><?=_("Comments")?>:</td>
diff --git a/pages/account/29.php b/pages/account/29.php
index c1a3def..4229b3b 100644
--- a/pages/account/29.php
+++ b/pages/account/29.php
@@ -35,10 +35,12 @@
<td class="DataTD"><input type="text" name="domainname" value="<?=sanitizeHTML($_SESSION['_config']['domain'])?>"></td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
+ <td class="DataTD"><input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
+ <td class="DataTD"><input type="submit" name="process" value="<?=_("Update")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=intval($id)?>">
<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+<input type="hidden" name="domid" value="<?=intval($_REQUEST['domid'])?>">
</form>
diff --git a/pages/account/3.php b/pages/account/3.php
index 5590488..7e34300 100644
--- a/pages/account/3.php
+++ b/pages/account/3.php
@@ -24,7 +24,7 @@
<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/cps.php">http://www.cacert.org/cps.php</a></p>
-<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed andwill not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
+<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@@ -44,7 +44,7 @@
<td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
</tr>
-<? }
+<? }
if($_SESSION['profile']['points'] >= 50)
{
$fname = $_SESSION['profile']['fname'];
@@ -52,55 +52,68 @@ if($_SESSION['profile']['points'] >= 50)
$lname = $_SESSION['profile']['lname'];
$suffix = $_SESSION['profile']['suffix'];
?>
- <tr>
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
- <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
- <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
+ <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br />
+ <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br />
+ <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br>
-<? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?>
-<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?>
-<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?>
-<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?>
+ <input type="radio" name="incname" value="0" checked /> <?=_("No Name")?><br />
+ <? if($fname && $lname) { ?><input type="radio" name="incname" value="1" /> <?=_("Include")?> '<?=$fname." ".$lname?>'<br /><? } ?>
+ <? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br /><? } ?>
+ <? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3" /> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br /><? } ?>
+ <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br /><? } ?>
</td>
</tr>
-<? } ?>
+<? } ?>
<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
<tr>
+ <td class="DataTD">
+ <input type="checkbox" name="codesign" value="1" />
+ </td>
<td class="DataTD" align="left">
- <input type="checkbox" name="codesign" value="1"> <?=_("Code Signing")?></td>
- <td class="DataTD" align="left">
- <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
+ <?=_("Code Signing")?><br />
+ <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
</td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="2" align="left">
- <input type="checkbox" name="login" value="1" checked="checked"> <?=_("Enable certificate login with this certificate")?><br>
+ <td class="DataTD">
+ <input type="checkbox" name="login" value="1" checked="checked" />
+ </td>
+ <td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br />
<?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/>
</td>
</tr>
-
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <?=_("Optional comment, only used in the certificate overview")?><br />
+ <input type="text" name="description" maxlength="100" size="100" />
+ </td>
+ </tr>
<tr name="expertoff" style="display:none">
- <td class="DataTD" colspan="2" align="left">
- <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)"/><?=_("Show advanced options")?>
+ <td class="DataTD">
+ <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)" />
+ </td>
+ <td class="DataTD">
+ <?=_("Show advanced options")?>
</td>
</tr>
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="SSO" value="0" checked> <?=_("No Single Sign On ID")?><br>
- <input type="radio" name="SSO" value="1"> <?=_("Add Single Sign On ID Information")?><br>
+ <input type="radio" name="SSO" value="0" checked /> <?=_("No Single Sign On ID")?><br />
+ <input type="radio" name="SSO" value="1" /> <?=_("Add Single Sign On ID Information")?><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
<a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a>
</td>
</tr>
+
+
<tr name="expert">
<td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td>
</tr>
@@ -108,10 +121,19 @@ if($_SESSION['profile']['points'] >= 50)
<td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ <td class="DataTD">
+ <input type="checkbox" name="CCA" />
+ </td>
+ <td class="DataTD" align="left">
+ <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
+ <?=_("Please Note: You need to accept the CCA to proceed.")?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td>
</tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
<script language="javascript">
diff --git a/pages/account/30.php b/pages/account/30.php
index 33eeca8..04ad229 100644
--- a/pages/account/30.php
+++ b/pages/account/30.php
@@ -41,5 +41,6 @@
<input type="hidden" name="oldid" value="<?=intval($id)?>">
<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
<input type="hidden" name="domain" value="<?=sanitizeHTML($row['domain'])?>">
+<input type="hidden" name="domid" value="<?=intval($_REQUEST['domid'])?>">
</form>
diff --git a/pages/account/33.php b/pages/account/33.php
index 376a8b9..9e2f67a 100644
--- a/pages/account/33.php
+++ b/pages/account/33.php
@@ -51,7 +51,7 @@
<? } ?>
<tr>
<td class="DataTD"><?=_("Comments")?>:</td>
- <td class="DataTD"><input type="text" name="comments" size=27 maxlength=20 value=""></td>
+ <td class="DataTD"><textarea name="comments" cols="30" rows="5"></textarea></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
diff --git a/pages/account/35.php b/pages/account/35.php
index 3a4714f..05c7f2b 100644
--- a/pages/account/35.php
+++ b/pages/account/35.php
@@ -15,44 +15,89 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
+
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
- <tr>
- <td colspan="3" class="title"><?=_("Organisations")?></td>
- </tr>
- <tr>
- <td class="DataTD">#</td>
- <td class="DataTD"><?=_("Organisation")?></td>
- <td class="DataTD"><?=_("Admins")?></td>
- </tr>
-<?
- $query = "select * from `orginfo`,`org` where `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- {
- //number of admins for the org
- $r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'");
- $admincount = mysql_num_rows($r2);
- // number of domains for the org
- $r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
- $domcount = mysql_num_rows($r2);
-?>
- <tr>
- <td class="DataTD"><?=intval($row['id'])?></td>
- <td class="DataTD"><?=($row['O'])?>, <?=($row['ST'])?> <?=sanitizeHTML($row['C'])?></td>
- <td class="DataTD"><a href="account.php?id=32&amp;orgid=<?=$row['id']?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
- </tr>
<?
- // display the domains of each organisation
- $query3 = "select * from `orgdomains` where `orgid`='".intval($row['id'])."'";
- $res3 = mysql_query($query3);
- while($detailorg = mysql_fetch_assoc($res3))
+$query = "select *
+ from `orginfo`,`org`
+ where `orginfo`.`id`=`org`.`orgid`
+ and `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
+
+$res = mysql_query($query);
+while($row = mysql_fetch_assoc($res))
+{
+ ?>
+ <tr>
+ <td colspan="3" class="title"><?=_("Organisation")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Organisation Name")?>:</td>
+ <td colspan="2" class="DataTD" ><b><?=$row['O']?></b></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Contact Email")?>:</td>
+ <td colspan="2" class="DataTD"><?=($row['contact'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Town/Suburb")?>:</td>
+ <td colspan="2" class="DataTD"><?=($row['L'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("State/Province")?>:</td>
+ <td colspan="2" class="DataTD"><?=($row['ST'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country")?>:</td>
+ <td colspan="2" class="DataTD"><?=($row['C'])?></td>
+ </tr>
+ <?
+
+ //domain info
+ $query = "select `domain` from `orgdomains` where `orgid`='".intval($row['id'])."'";
+ $res1 = mysql_query($query);
+ while($domain = mysql_fetch_assoc($res1))
+ {
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?></td>
+ <td colspan="2" class="DataTD"><?=sanitizeHTML($domain['domain'])?></td>
+ </tr>
+ <?
+ }
+
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Administrator")?></td>
+ <td class="DataTD"><?=_("Master Account")?></td>
+ <td class="DataTD"><?=_("Department")?></td>
+ </tr>
+ <?
+
+ //org admins
+ $query = "select * from `org` where `orgid`='".intval($row['id'])."'";
+ $res2 = mysql_query($query);
+ while($org = mysql_fetch_assoc($res2))
{
-?>
- <tr>
- <td class="DataTD"><?=intval($detailorg['id'])?></td>
- <td class="DataTD"><?=_("Domain available")?></td>
- <td class="DataTD"><?=sanitizeHTML($detailorg['domain'])?></td>
- </tr>
-<? } } ?>
+ $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($org['memid'])."'"));
+ ?>
+ <tr>
+ <td class="DataTD"><a href='mailto:<?=$user['email']?>'><?=($user['fname'])?> <?=($user['lname'])?></a></td>
+ <td class="DataTD"><?=($org['masteracc'])?></td>
+ <td class="DataTD"><?=($org['OU'])?></td>
+ </tr>
+ <?
+
+ if(intval($org['masteracc']) === 1 &&
+ intval($org['memid']) === intval($_SESSION['profile']['id']))
+ {
+ $master="account.php?id=32&amp;orgid=".intval($row['id']);
+ ?>
+ <tr>
+ <td colspan="3" class="DataTD"><a href="<?=$master ?>"><?=_("Edit")?></a></td>
+ </tr>
+ <?
+ }
+ }
+} ?>
</table>
diff --git a/pages/account/38.php b/pages/account/38.php
index f311bf5..7caddb0 100644
--- a/pages/account/38.php
+++ b/pages/account/38.php
@@ -14,31 +14,6 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<H3><?=_("Donations")?></H3><br>
+*/
-<h4><?=_("If I'd like to donate to CAcert Inc., how can I do it?")?></h4>
-
-<p>
-<?
-printf(_("CAcert Inc. is a non-profit association which is legally able to accept donations. CAcert adheres to %sstrict guidelines%s about how this money can to be used. If you'd like to make a donation, you can do so via"),
- '<a href="//wiki.cacert.org/FAQ/DonationsGuideline">', '</a>');
-?>
-
-<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
-<input type="hidden" name="cmd" value="_s-xclick">
-<input type="image" src="/images/payment2.png" border="0" name="submit" alt="<?=_("CAcert Donation through PayPal")?>">
-<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHRwYJKoZIhvcNAQcEoIIHODCCBzQCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYCA1pOad7SD8OtSdvHxI3CItmi2sb2eq/1UZbQboNkJTwlaTbTZfoWzBuFmimBR/Qz21Z+L7wFa7XxfhwRLC4V/X4uTJVAIDaKsdTXFNx51EMu+LyiP1O+7GxcdNR7njwvndIaHN0HZIdidpG8jFPP/8ZsLaPe2/Dh2S7344wSuUDELMAkGBSsOAwIaBQAwgcQGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIYn0dsk7tIRmAgaBNejWqE2RRr+Tsb3fVlcbuG98Bq+zaMO5g8n8i3DnBjIoSJNb+ZuSj53oWrh/+HCY4EY1Rg3qHiUSMOS/o9k75UR7C+ez0R9tmZ2eQrdxlqTVuvENRA0W5z6iTJYog5XhMoKScOFUBaIr9zxjETUY2Y1V3X8qRFIe0YWlYRYbePs2p/IDatirUFhOJSff0ancU2GZULRy0PiZHtzbm8Gy/oIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcxMTAzMDcxMDI1WjAjBgkqhkiG9w0BCQQxFgQU8tPwGUvNb8eYe8Pfhe9YutgXm/YwDQYJKoZIhvcNAQEBBQAEgYBpwhhgz5ED5qxBosfMaifzIr2anV5ScQqqQbC1hphWBQ4e2PT5+TQWCcQkrTh2UTp3vC81Y8vYZ+fussa+zPBE8DmeFDfzpLJo+TQHZUiKxWUDu6drv3o3mV3VjAkaqIhAdubhEOxj2bbKND3IRT1lfIVVSUipndKzRjukZJK39A==-----END PKCS7-----">
-</form>
-
-<p><?=_("If you are located in Australia, please use bank transfer instead:")?></p>
-
-<pre>
-Account Name: CAcert Inc
-BSB: 032073
-Account No.: 180264
-</pre>
-
-<p><?=_("ANY amount will be appreciated - the more funding CAcert receives, the sooner it can achieve the goals of the community.")?></p>
-
-<p><?=_("Thank you very much for your support, your donations help CAcert to continue to operate.")?></p>
+require_once(dirname(__FILE__)."/../index/13.php");
diff --git a/pages/account/4.php b/pages/account/4.php
index a4d6597..8ac8b65 100644
--- a/pages/account/4.php
+++ b/pages/account/4.php
@@ -14,177 +14,6 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
-<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
-<?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?><?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?>
-</object>
-<form method="post" action="account.php" name="CertReqForm"><p>
-<input type="hidden" name="session" value="UsedXenroll">
-<?=_("Key Strength:")?> <select name="CspProvider"></select>
-<input type="hidden" name="oldid" value="<?=$id?>">
-<INPUT TYPE=HIDDEN NAME="CSR">
-<input type="hidden" name="keytype" value="MS">
-<input type="submit" name="GenReq" value="Create Certificate"><br>
-</p></form>
-<script type="text/vbscript" language="vbscript">
-<!--
-Function GetProviderList()
- Dim CspList, cspIndex, ProviderName
- On Error Resume Next
+*/
- count = 0
- base = 0
- enhanced = 0
- CspList = ""
- ProviderName = ""
-
- // Vista:
- Set csps = CreateObject("X509Enrollment.CCspInformations")
- If IsObject(csps) Then
- csps.AddAvailableCsps()
- Document.CertReqForm.keytype.value="VI"
- For j = 0 to csps.Count-1
- Set oOption = document.createElement("OPTION")
- oOption.text = csps.ItemByIndex(j).Name
- oOption.value = j
- Document.CertReqForm.CspProvider.add(oOption)
- Next
-
- Else
-
- // 2000,XP:
-
- For ProvType = 0 to 13
- cspIndex = 0
- cec.ProviderType = ProvType
- ProviderName = cec.enumProviders(cspIndex,0)
-
- while ProviderName <> ""
- Set oOption = document.createElement("OPTION")
- oOption.text = ProviderName
- oOption.value = ProvType
- Document.CertReqForm.CspProvider.add(oOption)
- if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
- base = count
- end if
- if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
- enhanced = count
- end if
- cspIndex = cspIndex +1
- ProviderName = ""
- ProviderName = cec.enumProviders(cspIndex,0)
- count = count + 1
- wend
- Next
- Document.CertReqForm.CspProvider.selectedIndex = base
- if enhanced then
- Document.CertReqForm.CspProvider.selectedIndex = enhanced
- end if
- End If
-End Function
-
-Function CSR(keyflags)
- CSR = ""
- szName = ""
-
-
- // Vista
- if Document.CertReqForm.keytype.value="VI" Then
-
- Dim g_objClassFactory
- Dim obj
- Dim objPrivateKey
- Dim g_objRequest
- Dim g_objRequestCMC
-
- Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
- Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
- Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
- Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
- //Msgbox exit function
- objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text
- // "Microsoft Enhanced RSA and AES Cryptographic Provider"
- objPrivateKey.ProviderType = "24"
- objPrivateKey.KeySpec = "1"
- objPrivateKey.ExportPolicy = 1
- objRequest.InitializeFromPrivateKey 1, objPrivateKey, ""
- Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
- objDN.Encode("CN=CAcertRequest")
- objRequest.Subject = objDN
-
- // obj.Initialize(1)
- obj.InitializeFromRequest(objRequest)
- obj.CertificateDescription="Description"
- obj.CertificateFriendlyName="FriendlyName"
- CSR=obj.CreateRequest(1)
- If len(CSR)<>0 Then Exit Function
- Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>"
-
- else
- // XP
-
- cec.HashAlgorithm = "MD5"
- err.clear
- On Error Resume Next
- set options = document.all.CspProvider.options
- index = options.selectedIndex
- cec.providerName = options(index).text
- tmpProviderType = options(index).value
- cec.providerType = tmpProviderType
- cec.KeySpec = 2
- if tmpProviderType < 2 Then
- cec.KeySpec = 1
- end if
- cec.GenKeyFlags = &h04000001 OR keyflags
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- cec.GenKeyFlags = &h04000000 OR keyflags
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
- if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
- cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
- else
- Exit Function
- end if
- end if
- cec.GenKeyFlags = 1 OR keyflags
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- cec.GenKeyFlags = keyflags
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- cec.GenKeyFlags = 0
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- End if
-End Function
-
-Sub GenReq_OnClick
- Dim TheForm
- Set TheForm = Document.CertReqForm
- err.clear
- result = CSR(2)
- if len(result)=0 Then
- result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
- Exit Sub
- end if
- TheForm.CSR.Value = result
- TheForm.Submit
- Exit Sub
-End Sub
-
-GetProviderList()
--->
-</script>
-<? } else { ?>
-<p>
-<form method="post" action="account.php">
-<input type="hidden" name="keytype" value="NS">
-<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
-
-<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
-</p>
-<? } ?>
+require_once($_SESSION['_config']['filepath'].'/includes/keygen.php');
diff --git a/pages/account/40.php b/pages/account/40.php
index 8391903..a809595 100644
--- a/pages/account/40.php
+++ b/pages/account/40.php
@@ -27,17 +27,28 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
<p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
-<form method="post" name="form1">
+<form method="post" action="account.php" name="form1">
<input type="hidden" name="oldid" value="<?=$id?>">
- <input type="hidden" name="support" value="yes">
+<!-- <input type="hidden" name="support" value="yes"> -->
<input type="hidden" name="secrethash2" value="">
- <table border="0">
- <tr><td width="90"><?=_("Your Name")?>:</td><td><input type="text" name="who"></td><td>&#160;</td></tr>
- <tr><td><?=_("Your Email")?>:</td><td><input type="text" name="email"></td></tr>
- <tr><td><?=_("Subject")?>:</td><td><input type="text" name="subject"></td></tr>
- <tr><td colspan="2"><textarea name="message" cols="40" rows="10"></textarea></td></tr>
- <tr><td colspan="3"><font color="#ff0000"><?=_("Warning: Please do not enter confidential data into this form, it is being sent to a public mailinglist. Use the form further below instead.")?></font></td></tr>
- <tr><td colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td></tr>
+ <p class="robotic" id="pot">
+ <label>If you're human leave this blank:</label>
+ <input name="robotest" type="text" id="robotest" class="robotest" />
+ </p>
+<table border="0">
+ <tr><td width="100"><?=_("Your Name")?>:</td><td width="100"><input type="text" name="who"></td><td width="100"></td><td width="100"></td>
+ <tr><td width="100"><?=_("Your Email")?>:</td><td colspan="3"><input type="text" name="email"></td>
+ <tr><td width="100"><?=_("Subject")?>:</td><td colspan="3"><input type="text" name="subject"></td></tr>
+ <tr><td width="100" valign="top"><?=_("Message")?>:</td><td colspan="3"><textarea name="message" cols="70" rows="10"></textarea></td></tr>
+
+ <tr>
+ <td colspan="2"><font color="#ff0000"><?=_("Warning: Please do not use \"send to mailing list\" when you entered confidential data. The request is being sent to a public mailinglist.")?></font></td>
+ <td colspan="2"><?=_("For confidential data use \"send to support\".")?></td>
+ </tr>
+ <tr>
+ <td colspan="2"><input type="submit" name="process[0]" value="<?=_("Send to mailing list")?>"></td>
+ <td colspan="2"><input type="submit" name="process[1]" value="<?=_("Send to support")?>"></td>
+ </tr>
</table>
</form>
@@ -50,31 +61,15 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
<p><?=_("There are a number of other mailing lists CAcert runs, some are general discussion, others are technical (such as the development list) or platform specific help (such as the list for Apple Mac users)")?></p>
<p><a href="http://lists.cacert.org/"><?=_("Click here to view all lists available")?></a></p>
-<p><b><?=_("Sensitive Information")?></b></p>
-<p><?=_("If you have questions, comments or otherwise and information you're sending to us contains sensitive details, you should use the contact form below. Due to the large amounts of support emails we receive, sending general questions via this contact form will generally take longer then using the support mailing list. Also sending queries in anything but english could cause delays in supporting you as we'd need to find a translator to help.")?></p>
-<form method="post" action="https://www.cacert.org/index.php" name="form2">
- <input type="hidden" name="secrethash2" value="">
- <input type="hidden" name="oldid" value="<?=$id?>">
- <table border="0">
- <tr><td><?=_("Your Name")?>:</td><td><input type="text" name="who"></td></tr>
- <tr><td><?=_("Your Email")?>:</td><td><input type="text" name="email"></td></tr>
- <tr><td><?=_("Subject")?>:</td><td><input type="text" name="subject"></td></tr>
- <tr><td colspan="2"><textarea name="message" cols="40" rows="10"></textarea></td></tr>
- <tr><td colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td></tr>
- </table>
-</form>
-
<p><b><?=_("Security Issues")?></b></p>
-<p><?=_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on <a href='https://bugs.cacert.org/'>bugs.cacert.org</a> and mark it as private.")?></p>
+<p><?=sprintf(_("Please use any of the following ways to report security ".
+ "issues: You can use the above contact form for sensitive information. ".
+ "You can email us to %s. You can file a bugreport on %s and mark it as ".
+ "private."),
+ "<a href='mailto:support@cacert.org'>support@cacert.org</a>",
+ "<a href='https://bugs.cacert.org/'>bugs.cacert.org</a>")?></p>
-<p><b><?=_("Snail Mail")?></b></p>
-<p><?=_("Alternatively you can get in contact with us via the following methods:")?></p>
-<p><?=_("Postal Address:")?><br>
-CAcert Inc.<br>
-P.O. Box 4107<br>
-Denistone East NSW 2112<br>
-Australia</p>
<script type="text/javascript">
<!--
diff --git a/pages/account/41.php b/pages/account/41.php
index e44eec9..d61d8db 100644
--- a/pages/account/41.php
+++ b/pages/account/41.php
@@ -14,21 +14,24 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
+*/
+
+require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
+?>
+
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
<td colspan="2" class="title"><?=_("My Language Settings")?></td>
</tr>
<tr>
- <td class="DataTD"><?=_("My prefered language")?>:</td>
+ <td class="DataTD"><?=_("My preferred language")?>:</td>
<td class="DataTD"><select name="lang">
<?
-echo $_SESSION['_config']['language'];
- foreach($_SESSION['_config']['translations'] as $key => $val)
+ foreach(L10n::$translations as $key => $val)
{
echo "<option value='$key'";
- if($key == $_SESSION['_config']['language'])
+ if($key == L10n::get_translation())
echo " selected";
echo ">$val</option>\n";
}
@@ -70,8 +73,12 @@ echo $_SESSION['_config']['language'];
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- echo "<option value='".sanitizeHTML($row['locale'])."'";
- echo ">".$row['country']." - ".$row['lang']."</option>\n";
+ printf("<option value=\"%s\">[%s] %s (%s)</option>\n",
+ sanitizeHTML($row['locale']),
+ sanitizeHTML($row['locale']),
+ $row['lang'],
+ $row['country']
+ );
}
?>
</select>
diff --git a/pages/account/43.php b/pages/account/43.php
index f058770..1bbe9aa 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -18,24 +18,40 @@
<?
include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+$ticketno='';
+$ticketvalidation=FALSE;
- if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
- {
- $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
+//check if an assurance should be deleted
+if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
+{
+ $assurance = mysql_real_escape_string(intval($_REQUEST['assurance']));
$row = 0;
- $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
- if ($res) {
- $row = mysql_fetch_assoc($res);
+ $res = mysql_query("select `to` from `notary` where `id`='$assurance' and `deleted` = 0");
+ if ($res) {
+ $row = mysql_fetch_assoc($res);
}
- mysql_query("delete from `notary` where `id`='$assurance'");
+ mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'");
if ($row) {
- fix_assurer_flag($row['to']);
+ fix_assurer_flag($row['to']);
}
- }
+}
+
+if (isset($_SESSION['ticketno'])) {
+ $ticketno = $_SESSION['ticketno'];
+ $ticketvalidation = TRUE;
+}
+if (isset($_SESSION['ticketmsg'])) {
+ $ticketmsg = $_SESSION['ticketmsg'];
+} else {
+ $ticketmsg = '';
+}
+
+// search for an account by email search, if more than one is found display list to choose
+if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
+{
+ $_REQUEST['userid'] = 0;
- if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
- {
- $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
+ $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
@@ -43,562 +59,1037 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
// bug-975 ted+uli changes --- begin
if(preg_match("/^[0-9]+$/", $email)) {
- // $email consists of digits only ==> search for IDs
- // Be defensive here (outer join) if primary mail is not listed in email table
- $query = "select `users`.`id` as `id`, `email`.`email` as `email`
- from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
- where (`email`.`id`='$email' or `users`.`id`='$email')
- and `users`.`deleted`=0
- group by `users`.`id` limit 100";
- } else {
- // $email contains non-digits ==> search for mail addresses
- // Be defensive here (outer join) if primary mail is not listed in email table
- $query = "select `users`.`id` as `id`, `email`.`email` as `email`
- from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
- where (`email`.`email` like '$emailsearch'
- or `users`.`email` like '$emailsearch')
- and `users`.`deleted`=0
- group by `users`.`id` limit 100";
- }
- // bug-975 ted+uli changes --- end
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 1) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("User ID")?></td>
- <td class="DataTD"><?=_("Email")?></td>
- </tr>
-<?
- while($row = mysql_fetch_assoc($res))
- { ?>
- <tr>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
- </tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
- <tr>
- <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
- </tr>
-<? } else { ?>
- <tr>
- <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
- </tr>
-<? } ?>
-</table><br><br>
-<? } elseif(mysql_num_rows($res) == 1) {
- $row = mysql_fetch_assoc($res);
- $_REQUEST['userid'] = $row['id'];
+ // $email consists of digits only ==> search for IDs
+ // Be defensive here (outer join) if primary mail is not listed in email table
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email`
+ from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
+ where (`email`.`id`='$email' or `users`.`id`='$email')
+ and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
} else {
- printf(_("No users found matching %s"), sanitizeHTML($email));
+ // $email contains non-digits ==> search for mail addresses
+ // Be defensive here (outer join) if primary mail is not listed in email table
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email`
+ from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
+ where (`email`.`email` like '$emailsearch'
+ or `users`.`email` like '$emailsearch')
+ and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
}
- }
-
- if(intval($_REQUEST['userid']) > 0)
- {
- $id = intval($_REQUEST['userid']);
- $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
+ // bug-975 ted+uli changes --- end
$res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
- } else {
- $row = mysql_fetch_assoc($res);
- $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
+ if(mysql_num_rows($res) > 1) {
?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("First Name")?>:</td>
- <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
- <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
- <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Middle Name")?>:</td>
- <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Last Name")?>:</td>
- <td class="DataTD"> <input type="hidden" name="oldid" value="43">
- <input type="hidden" name="action" value="updatedob">
- <input type="hidden" name="userid" value="<?=intval($id)?>">
- <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Suffix")?>:</td>
- <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Date of Birth")?>:</td>
- <td class="DataTD">
-<?
- $year = intval(substr($row['dob'], 0, 4));
- $month = intval(substr($row['dob'], 5, 2));
- $day = intval(substr($row['dob'], 8, 2));
- ?><nobr><select name="day">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("User ID")?></td>
+ <td class="DataTD"><?=_("Email")?></td>
+ </tr>
<?
- for($i = 1; $i <= 31; $i++)
+ while($row = mysql_fetch_assoc($res))
{
- echo "<option";
- if($day == $i)
- echo " selected='selected'";
- echo ">$i</option>";
- }
?>
- </select>
- <select name="month">
+ <tr>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
+ </tr>
<?
- for($i = 1; $i <= 12; $i++)
- {
- echo "<option value='$i'";
- if($month == $i)
- echo " selected='selected'";
- echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
}
+
+ if(mysql_num_rows($res) >= 100) {
?>
- </select>
- <input type="text" name="year" value="<?=$year?>" size="4">
- <input type="submit" value="Go"></form></nobr></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Trainings")?>:</td>
- <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Is Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Account Locking")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Code Signing")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Org Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("TTP Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Location Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Ad Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Tverify Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("General Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Country Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Regional Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Change Password")?>:</td>
- <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Delete Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
- </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
+ </tr>
<?
- // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
- if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") {
+ } else {
?>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
- </tr>
-<? } else { ?>
- <tr>
- <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD"><?=_("Assurance Points")?>:</td>
- <td class="DataTD"><?=intval($drow['points'])?></td>
- </tr>
-</table>
-<br><?
- $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
- and `email`!='".mysql_escape_string($row['email'])."'";
- $dres = mysql_query($query);
- if(mysql_num_rows($dres) > 0) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
- </tr><?
- $rc = mysql_num_rows($dres);
- while($drow = mysql_fetch_assoc($dres))
- { ?>
- <tr>
- <td class="DataTD"><?=_("Secondary Emails")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
- </tr>
-<? } ?>
-</table>
-<br><? } ?>
+ <tr>
+ <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ </tr>
<?
- $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
- $dres = mysql_query($query);
- if(mysql_num_rows($dres) > 0) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Verified Domains")?></td>
- </tr><?
- $rc = mysql_num_rows($dres);
- while($drow = mysql_fetch_assoc($dres))
- { ?>
- <tr>
- <td class="DataTD"><?=_("Domain")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
- </tr>
-<? } ?>
-</table>
-<br>
-<? } ?>
-<? // Begin - Debug infos ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("Account State")?></td>
- </tr>
-
-<?
- // --- bug-975 begin ---
- // potential db inconsistency like in a20110804.1
- // Admin console -> don't list user account
- // User login -> impossible
- // Assurer, assure someone -> user displayed
- /* regular user account search with regular settings
-
- --- Admin Console find user query
- $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
- where `users`.`id`=`email`.`memid` and
- (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
- `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
- group by `users`.`id` limit 100";
- => requirements
- 1. email.hash = ''
- 2. email.deleted = 0
- 3. users.deleted = 0
- 4. email.email = primary-email (???) or'd
- not covered by admin console find user routine, but may block users login
- 5. users.verified = 0|1
- further "special settings"
- 6. users.locked (setting displayed in display form)
- 7. users.assurer_blocked (setting displayed in display form)
-
- --- User login user query
- select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
- `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
- => requirements
- 1. users.verified = 1
- 2. users.deleted = 0
- 3. users.locked = 0
- 4. users.email = primary-email
-
- --- Assurer, assure someone find user query
- select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
- and `deleted`=0
- => requirements
- 1. users.deleted = 0
- 2. users.email = primary-email
- Admin User Assurer
- bit Console Login assure someone
-
- 1. email.hash = '' Yes No No
- 2. email.deleted = 0 Yes No No
- 3. users.deleted = 0 Yes Yes Yes
- 4. users.verified = 1 No Yes No
- 5. users.locked = 0 No Yes No
- 6. users.email = prim-email No Yes Yes
- 7. email.email = prim-email Yes No No
-
- full usable account needs all 7 requirements fulfilled
- so if one setting isn't set/cleared there is an inconsistency either way
- if eg email.email is not avail, admin console cannot open user info
- but user can login and assurer can display user info
- if user verified is not set to 1, admin console displays user record
- but user cannot login, but assurer can search for the user and the data displays
-
- consistency check:
- 1. search primary-email in users.email
- 2. search primary-email in email.email
- 3. userid = email.memid
- 4. check settings from table 1. - 5.
-
- */
-
- $inconsistency = 0;
- $inconsistencydisp = "";
- $inccause = "";
- // current userid intval($row['id'])
- $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
- from `users` where `id`='".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $uemail = $drow['uemail'];
- $udeleted = $drow['udeleted'];
- $uverified = $drow['verified'];
- $ulocked = $drow['locked'];
-
- $query = "select `hash`, `email` as `eemail` from `email`
- where `memid`='".intval($row['id'])."' and
- `email` ='".$uemail."' and
- `deleted` = 0";
- $dres = mysql_query($query);
- if ($drow = mysql_fetch_assoc($dres)) {
- $drow['edeleted'] = 0;
- } else {
- // try if there are deleted entries
- $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
- where `memid`='".intval($row['id'])."' and
- `email` ='".$uemail."'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- }
-
- if ($drow) {
- $eemail = $drow['eemail'];
- $edeleted = $drow['edeleted'];
- $ehash = $drow['hash'];
- if ($udeleted!=0) {
- $inconsistency += 1;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
- }
- if ($uverified!=1) {
- $inconsistency += 2;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
- }
- if ($ulocked!=0) {
- $inconsistency += 4;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
- }
- if ($edeleted!=0) {
- $inconsistency += 8;
- $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
- }
- if ($ehash!='') {
- $inconsistency += 16;
- $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
- }
- } else {
- $inconsistency = 32;
- $inccause = _("Prim. email, Email record doesn't exist");
- }
- if ($inconsistency>0) {
- // $inconsistencydisp = _("Yes");
-?>
- <tr>
- <td class="DataTD"><?=_("Account inconsistency")?>:</td>
- <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
- </tr>
- <tr>
- <td colspan="2" class="DataTD" style="max-width: 75ex">
- <?=_("Account inconsistency can cause problems in daily account ".
- "operations and needs to be fixed manually through arbitration/critical ".
- "team.")?>
- </td>
- </tr>
-<? }
-
- // --- bug-975 end ---
-?>
-</table>
-<br>
-<?
- // End - Debug infos
+ }
?>
+ </table><br><br>
+<?
+ } elseif(mysql_num_rows($res) == 1) {
+ $row = mysql_fetch_assoc($res);
+ $_REQUEST['userid'] = $row['id'];
+ } else {
+ printf(_("No users found matching %s"), sanitizeHTML($email));
+ }
+}
-<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
- (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
-<br />
-<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
- (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
-<br />
+// display user information for given user id
+if(intval($_REQUEST['userid']) > 0) {
+ $userid = intval($_REQUEST['userid']);
+ $res =get_user_data($userid);
+ if(mysql_num_rows($res) <= 0) {
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ } else {
+ $row = mysql_fetch_assoc($res);
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $alerts =get_alerts(intval($row['id']));
-<?
-// if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
+//display account data
-function showassuredto()
-{
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="8" class="title"><?=_("Assurance Points")?></td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("ID")?></b></td>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Who")?></b></td>
- <td class="DataTD"><b><?=_("Email")?></b></td>
- <td class="DataTD"><b><?=_("Points")?></b></td>
- <td class="DataTD"><b><?=_("Location")?></b></td>
- <td class="DataTD"><b><?=_("Method")?></b></td>
- <td class="DataTD"><b><?=_("Revoke")?></b></td>
- </tr>
-<?
- $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'";
- $dres = mysql_query($query);
- $points = 0;
- while($drow = mysql_fetch_assoc($dres))
- {
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
- $points += $drow['points'];
-?>
- <tr>
- <td class="DataTD"><?=$drow['id']?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
- <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
- <td class="DataTD"><?=intval($drow['points'])?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD" colspan="3">&nbsp;</td>
- </tr>
-</table>
-<? } ?>
+//deletes an assurance
+ if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation==true)
+ {
+ $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
+ $row = 0;
+ $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
+ if ($res) {
+ $row = mysql_fetch_assoc($res);
+ }
+ mysql_query("delete from `notary` where `id`='$assurance'");
+ if ($row) {
+ fix_assurer_flag($row['to']);
+ write_se_log($userid, $_SESSION['profile']['id'], 'AD assurance revoke', $ticketno);
+ }
+ } else {
+ $ticketmsg=_('No assurance revoked. Ticket number is missing!');
+ }
-<?
-function showassuredby()
-{
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("ID")?></b></td>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Who")?></b></td>
- <td class="DataTD"><b><?=_("Email")?></b></td>
- <td class="DataTD"><b><?=_("Points")?></b></td>
- <td class="DataTD"><b><?=_("Location")?></b></td>
- <td class="DataTD"><b><?=_("Method")?></b></td>
- <td class="DataTD"><b><?=_("Revoke")?></b></td>
- </tr>
-<?
- $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'";
- $dres = mysql_query($query);
- $points = 0;
- while($drow = mysql_fetch_assoc($dres))
- {
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
- $points += $drow['points'];
+//Ticket number
?>
- <tr>
- <td class="DataTD"><?=$drow['id']?></td>
- <td class="DataTD"><?=$drow['date']?></td>
- <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
- <td class="DataTD"><?=$drow['points']?></td>
- <td class="DataTD"><?=$drow['location']?></td>
- <td class="DataTD"><?=$drow['method']?></td>
- <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD" colspan="3">&nbsp;</td>
- </tr>
-</table>
-<? } ?>
-<br><br>
-<? } }
-
-switch ($_GET['shownotary'])
- {
- case 'assuredto': showassuredto();
- break;
- case 'assuredby': showassuredby();
- break;
- case 'assuredto15': output_received_assurances(intval($_GET['userid']),1);
- break;
- case 'assuredby15': output_given_assurances(intval($_GET['userid']),1);
- break;
- }
+<form method="post" action="account.php?id=43&userid=<?=intval($_REQUEST['userid'])?>">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_('Ticket handling') ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Ticket no')?>:</td>
+ <td class="DataTD"><input type="text" name="ticketno" value="<?=$ticketno?>"/></td>
+ </tr>
+ <tr>
+ <td colspan="2" ><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
+ </tr>
+ <tr>
+ <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
+ </tr>
+ </table>
+</form>
+<br/>
-?>
+
+<!-- display data table -->
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("First Name")?>:</td>
+ <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
+ <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
+ <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>">
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Middle Name")?>:</td>
+ <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Last Name")?>:</td>
+ <td class="DataTD"> <input type="hidden" name="oldid" value="43">
+ <input type="hidden" name="action" value="updatedob">
+ <input type="hidden" name="userid" value="<?=intval($userid)?>">
+ <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>">
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Suffix")?>:</td>
+ <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Date of Birth")?>:</td>
+ <td class="DataTD">
+ <?
+ $year = intval(substr($row['dob'], 0, 4));
+ $month = intval(substr($row['dob'], 5, 2));
+ $day = intval(substr($row['dob'], 8, 2));
+ ?>
+ <nobr>
+ <select name="day">
+ <?
+ for($i = 1; $i <= 31; $i++) {
+ echo "<option";
+ if($day == $i) {
+ echo " selected='selected'";
+ }
+ echo ">$i</option>";
+ }
+ ?>
+ </select>
+ <select name="month">
+ <?
+ for($i = 1; $i <= 12; $i++) {
+ echo "<option value='$i'";
+ if($month == $i)
+ echo " selected='selected'";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
+ }
+ ?>
+ </select>
+ <input type="text" name="year" value="<?=$year?>" size="4">
+ <input type="submit" value="Go">
+ <input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
+ </form>
+ </nobr>
+ </td>
+ </tr>
+
+ <? // list of flags ?>
+ <tr>
+ <td class="DataTD"><?=_("CCA accepted")?>:</td>
+ <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Trainings")?>:</td>
+ <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Is Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>&amp;ticketno=<?=$ticketno?>"><?=$row['assurer']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>&amp;ticketno=<?=$ticketno?>"><?=$row['assurer_blocked']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Account Locking")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>&amp;ticketno=<?=$ticketno?>"><?=$row['locked']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Code Signing")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>&amp;ticketno=<?=$ticketno?>"><?=$row['codesign']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Org Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['orgadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("TTP Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['ttpadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['locadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['admin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Ad Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
+ </tr>
+ <!-- presently not needed
+ <tr>
+ <td class="DataTD"><?=_("Tverify Account")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['tverify']?></a></td>
+ </tr>
+ -->
+ <tr>
+ <td class="DataTD"><?=_("General Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['general']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['country']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Regional Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['regional']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['radius']?></a></td>
+ </tr>
+ <? //change password, view secret questions and delete account section ?>
+ <tr>
+ <td class="DataTD"><?=_("Change Password")?>:</td>
+ <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=_("Change Password")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Delete Account")?>:</td>
+ <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>&amp;ticketno=<?=$ticketno?>"><?=_("Delete Account")?></a></td>
+ </tr>
+ <?
+ // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
+ if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
+ write_se_log($userid, $_SESSION['profile']['id'], 'AD view lost password information', $ticketno);
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
+ </tr>
+ <?
+ } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes&amp;ticketno=<?=$ticketno?>"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <?
+ } else {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes&amp;ticketno=<?=$ticketno?>"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <? }
+
+ // list assurance points
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Assurance Points")?>:</td>
+ <td class="DataTD"><?=intval($drow['points'])?></td>
+ </tr>
+ <?
+ // show account history
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=59&amp;oldid=43&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=$ticketno?>"><?=_('Show account history')?></a></td>
+ </tr>
+ </table>
+ <br/>
+ <?
+ //ticket number to track SE log
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td td colspan="5" class="title"><?=_("Ticket/Arbitration No, needs to be entered to apply any changes")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Ticket/Arbitration No')?></td>
+ <td class="DataTD"><input name="ticketno" /></td>
+ </tr>
+ </table>
+ <br/>
+ <?
+ //list secondary email addresses
+ $dres = get_email_address(intval($row['id']),mysql_real_escape_string($row['email']));
+ if(mysql_num_rows($dres) > 0) {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
+ </tr>
+ <?
+ $rc = mysql_num_rows($dres);
+ while($drow = mysql_fetch_assoc($dres)) {
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Secondary Emails")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
+ </tr>
+ <?
+ }
+ ?>
+ </table>
+ <br/>
+ <?
+ }
+
+ // list of domains domains
+ $dres=get_domains(intval($row['id']));
+ if(mysql_num_rows($dres) > 0) {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Verified Domains")?></td>
+ </tr>
+ <?
+ $rc = mysql_num_rows($dres);
+ while($drow = mysql_fetch_assoc($dres)) {
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
+ </tr>
+ <?
+ }
+ ?>
+ </table>
+ <br/>
+ <?
+ }
+ ?>
+ <? // Begin - Debug infos ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Account State")?></td>
+ </tr>
+
+ <?
+ // --- bug-975 begin ---
+ // potential db inconsistency like in a20110804.1
+ // Admin console -> don't list user account
+ // User login -> impossible
+ // Assurer, assure someone -> user displayed
+ /* regular user account search with regular settings
+
+ --- Admin Console find user query
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
+ where `users`.`id`=`email`.`memid` and
+ (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
+ `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
+ => requirements
+ 1. email.hash = ''
+ 2. email.deleted = 0
+ 3. users.deleted = 0
+ 4. email.email = primary-email (???) or'd
+ not covered by admin console find user routine, but may block users login
+ 5. users.verified = 0|1
+ further "special settings"
+ 6. users.locked (setting displayed in display form)
+ 7. users.assurer_blocked (setting displayed in display form)
+
+ --- User login user query
+ select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
+ `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
+ => requirements
+ 1. users.verified = 1
+ 2. users.deleted = 0
+ 3. users.locked = 0
+ 4. users.email = primary-email
+
+ --- Assurer, assure someone find user query
+ select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
+ and `deleted`=0
+ => requirements
+ 1. users.deleted = 0
+ 2. users.email = primary-email
+
+ Admin User Assurer
+ bit Console Login assure someone
+
+ 1. email.hash = '' Yes No No
+ 2. email.deleted = 0 Yes No No
+ 3. users.deleted = 0 Yes Yes Yes
+ 4. users.verified = 1 No Yes No
+ 5. users.locked = 0 No Yes No
+ 6. users.email = prim-email No Yes Yes
+ 7. email.email = prim-email Yes No No
+
+ full usable account needs all 7 requirements fulfilled
+ so if one setting isn't set/cleared there is an inconsistency either way
+ if eg email.email is not avail, admin console cannot open user info
+ but user can login and assurer can display user info
+ if user verified is not set to 1, admin console displays user record
+ but user cannot login, but assurer can search for the user and the data displays
+
+ consistency check:
+ 1. search primary-email in users.email
+ 2. search primary-email in email.email
+ 3. userid = email.memid
+ 4. check settings from table 1. - 5.
+
+ */
+
+ $inconsistency = 0;
+ $inconsistencydisp = "";
+ $inccause = "";
+
+ // current userid intval($row['id'])
+ $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
+ from `users` where `id`='".intval($row['id'])."' ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $uemail = $drow['uemail'];
+ $udeleted = $drow['udeleted'];
+ $uverified = $drow['verified'];
+ $ulocked = $drow['locked'];
+
+ $query = "select `hash`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."' and
+ `deleted` = 0";
+ $dres = mysql_query($query);
+ if ($drow = mysql_fetch_assoc($dres)) {
+ $drow['edeleted'] = 0;
+ } else {
+ // try if there are deleted entries
+ $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."'";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ }
+
+ if ($drow) {
+ $eemail = $drow['eemail'];
+ $edeleted = $drow['edeleted'];
+ $ehash = $drow['hash'];
+ if ($udeleted!=0) {
+ $inconsistency += 1;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
+ }
+ if ($uverified!=1) {
+ $inconsistency += 2;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
+ }
+ if ($ulocked!=0) {
+ $inconsistency += 4;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
+ }
+ if ($edeleted!=0) {
+ $inconsistency += 8;
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
+ }
+ if ($ehash!='') {
+ $inconsistency += 16;
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
+ }
+ } else {
+ $inconsistency = 32;
+ $inccause = _("Prim. email, Email record doesn't exist");
+ }
+ if ($inconsistency>0) {
+ // $inconsistencydisp = _("Yes");
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Account inconsistency")?>:</td>
+ <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="DataTD" style="max-width: 75ex;">
+ <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?>
+ </td>
+ </tr>
+ <?
+ }
+
+ // --- bug-975 end ---
+ ?>
+ </table>
+ <br />
+ <?
+ // End - Debug infos
+
+ // certificate overview
+ ?>
+
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="6" class="title"><?=_("Certificates")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Cert Type")?>:</td>
+ <td class="DataTD"><?=_("Total")?></td>
+ <td class="DataTD"><?=_("Valid")?></td>
+ <td class="DataTD"><?=_("Expired")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Latest Expire")?></td>
+ </tr>
+ <!-- server certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Server")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`domaincerts`.`expire`) as `maxexpire`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `revoked` = '0000-00-00 00:00:00'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- client certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Client")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `revoked` = '0000-00-00 00:00:00'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- gpg certificates -->
+ <tr>
+ <td class="DataTD"><?=_("GPG")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- org server certificates -->
+ <tr>
+ <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`orgcerts`.`expire`) as `maxexpire`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
+ and `orgcerts`.`expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- org client certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Org Client")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`orgcerts`.`expire`) as `maxexpire`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
+ and `orgcerts`.`expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <tr>
+ <td colspan="6" class="title">
+ <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;">
+ <input type="hidden" name="action" value="revokecert">
+ <input type="hidden" name="oldid" value="43">
+ <input type="hidden" name="userid" value="<?=intval($userid)?>">
+ <input type="submit" value="<?=_('revoke certificates')?>">
+ <input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
+ </form>
+ </td>
+ </tr>
+ </table>
+ <br />
+ <? // list assurances ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="DataTD">
+ <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto&amp;ticketno=<?=$ticketno?>"><?=_("Show Assurances the user got")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15&amp;ticketno=<?=$ticketno?>"><?=_("New calculation")?></a>)
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby&amp;ticketno=<?=$ticketno?>"><?=_("Show Assurances the user gave")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15&amp;ticketno=<?=$ticketno?>"><?=_("New calculation")?></a>)
+ </td>
+ </tr>
+ </table>
+ <?
+ // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
+
+ function showassuredto()
+ {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="8" class="title"><?=_("Assurance Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Email")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ <td class="DataTD"><b><?=_("Revoke")?></b></td>
+ </tr>
+ <?
+ $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $points = 0;
+ while($drow = mysql_fetch_assoc($dres)) {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
+ $points += $drow['points'];
+ ?>
+ <tr>
+ <td class="DataTD"><?=$drow['id']?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
+ <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
+ <td class="DataTD"><?=intval($drow['points'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
+ </tr>
+ <?
+ }
+ ?>
+ <tr>
+ <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD" colspan="3">&nbsp;</td>
+ </tr>
+ </table>
+ <?
+ }
+
+ function showassuredby()
+ {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Email")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ <td class="DataTD"><b><?=_("Revoke")?></b></td>
+ </tr>
+ <?
+ $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $points = 0;
+ while($drow = mysql_fetch_assoc($dres)) {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
+ $points += $drow['points'];
+ ?>
+ <tr>
+ <td class="DataTD"><?=$drow['id']?></td>
+ <td class="DataTD"><?=$drow['date']?></td>
+ <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
+ <td class="DataTD"><?=$drow['points']?></td>
+ <td class="DataTD"><?=$drow['location']?></td>
+ <td class="DataTD"><?=$drow['method']?></td>
+ <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
+ </tr>
+ <?
+ }
+ ?>
+ <tr>
+ <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD" colspan="3">&nbsp;</td>
+ </tr>
+ </table>
+ <?} ?>
+<br/><br/>
+<?
+} }
+
+if(isset($_GET['shownotary'])) {
+ switch($_GET['shownotary']) {
+ case 'assuredto':
+ showassuredto();
+ break;
+ case 'assuredby':
+ showassuredby();
+ break;
+ case 'assuredto15':
+ output_received_assurances(intval($_GET['userid']),1,$ticketno);
+ break;
+ case 'assuredby15':
+ output_given_assurances(intval($_GET['userid']),1, $ticketno);
+ break;
+ }
+}
diff --git a/pages/account/44.php b/pages/account/44.php
index fd34612..9e4e194 100644
--- a/pages/account/44.php
+++ b/pages/account/44.php
@@ -15,7 +15,12 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); }
+
+$ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
+
+?>
+
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -35,4 +40,5 @@
</table>
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
</form>
diff --git a/pages/account/49.php b/pages/account/49.php
index 688b9a4..0218fa0 100644
--- a/pages/account/49.php
+++ b/pages/account/49.php
@@ -34,7 +34,7 @@
if(mysql_num_rows($res) >= 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
+ <td colspan="5" class="title"><?=_("Select Specific User Account Details")?></td>
</tr>
<?
while($row = mysql_fetch_assoc($res))
@@ -58,7 +58,11 @@
$row = mysql_fetch_assoc($res);
$_GET['userid'] = intval($row['id']);
} else {
- printf(_("No personal domains found matching %s"), sanitizeHTML($domain));
+ ?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?printf(_("No personal domains found matching %s"), sanitizeHTML($domain));?></td>
+ </tr>
+ </table><br><br><?
}
$query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100";
@@ -66,7 +70,7 @@
if(mysql_num_rows($res) >= 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
+ <td colspan="5" class="title"><?=_("Select Specific Organisation Account Details")?></td>
</tr>
<?
while($row = mysql_fetch_assoc($res))
@@ -90,7 +94,11 @@
$row = mysql_fetch_assoc($res);
$_GET['userid'] = intval($row['id']);
} else {
- printf(_("No organisational domains found matching %s"), sanitizeHTML($domain));
+ ?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?printf(_("No organisational domains found matching %s"), sanitizeHTML($domain));?></td>
+ </tr>
+ </table><br><br><?
}
}
diff --git a/pages/account/5.php b/pages/account/5.php
index 5c131ba..44763e2 100644
--- a/pages/account/5.php
+++ b/pages/account/5.php
@@ -19,28 +19,29 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Email Address")?></td>
- <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Login")?></td>
-
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<?
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
- `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`expire` as `expires`,
`emailcerts`.`revoked` as `revoke`,
- UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
`emailcerts`.`id`,
`emailcerts`.`CN`,
`emailcerts`.`serial`,
- emailcerts.disablelogin as `disablelogin`
+ `emailcerts`.`disablelogin` as `disablelogin`,
+ `emailcerts`.`description`
from `emailcerts`
where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
";
@@ -56,7 +57,7 @@
{
?>
<tr>
- <td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+ <td colspan="10" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -86,31 +87,39 @@
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
<? } ?>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD">
<input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
- <input type="hidden" name="cert_<?=$row['id']?>" value="1"/>
+ <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
</td>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
-<? } ?>
+ <? } ?>
<tr>
- <td class="DataTD" colspan="8">
+ <td class="DataTD" colspan="9">
<a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
</td>
</tr>
<tr>
- <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
- <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ <td class="DataTD" colspan="9">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+
+ <tr>
+ <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>" />&#160;&#160;&#160;&#160;
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td>
- <td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+ <td class="DataTD" colspan="4"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
</tr>
<? } ?>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
diff --git a/pages/account/50.php b/pages/account/50.php
index 1604156..a4c2413 100644
--- a/pages/account/50.php
+++ b/pages/account/50.php
@@ -19,13 +19,17 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="2" class="title"><?=_("Change Password")?></td>
+ <td colspan="2" class="title"><?=_("Delete Account")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td>
</tr>
<tr>
+ <td class="DataTD"><?=_("New Username from arbitration number + sequence number a20xxyyzz.a.b")?>:</td>
+ <td class="DataTD"><input type="text" name="arbitrationno"></td>
+ </tr>
+ <tr>
<td class="DataTD" colspan="2"><?=_("Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.")?></td>
</tr>
<tr>
diff --git a/pages/account/57.php b/pages/account/57.php
new file mode 100644
index 0000000..76eee27
--- /dev/null
+++ b/pages/account/57.php
@@ -0,0 +1,107 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ include_once($_SESSION['_config']['filepath'].'/includes/notary.inc.php');
+
+ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
+
+ echo _('You do not have access to this page');
+
+ } else {
+ $user_id = intval($_REQUEST['userid']);
+ $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ } else {
+ $row = mysql_fetch_assoc($res);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_('CCA agreement of').' '.sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname'])?></td>
+ </tr>
+</table>
+
+
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="DataTD"><b><?=_('CCA type')?></b></td>
+ <td class="DataTD"><b><?=_('Date')?></b></td>
+ <td class="DataTD"><b><?=_('Method')?></b></td>
+ <td class="DataTD"><b><?=_('Type')?></b></td>
+ </tr>
+<?
+ $data=get_first_user_agreement($user_id,1);
+ if (!isset($data['active'])){
+ $type='';
+ }else{
+ $type=_('active');
+ }
+?>
+ <tr>
+ <td class="DataTD"><?=_('First active CCA')?></td>
+ <td class="DataTD"><?=$data['date']?></td>
+ <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=$type?></td>
+ </tr>
+<?
+ $data=get_first_user_agreement($user_id,0);
+ if (!isset($data['active'])){
+ $type="";
+ }else{
+ $type=_('passive');
+ }
+?>
+ <tr>
+ <td class="DataTD"><?=_('First passive CCA')?></td>
+ <td class="DataTD"><?=$data['date']?></td>
+ <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=$type?></td>
+ </tr>
+<?
+ $data=get_last_user_agreement($user_id);
+ if (!isset($data['active'])){
+ $type="";
+ }elseif($data['active']==1){
+ $type=_('active');
+ }else{
+ $type=_('passive');
+ }
+?>
+ <tr>
+ <td class="DataTD"><?=_('Last CCA')?></td>
+ <td class="DataTD"><?=$data['date']?></td>
+ <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=$type?></td>
+ </tr>
+</table>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+<?
+ if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
+?>
+ <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
+<? }
+?> </table>
+<?
+ }
+}
+?>
diff --git a/pages/account/58.php b/pages/account/58.php
new file mode 100644
index 0000000..1f6b1a0
--- /dev/null
+++ b/pages/account/58.php
@@ -0,0 +1,61 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
+ echo _('You do not have access to this page');
+} else {
+ $user_id = intval($_REQUEST['userid']);
+ $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) != 1){
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ } else {
+ if ($row = mysql_fetch_assoc($res)){
+ $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']);
+ $query = "select `orginfo`.`o`, `org`.`masteracc`
+ FROM `orginfo`, `org`
+ WHERE `orginfo`.`id` = `org`.`orgid`
+ AND `org`.`memid`='$user_id' order by `orginfo`.`o`";
+ $res1 = mysql_query($query);?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"><?
+ if (mysql_num_rows($res1) <= 0) {?>
+ <tr>
+ <td colspan="2" class="title"><?=sprintf(_('%s is not listed as Organisation Administrator'), $username)?></td>
+ </tr>
+ <?}else{?>
+ <tr>
+ <td colspan="2" class="title"><?=sprintf(_('%s is listed as Organisation Administrator for:'), $username)?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_('Organisation')?></b></td>
+ <td class="DataTD"><b><?=_('Masteraccount')?></b></td>
+ </tr><?
+ while($drow = mysql_fetch_assoc($res1)){?>
+ <tr>
+ <td class="DataTD"><?=$drow['o']?></td>
+ <td class="DataTD"><?=$drow['masteracc'] ? _("Yes") : _("No") ?></td>
+ </tr>
+ <?}
+ }
+ ?></table>
+<? }else{
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ }
+ }
+}
+?>
diff --git a/pages/account/59.php b/pages/account/59.php
new file mode 100644
index 0000000..0eaafc4
--- /dev/null
+++ b/pages/account/59.php
@@ -0,0 +1,284 @@
+<?/*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+
+$colspandefault=2;
+$userid = intval($_REQUEST['userid']);
+$res =get_user_data($userid);
+
+if(mysql_num_rows($res) <= 0)
+{
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ exit;
+}
+
+$row = mysql_fetch_assoc($res);
+
+$fname = $row['fname'];
+$mname = $row['mname'];
+$lname = $row['lname'];
+$suffix = $row['suffix'];
+$dob = $row['dob'];
+$username = $fname." ".$mname." ".$lname." ".$suffix;
+$email = $row['email'];
+$alerts =get_alerts($userid);
+$support=0;
+if(intval($_REQUEST['oldid'])==43){
+ $support=$_SESSION['profile']['admin'];
+}
+
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspandefault ?>" class="title"><?=sprintf(_('Account history of %s'),$username)?></td>
+ </tr>
+ <tr>
+ <td colspan="<?=$colspandefault ?>" class="title"><?=_('User actions')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('User name')?></td>
+ <td class="DataTD"><?=$username?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Date of Birth')?></td>
+ <td class="DataTD"><?=$dob?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Is Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['assurer']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['assurer_blocked']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Account Locking")?>:</td>
+ <td class="DataTD"><?= ($row['locked']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Code Signing")?>:</td>
+ <td class="DataTD"><?= ($row['codesign']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Org Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['orgadmin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("TTP Admin")?>:</td>
+ <td class="DataTD"><?= $row['ttpadmin']._(' - 0 = none, 1 = TTP Admin, 2 = TTP TOPUP admin')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location Admin")?>:</td>
+ <td class="DataTD"><?= ($row['locadmin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Admin")?>:</td>
+ <td class="DataTD"><?= ($row['admin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Ad Admin")?>:</td>
+ <td class="DataTD"><?= $row['adadmin']._(' - 0 = none, 1 = submit, 2 = approve')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("General Announcements")?>:</td>
+ <td class="DataTD"><?= ($alerts['general']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Regional Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
+</table>
+<br/>
+<?
+$dres = get_email_address($userid,'',1);
+if(mysql_num_rows($dres) > 0) {
+?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Email addresses')?></td>
+ </tr>
+<?
+ output_log_email_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_email($drow,$email);
+ } ?>
+</table>
+<br/>
+<?}
+$dres = get_domains($userid,'',1);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Domains')?></td>
+ </tr>
+<?
+if(mysql_num_rows($dres) > 0) {
+ output_log_domains_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_domains($drow,$email);
+ }
+}ELSE{?>
+ <td colspan="3" ><?=_('no entry avialable')?></td>
+<?}?>
+</table>
+<br/>
+
+<?
+$dres = get_training_result($userid);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Trainings')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_training_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_training($drow);
+ }
+ }ELSE{
+ ?><td colspan="3" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_user_agreement($userid,'',1);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="4" class="title"><?=_('User agreements')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_agreement_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_agreement($drow);
+ }
+ }ELSE{
+ ?><td colspan="4" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_client_certs($userid,1);
+$colspan=10;
+if (1==$support) {
+ $colspan=7;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Client certificates')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_client_cert_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_client_cert($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_server_certs($userid,1);
+$colspan = 8;
+if (1 == $support) {
+ $colspan = 5;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Server certificates')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_server_certs_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_server_certs($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_gpg_certs($userid,1);
+$colspan = 6;
+if (1 == $support) {
+ $colspan = 4;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('GPG/PGP certificates')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_gpg_certs_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_gpg_certs($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_se_log($userid);
+$colspan = 2;
+if (1 == $support) {
+ $colspan = 4;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Admin log')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_se_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_se($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
diff --git a/pages/account/6.php b/pages/account/6.php
index 38af8e8..0054b7a 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -14,123 +14,173 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
-
- $query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- showheader(_("My CAcert.org Account!"));
- echo _("No such certificate attached to your account.");
- showfooter();
- exit;
+*/
+
+// Get certificate information
+$certid = 0;
+if(array_key_exists('cert',$_REQUEST)) {
+ $certid = intval($_REQUEST['cert']);
+}
+
+$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
+ `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ `emailcerts`.`id`,
+ `emailcerts`.`CN`,
+ `emailcerts`.`serial`,
+ `emailcerts`.`disablelogin` as `disablelogin`,
+ `emailcerts`.`crt_name`,
+ `emailcerts`.`keytype`,
+ `emailcerts`.`description`
+ from `emailcerts`
+ where `emailcerts`.`id`='$certid' and
+ `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'";
+
+$res = mysql_query($query);
+if(mysql_num_rows($res) <= 0) {
+ showheader(_("My CAcert.org Account!"));
+ echo _("No such certificate attached to your account.");
+ showfooter();
+ exit;
+}
+$row = mysql_fetch_assoc($res);
+
+
+if (array_key_exists('format', $_REQUEST)) {
+ // Which output format?
+ if ($_REQUEST['format'] === 'der') {
+ $outform = '-outform DER';
+ $extension = 'cer';
+ } else {
+ $outform = '-outform PEM';
+ $extension = 'crt';
}
- $row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
-
- if($row['keytype'] == "NS")
- {
- if(array_key_exists('install',$_REQUEST) && $_REQUEST['install'] == 1)
- {
- header("Content-Type: application/x-x509-user-cert");
- header("Content-Length: ".strlen($cert));
- $fname=sanitizeFilename($row['CN']);
- if($fname=="") $fname="certificate";
- header('Content-Disposition: inline; filename="'.$fname.'.crt"');
- echo $cert;
- exit;
- } else {
- showheader(_("My CAcert.org Account!"));
- echo "<h3>"._("Installing your certificate")."</h3>\n";
- echo "<p>"._("You are about to install a certificate, if you are using mozilla/netscape based browsers you will not be informed that the certificate was installed successfully, you can go into the options dialog box, security and manage certificates to view if it was installed correctly however.")."</p>\n";
- echo "<p><a href='account.php?id=6&amp;cert=$certid&amp;install=1'>"._("Click here")."</a> "._("to install your certificate.")."</p>\n";
- showfooter();
- exit;
- }
- } else {
- showheader(_("My CAcert.org Account!"));
-?>
-<h3><?=_("Installing your certificate")?></h3>
+ $cert = `/usr/bin/openssl x509 -in $crtname $outform`;
-<p><?=_("Hit the 'Install your Certificate' button below to install the certificate into MS IE 5.x and above.")?>
+ header("Content-Type: application/pkix-cert");
+ header("Content-Length: ".strlen($cert));
-<OBJECT classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
-<?=_("You must enable ActiveX for this to work.")?>
-</OBJECT>
-<FORM >
-<INPUT TYPE=BUTTON NAME="CertInst" VALUE="<?=_("Install Your Certificate")?>">
-</FORM>
+ $fname = sanitizeFilename($row['CN']);
+ if ($fname=="") $fname="certificate";
+ header("Content-Disposition: attachment; filename=\"${fname}.${extension}\"");
-</P>
+ echo $cert;
+ exit;
-<SCRIPT LANGUAGE=VBS>
- Sub CertInst_OnClick
- certchain = _
-<?
- $lines = explode("\n", $cert);
- if(is_array($lines))
- foreach($lines as $line)
- {
- $line = trim($line);
- if($line != "-----END CERTIFICATE-----")
- echo "\"$line\" & _\n";
- else {
- echo "\"$line\"\n";
- break;
- }
- }
-?>
+} elseif (array_key_exists('install', $_REQUEST)) {
+ if (array_key_exists('HTTP_USER_AGENT',$_SERVER) &&
+ strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) {
- On Error Resume Next
-
- Dim obj
- Set obj=CreateObject("X509Enrollment.CX509Enrollment")
- If IsObject(obj) Then
- obj.Initialize(1)
- obj.InstallResponse 0,certchain,0,""
- if err.number<>0 then
- msgbox err.Description
- else
- msgbox "<?=_("Certificate installed successfully. Please don't forget to backup now")?>"
- end if
- else
-
-
-
-
- cec.DeleteRequestCert = FALSE
- err.clear
-
- cec.WriteCertToCSP = TRUE
- cec.acceptPKCS7(certchain)
- if err.number <> 0 Then
- cec.WriteCertToCSP = FALSE
- end if
- err.clear
- cec.acceptPKCS7(certchain)
- if err.number <> 0 then
- errorMsg = "<?=_("Certificate installation failed!")?>" & chr(13) & chr(10) & _
- "(Error code " & err.number & ")"
- msgRes = MsgBox(errorMsg, 0, "<?=_("Certificate Installation Error")?>")
- else
- okMsg = "<?=_("Personal Certificate Installed.")?>" & chr(13) & chr(10) & _
- "See Tools->Internet Options->Content->Certificates"
- msgRes = MsgBox(okMsg, 0, "<?=_("Certificate Installation Complete!")?>")
- end if
- End If
- End Sub
-</SCRIPT>
-
-<p><?=_("Your certificate:")?></p>
-<pre><?=$cert?></pre>
-<?
-
- showfooter();
+ // Handle IE
+ //TODO
+
+ } else {
+ // All other browsers
+ $crtname=escapeshellarg($row['crt_name']);
+ $cert = `/usr/bin/openssl x509 -in $crtname -outform DER`;
+
+ header("Content-Type: application/x-x509-user-cert");
+ header("Content-Length: ".strlen($cert));
+
+ $fname = sanitizeFilename($row['CN']);
+ if ($fname=="") $fname="certificate";
+ header("Content-Disposition: inline; filename=\"${fname}.cer\"");
+
+ echo $cert;
exit;
}
+
+} else {
+ showheader(_("My CAcert.org Account!"), _("Install your certificate"));
+ echo '<ul class="no_indent">';
+ echo "<li><a href='account.php?id=$id&amp;cert=$certid&amp;install'>".
+ _("Install the certificate into your browser").
+ "</a></li>\n";
+
+ echo "<li><a href='account.php?id=$id&amp;cert=$certid&amp;format=pem'>".
+ _("Download the certificate in PEM format")."</a></li>\n";
+
+ echo "<li><a href='account.php?id=$id&amp;cert=$certid&amp;format=der'>".
+ _("Download the certificate in DER format")."</a></li>\n";
+ echo '</ul>';
+
+ // Allow to directly copy and paste the cert in PEM format
+ $crtname=escapeshellarg($row['crt_name']);
+ $cert = `/usr/bin/openssl x509 -in $crtname -outform PEM`;
+ echo "<pre>$cert</pre>";
+
+ ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Information about the certificate")?></td>
+ </tr>
+<?
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
?>
+ <tr>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[<?=$row['id']?>]" ></td>
+<? } else if($verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[<?=$row['id']?>]"></td>
+<? } else { ?>
+ <td class="DataTD">&nbsp;</td>
+<? } ?>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=$verified?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=$row['serial']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Login")?></td>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Comment")?></td>
+ <td class="DataTD"><input type="text" name="description" maxlength="100" size=100 value="<?=htmlspecialchars($row['description'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="6">
+<input type="hidden" name="certid" value="<?=$certid?>">
+</form>
+<?
+ showfooter();
+ exit;
+}
diff --git a/pages/account/8.php b/pages/account/8.php
index 6b3de01..79448d1 100644
--- a/pages/account/8.php
+++ b/pages/account/8.php
@@ -25,7 +25,7 @@
if(is_array($_SESSION['_config']['addy']))
foreach($_SESSION['_config']['addy'] as $add) { ?>
<tr>
- <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?>></td>
+ <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?> /></td>
<td class="DataTD" width="175"><?=$add?></td>
</tr>
<? } ?>
@@ -34,5 +34,5 @@
</tr>
</table>
<input type="hidden" name="csrf" value="<?=make_csrf('ctcinfo')?>" />
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
diff --git a/pages/gpg/0.php b/pages/gpg/0.php
index ce3b72a..a11c4bf 100644
--- a/pages/gpg/0.php
+++ b/pages/gpg/0.php
@@ -19,7 +19,11 @@
?>
<p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p>
<form method="post" action="gpg.php">
-<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<p><?=_("Optional comment, only used in the certificate overview")?><br />
+ <input type="text" name="description" maxlength="80" size=80 /></p>
+<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br />
+<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
+ <?=_("Please Note: You need to accept the CCA to proceed.")?></p>
+<input type="submit" name="process" value="<?=_("Submit")?>" />
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
diff --git a/pages/gpg/2.php b/pages/gpg/2.php
index e10935e..cc8a872 100644
--- a/pages/gpg/2.php
+++ b/pages/gpg/2.php
@@ -15,29 +15,30 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
+<form method="post" action="gpg.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="5" class="title"><?=_("OpenPGP Keys")?></td>
+ <td colspan="6" class="title"><?=_("OpenPGP Keys")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Email Address")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Key ID")?></td>
-
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<?
$query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`expire`) as `expired`,
- `expire` as `expires`, `id`, `level`,
- `email`,`keyid` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
+ `expire` as `expires`, `id`, `level`,
+ `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
ORDER BY `issued` desc";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
- <td colspan="5" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
+ <td colspan="6" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -62,10 +63,19 @@
<? } ?>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
-
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
</tr>
<? } ?>
<? } ?>
+ <tr>
+ <td class="DataTD" colspan="6">
+ <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
+ </tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
diff --git a/pages/index/0.php b/pages/index/0.php
index d1d3fef..b1359f6 100644
--- a/pages/index/0.php
+++ b/pages/index/0.php
@@ -29,61 +29,52 @@
<div class="newsbox">
<?
-/*
- $query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 5";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- {
- echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n";
- if($row['story'] != "")
- echo "<p>[ <a href='news.php?id=".$row['id']."'>"._("Full Story")."</a> ]</p>\n";
- }
- if(mysql_num_rows(mysql_query("select * from `news`")) > 2)
- echo "<p>[ <a href='news.php'>"._("More News Items")."</a> ]</p>";
-*/
- $rss = "";
- $open = $items = 0;
- $fp = @fopen("/www/pages/index/feed.rss", "r");
- if($fp)
- {
- echo '<p id="lnews">'._('Latest News').'</p>';
-
-
- while(!feof($fp))
- $rss .= trim(fgets($fp, 4096));
- fclose($fp);
- $rss = str_replace("><", ">\n<", $rss);
- $lines = explode("\n", $rss);
- foreach($lines as $line)
- {
- $line = trim($line);
-
- if($line != "<item>" && $open == 0)
- continue;
-
- if($line == "<item>" && $open == 0)
- {
- $open = 1;
- continue;
- }
-
- if($line == "</item>" && $open == 1)
- {
- $items++;
- if($items >= 3)
- break;
- $open == 0;
- continue;
- }
- if(substr($line, 0, 7) == "<title>")
- echo "<h3>".str_replace("&amp;#", "&#", recode_string("UTF8..html", str_replace("&amp;", "", trim(substr($line, 7, -8)))))."</h3>\n";
- if(substr($line, 0, 13) == "<description>")
- echo "<p>".str_replace("&amp;#", "&#", recode_string("UTF8..html", str_replace("&amp;", "", trim(substr($line, 13, -14)))))."</p>\n";
- if(substr($line, 0, 6) == "<link>")
- echo "<p>[ <a href='".trim(substr($line, 6, -7))."'>"._("Full Story")."</a> ]</p>\n";
+ printf("<p id='lnews'>%s</p>\n\n",_('Latest News'));
+
+ $xml = "/www/pages/index/feed.rss"; // FIXME: use relative path to allow operation with different document root
+ $dom = new DOMDocument();
+ $dom->preserveWhiteSpace = false;
+ $dom->Load($xml);
+
+ $xpath = new DOMXPath($dom); //Create an XPath query
+
+ $query = "//channel/item";
+ $items = $xpath->query($query);
+
+ $count = 0;
+ foreach($items as $id => $item) {
+ $query = "./title";
+ $nodeList = $xpath->query($query, $item);
+ $title = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue);
+
+ $query = "./link";
+ $nodeList = $xpath->query($query, $item);
+ $link = htmlspecialchars($nodeList->item(0)->nodeValue);
+
+ $query = "./description";
+ $nodeList = $xpath->query($query, $item);
+ $description = $nodeList->item(0)->nodeValue;
+ // The description may contain HTML entities => convert them
+ $description = html_entity_decode($description, ENT_COMPAT | ENT_HTML401, 'UTF-8');
+ // Description may contain HTML markup and unicode characters => encode them
+ // If we didn't decode and then encode again, (i.e. take the content
+ // as it is in the RSS feed) we might inject harmful markup
+ $description = recode_string("UTF8..html", $description);
+
+ printf("<h3><a href=\"%s\">%s</a></h3>\n", $link, $title);
+ printf("<p>%s</p>\n", nl2br($description));
+
+ $title = '';
+ $description = '';
+ $link = '';
+
+ $count++;
+ if ($count >= 3) {
+ break;
}
}
?>
+
[ <a href="http://blog.CAcert.org/"><?=_('More News Items')?></a> ]
</div>
<hr/>
@@ -118,54 +109,12 @@
<p><?=_("If you are located in Australia, use bank transfer instead.")?></p>
<p><?=_("CAcert bank account details:")?></p>
-
-<ul>
+<ul class="no_indent">
<li>Account Name: CAcert Inc</li>
+<li>SWIFT: WPACAU2S</li>
<li>BSB: 032073</li>
<li>Account No.: 180264</li>
</ul>
<br /><br />
<?=_("If you want to participate in CAcert.org, have a look")?> <a href="http://wiki.cacert.org/wiki/HelpingCAcert"><?=_("here")?></a> <?=_("and")?> <a href="http://wiki.cacert.org/wiki/SystemTasks"><?=_("here")?></a>.
-
-<!--
-<h3><?=_("For CAcert Association Members")?></h3>
-
-<b><?=_("Have you paid your CAcert Association membership fees for the year?")?></b>
-<p><?=_("If not then select this PayPal button to pay your US$10 membership fee for the year.")?></p>
-<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
-<input type="hidden" name="cmd" value="_s-xclick">
-<input type="image" src="/images/payment2.png" border="0" name="submit" alt="Make payments with PayPal">
-<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHiAYJKoZIhvcNAQcEoIIHeTCCB3UCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAVW/F7PUYp3SMSCdOj1L4lNmZk8TPLmyFBXiYe/dP6bdcsvvx0A58mLC/3j961TCs95gXWqYx5vDD9znDEii5An7weRqtaxFa9B+UplKT2kcQJpi45zsGKzhwtHF/g0aJQdLmzrDYNnWd16UvhuasUIV501LaZB3ykq5j2eDJV/DELMAkGBSsOAwIaBQAwggEEBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECJHKnDgLaYrEgIHgjYPDm0r2cH9hexIMEuCuiO9eOIsYxpzC50y9+ZWltUA9Eqp8avPT3ExC4qaw6FS8eo4+UWweESWXpAk3QrNTXgeV+Zf/4RjUEurpkRECinPUCtTgJvs6XLaPU50hAAaV9QmknT4DICcmB7djry0tB1FbLOmnqMyOTpT2pKDuL7r6hgEIAnCyASBtO5E8YJWFgSneQ53PbtT+YuAcVwIOD83wFRDAjlwYhs50VD6ugK07SXxC5I8RFV65PZS/qIiEEBCv7yiXi/U9DK4QG+3ojuxkP6ZjwshGb/99uK1NZCqgggOHMIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wHhcNMDQwMjEzMTAxMzE1WhcNMzUwMjEzMTAxMzE1WjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFHTt38RMxLXJyO2SmS+Ndl72T7oKJ4u4uw+6awntALWh03PewmIJuzbALScsTS4sZoS1fKciBGoh11gIfHzylvkdNe/hJl66/RGqrj5rFb08sAABNTzDTiqqNpJeBsYs/c2aiGozptX2RlnBktH+SUNpAajW724Nv2Wvhif6sFAgMBAAGjge4wgeswHQYDVR0OBBYEFJaffLvGbxe9WT9S1wob7BDWZJRrMIG7BgNVHSMEgbMwgbCAFJaffLvGbxe9WT9S1wob7BDWZJRroYGUpIGRMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIFfOlaagFrl71+jq6OKidbWFSE+Q4FqROvdgIONth+8kSK//Y/4ihuE4Ymvzn5ceE3S/iBSQQMjyvb+s2TWbQYDwcp129OPIbD9epdr4tJOUNiSojw7BHwYRiPh58S1xGlFgHFXwrEBb3dgNbMUa+u4qectsMAXpVHnD9wIyfmHMYIBmjCCAZYCAQEwgZQwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMDMwNzA2NDdaMCMGCSqGSIb3DQEJBDEWBBQQVDeJMeMteu3fuP5xIdpSiYrfLDANBgkqhkiG9w0BAQEFAASBgHIt5M/R6uPXFU0bVQJWcoO++ETE4nPbp+Nz+o7bclXsxIQL+yG5C5vQdpgNeCLuq42sPv+QUuVoMxio6hecCgHewwqAxkrUUr+teGOFSEqpfXBhjWfkUvZLvOy1ix6pSpjLnUu4bbJxaA5eM0gZQDZCJ8nh0HxPScdi5BhVuPSk-----END PKCS7-----
-">
-</form>
-<p><?=_("If you are located in Australia, you can use bank transfer instead and pay the equivalent of US$10 in AU$.")?></p>
-
-<p><?=_("Please also include Your name in the transaction so we know who it came from or send an email to robert at cacert dot org with the details:")?></p>
-
-<ul>
-<li>Account Name: CAcert Inc</li>
-<li>BSB: 032073</li>
-<li>Account No.: 180264</li>
-</ul>
-<br/><br/>
--->
-
-
-<!--
-<h3><?=_("Introduction")?></h3>
-
-<p><?=_("It's been a long time coming, but the wait was worthwhile, finally you are able to get security at the right price... Free!")?></p>
-
-<p><?=_("For years we've all been charged high amounts of money to pay for security that doesn't and shouldn't cost the earth.")?></p>
-
-<p><?=_("The primary goals are:")?>
-<ul>
-<li><?=_("Inclusion into mainstream browsers!")?></li>
-<li><?=_("To provide a trust mechanism to go with the security aspects of encryption.")?></li>
-</ul>
-
-<p><?=sprintf(_("For general documentation and help please see our %s site"), "<a href='http://wiki.CAcert.org'>"._("Wiki Documentation")."</a>")?>.</p>
--->
-
-
diff --git a/pages/index/10.php b/pages/index/10.php
index 9e09bb8..7280e09 100644
--- a/pages/index/10.php
+++ b/pages/index/10.php
@@ -14,11 +14,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<p style="background-color: #FF8080; font-size: 150%">
-<?
-printf(_('This page has been moved to the %spolicy directory%s. Please update '.
- 'your bookmarks and report any broken links.'),
- '<a href="/policy/PrivacyPolicy.html">', '</a>');
-?>
-</p>
+*/
+
+ header('HTTP/1.0 301 Moved Permanently');
+ header('Location: http://www.cacert.org/policy/CertificationPracticeStatement.php');
+ exit();
diff --git a/pages/index/11.php b/pages/index/11.php
index 8391903..d1ef4df 100644
--- a/pages/index/11.php
+++ b/pages/index/11.php
@@ -27,17 +27,28 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
<p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
-<form method="post" name="form1">
+<form method="post" action="index.php" name="form1">
<input type="hidden" name="oldid" value="<?=$id?>">
- <input type="hidden" name="support" value="yes">
+<!-- <input type="hidden" name="support" value="yes"> -->
<input type="hidden" name="secrethash2" value="">
+ <p class="robotic" id="pot">
+ <label>If you're human leave this blank:</label>
+ <input name="robotest" type="text" id="robotest" class="robotest" />
+ </p>
<table border="0">
- <tr><td width="90"><?=_("Your Name")?>:</td><td><input type="text" name="who"></td><td>&#160;</td></tr>
- <tr><td><?=_("Your Email")?>:</td><td><input type="text" name="email"></td></tr>
- <tr><td><?=_("Subject")?>:</td><td><input type="text" name="subject"></td></tr>
- <tr><td colspan="2"><textarea name="message" cols="40" rows="10"></textarea></td></tr>
- <tr><td colspan="3"><font color="#ff0000"><?=_("Warning: Please do not enter confidential data into this form, it is being sent to a public mailinglist. Use the form further below instead.")?></font></td></tr>
- <tr><td colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td></tr>
+ <tr><td width="100"><?=_("Your Name")?>:</td><td width="100"><input type="text" name="who"></td><td width="100"></td><td width="100"></td>
+ <tr><td width="100"><?=_("Your Email")?>:</td><td colspan="3"><input type="text" name="email"></td>
+ <tr><td width="100"><?=_("Subject")?>:</td><td colspan="3"><input type="text" name="subject"></td></tr>
+ <tr><td width="100" valign="top"><?=_("Message")?>:</td><td colspan="3"><textarea name="message" cols="70" rows="10"></textarea></td></tr>
+
+ <tr>
+ <td colspan="2"><font color="#ff0000"><?=_("Warning: Please do not use \"send to mailing list\" when you entered confidential data. The request is being sent to a public mailinglist.")?></font></td>
+ <td colspan="2"><?=_("For confidential data use \"send to support\".")?></td>
+ </tr>
+ <tr>
+ <td colspan="2"><input type="submit" name="process[0]" value="<?=_("Send to mailing list")?>"></td>
+ <td colspan="2"><input type="submit" name="process[1]" value="<?=_("Send to support")?>"></td>
+ </tr>
</table>
</form>
@@ -50,31 +61,8 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
<p><?=_("There are a number of other mailing lists CAcert runs, some are general discussion, others are technical (such as the development list) or platform specific help (such as the list for Apple Mac users)")?></p>
<p><a href="http://lists.cacert.org/"><?=_("Click here to view all lists available")?></a></p>
-<p><b><?=_("Sensitive Information")?></b></p>
-<p><?=_("If you have questions, comments or otherwise and information you're sending to us contains sensitive details, you should use the contact form below. Due to the large amounts of support emails we receive, sending general questions via this contact form will generally take longer then using the support mailing list. Also sending queries in anything but english could cause delays in supporting you as we'd need to find a translator to help.")?></p>
-<form method="post" action="https://www.cacert.org/index.php" name="form2">
- <input type="hidden" name="secrethash2" value="">
- <input type="hidden" name="oldid" value="<?=$id?>">
- <table border="0">
- <tr><td><?=_("Your Name")?>:</td><td><input type="text" name="who"></td></tr>
- <tr><td><?=_("Your Email")?>:</td><td><input type="text" name="email"></td></tr>
- <tr><td><?=_("Subject")?>:</td><td><input type="text" name="subject"></td></tr>
- <tr><td colspan="2"><textarea name="message" cols="40" rows="10"></textarea></td></tr>
- <tr><td colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td></tr>
- </table>
-</form>
-
<p><b><?=_("Security Issues")?></b></p>
-<p><?=_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on <a href='https://bugs.cacert.org/'>bugs.cacert.org</a> and mark it as private.")?></p>
-
-<p><b><?=_("Snail Mail")?></b></p>
-<p><?=_("Alternatively you can get in contact with us via the following methods:")?></p>
-
-<p><?=_("Postal Address:")?><br>
-CAcert Inc.<br>
-P.O. Box 4107<br>
-Denistone East NSW 2112<br>
-Australia</p>
+<p><?=sprintf(_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on %s and mark it as private."),"<a href='https://bugs.cacert.org/'>bugs.cacert.org</a>")?></p>
<script type="text/javascript">
<!--
diff --git a/pages/index/13.php b/pages/index/13.php
index 68ee5ed..612422f 100644
--- a/pages/index/13.php
+++ b/pages/index/13.php
@@ -35,10 +35,24 @@ printf(_("CAcert Inc. is a non-profit association which is legally able to accep
<pre>
Account Name: CAcert Inc
-BSB: 032073
-Account No.: 180264
+SWIFT: WPACAU2S
+BSB: 032073
+Account No.: 180264
</pre>
<p><?=_("ANY amount will be appreciated - the more funding CAcert receives, the sooner it can achieve the goals of the community.")?></p>
<p><?=_("Thank you very much for your support, your donations help CAcert to continue to operate.")?></p>
+
+
+<h3><?=_("Using Our Affiliate Partners")?></h3>
+
+<h4>Booking.com</h4>
+
+<p><?=_("If you do any trips where you need accommodation why not book via booking.com?")?></p>
+
+<p><?php
+ printf(_("For any booking done over %s started from this page CAcert gets a share of the provision. You do not pay more but you will support CAcert."),
+ '<a href="//www.booking.com/index.html?aid=346253">booking.com</a>');
+ ?></p>
+
diff --git a/pages/index/21.php b/pages/index/21.php
index 4d2599c..f07bbb8 100644
--- a/pages/index/21.php
+++ b/pages/index/21.php
@@ -14,33 +14,42 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+/*
+page called from the following pages
+ a. https://wiki.cacert.org/Price [^]
+ b. https://wiki.cacert.org/CacertMembership/DE [^]
+ c. https://wiki.cacert.org/CacertMembership [^]
+ d. https://wiki.cacert.org/CAcertInc [^]
+ e. https://wiki.cacert.org/Brain/CAcertInc [^]
*/ ?>
<h3><?=_("For CAcert Association Members")?></h3>
-<b><?=_("Have you paid your CAcert Association membership fees for the year?")?></b>
-<p><?=_("If not then select this PayPal button to establish annual payment of your US$10 membership fee.")?></p>
-<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<p><b><?=_("Have you paid your CAcert Association membership fees for the year?")?></b></p>
+
+<p><?=_("If not then select this PayPal button to establish annual payment of your 10 EUR membership fee.")?></p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
-<input type="image" src="/images/payment2.png" border="0" name="submit" alt="Make payments with PayPal">
-<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHiAYJKoZIhvcNAQcEoIIHeTCCB3UCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAVW/F7PUYp3SMSCdOj1L4lNmZk8TPLmyFBXiYe/dP6bdcsvvx0A58mLC/3j961TCs95gXWqYx5vDD9znDEii5An7weRqtaxFa9B+UplKT2kcQJpi45zsGKzhwtHF/g0aJQdLmzrDYNnWd16UvhuasUIV501LaZB3ykq5j2eDJV/DELMAkGBSsOAwIaBQAwggEEBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECJHKnDgLaYrEgIHgjYPDm0r2cH9hexIMEuCuiO9eOIsYxpzC50y9+ZWltUA9Eqp8avPT3ExC4qaw6FS8eo4+UWweESWXpAk3QrNTXgeV+Zf/4RjUEurpkRECinPUCtTgJvs6XLaPU50hAAaV9QmknT4DICcmB7djry0tB1FbLOmnqMyOTpT2pKDuL7r6hgEIAnCyASBtO5E8YJWFgSneQ53PbtT+YuAcVwIOD83wFRDAjlwYhs50VD6ugK07SXxC5I8RFV65PZS/qIiEEBCv7yiXi/U9DK4QG+3ojuxkP6ZjwshGb/99uK1NZCqgggOHMIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wHhcNMDQwMjEzMTAxMzE1WhcNMzUwMjEzMTAxMzE1WjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFHTt38RMxLXJyO2SmS+Ndl72T7oKJ4u4uw+6awntALWh03PewmIJuzbALScsTS4sZoS1fKciBGoh11gIfHzylvkdNe/hJl66/RGqrj5rFb08sAABNTzDTiqqNpJeBsYs/c2aiGozptX2RlnBktH+SUNpAajW724Nv2Wvhif6sFAgMBAAGjge4wgeswHQYDVR0OBBYEFJaffLvGbxe9WT9S1wob7BDWZJRrMIG7BgNVHSMEgbMwgbCAFJaffLvGbxe9WT9S1wob7BDWZJRroYGUpIGRMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIFfOlaagFrl71+jq6OKidbWFSE+Q4FqROvdgIONth+8kSK//Y/4ihuE4Ymvzn5ceE3S/iBSQQMjyvb+s2TWbQYDwcp129OPIbD9epdr4tJOUNiSojw7BHwYRiPh58S1xGlFgHFXwrEBb3dgNbMUa+u4qectsMAXpVHnD9wIyfmHMYIBmjCCAZYCAQEwgZQwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMDMwNzA2NDdaMCMGCSqGSIb3DQEJBDEWBBQQVDeJMeMteu3fuP5xIdpSiYrfLDANBgkqhkiG9w0BAQEFAASBgHIt5M/R6uPXFU0bVQJWcoO++ETE4nPbp+Nz+o7bclXsxIQL+yG5C5vQdpgNeCLuq42sPv+QUuVoMxio6hecCgHewwqAxkrUUr+teGOFSEqpfXBhjWfkUvZLvOy1ix6pSpjLnUu4bbJxaA5eM0gZQDZCJ8nh0HxPScdi5BhVuPSk-----END PKCS7-----
-">
+<input type="hidden" name="hosted_button_id" value="AMCDNMBBDXGA2">
+<input type="image" src="/images/btn_subscribeCC_LG.gif" border="0" name="submit" alt="Subscription payment for membership fee">
</form>
-<p><?=_("To do a single US$10 Membership-Fee Payment, please use this button:")?></p>
-<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<p><?=_("To do a single 10 EUR membership fee payment, please use this button:")?></p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
-<input type="hidden" name="hosted_button_id" value="586280">
-<input type="image" src="/images/btn_paynowCC_LG.gif" border="0" name="submit" alt="">
-</form>
+<input type="hidden" name="hosted_button_id" value="8F4WL72WX857J">
+<input type="image" src="/images/btn_paynowCC_LG.gif" border="0" name="submit" alt="Single payment for membership fee">
+</form>
-<p><?=_("If you are located in Australia, you can use bank transfer instead and pay the equivalent of US$10 in AU$.")?></p>
+<p><?=_("If you are located in Australia, you can use bank transfer instead and pay the equivalent of 10 EUR in AUD.")?></p>
<p><?=_("Please also include your name in the transaction so we know who it came from and send an email to secretary at cacert dot org with the details:")?></p>
<ul>
<li>Account Name: CAcert Inc</li>
+<li>SWIFT: WPACAU2S</li>
<li>BSB: 032073</li>
-<li>Account No.: 180264</li>
+<li>Account No: 180264</li>
</ul>
-<br/><br/>
diff --git a/pages/index/3.php b/pages/index/3.php
index c2cb391..a107c29 100644
--- a/pages/index/3.php
+++ b/pages/index/3.php
@@ -18,38 +18,45 @@
<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.php'>","</a>")?></p>
-<p>
-Class 1 <?=_("PKI Key")?><br>
-<a href="index.php?id=17"><?=_("Click here if you want to import the root certificate into Microsoft Internet Explorer 5.x/6.x")?></a><br>
-<a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a><br>
-<a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a><br>
-<a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a><br>
-<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a><br>
-<?=_("Fingerprint")?> SHA1: 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33<br/>
-<?=_("Fingerprint")?> MD5: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B<br/>
-</p>
+<h3><?=_("Windows Installer") ?></h3>
+<ul class="no_indent">
+ <li><? printf(_("%s Windows installer package %s for browsers that use the Windows certificate store %s (for example Internet Explorer, Chrome on Windows and Safari on Windows)"), '<a href="certs/CAcert_Root_Certificates.msi">', '</a>', '<br/>')?></li>
+ <li><?=_("SHA1 Hash:") ?> 2db1957db31aa0d778d1a65ea146760ee1e67611</li>
+ <li><?=_("SHA256 Hash:") ?> 88883f2e3117bae6f43922fbaef8501b94efe4143c12116244ca5d0c23bcbb16</li>
+</ul>
-<p>
-Class 3 <?=_("PKI Key")?><br>
-<a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a><br/>
-<a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a><br/>
-<a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a><br/>
-<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a><br/>
+<h3><?=_("Class 1 PKI Key")?></h3>
+<ul class="no_indent">
+ <li><a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a></li>
+ <li><a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a></li>
+ <li><a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a></li>
+ <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a></li>
+ <li><?=_("SHA1 Fingerprint:")?> 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33</li>
+ <li><?=_("MD5 Fingerprint:")?> A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B</li>
+</ul>
+
+<h3><?=_("Class 3 PKI Key")?></h3>
+<ul class="no_indent">
+ <li><a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li>
+ <li><a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a></li>
+ <li><a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li>
+ <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a></li>
<?php /*
class3 subroot fingerprint updated: 2011-05-23 class3 Re-sign project
https://wiki.cacert.org/Roots/Class3ResignProcedure/Migration
*/ ?>
-<?=_("Fingerprint")?> SHA1: AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE<br/>
-<?=_("Fingerprint")?> MD5: F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42<br/>
-</p>
+ <li><?=_("SHA1 Fingerprint:")?> AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE</li>
+ <li><?=_("MD5 Fingerprint:")?> F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42</li>
+</ul>
-<p>
-<?=_("GPG Key")?><br>
-<a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a><br>
-</p>
+<h3><?=_("GPG Key")?></h3>
+<ul class="no_indent">
+ <li><a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a></li>
+ <li><?=_("GPG Key ID:")?> 0x65D0FD58</li>
+ <li><?=_("Fingerprint:")?> A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58</li>
+</ul>
-<p>
-<?=_("PKI finger/thumb print signed by the CAcert GPG Key")?><br>
+<h4><?=_("PKI fingerprint signed by the CAcert GPG Key")?></h4>
<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
@@ -82,8 +89,8 @@ TG1yj+lkktROGGyn0hJ5SbM=
=tXoj
-----END PGP SIGNATURE-----
</pre>
-</p>
+<h3><?=_("History")?></h3>
<p>
<? printf(_('An overview over all CA certificates ever issued can be found in '.
'%sthe wiki%s.'),
diff --git a/pages/index/4.php b/pages/index/4.php
index ffbfe26..384ea56 100644
--- a/pages/index/4.php
+++ b/pages/index/4.php
@@ -25,11 +25,11 @@
?>
<? if($_SESSION['_config']['hostname'] == $_SESSION['_config']['securehostname']) { ?>
-<p><?=_("Warning! You've attempted to log into the system with a client certificate, but the login failed due to the certificate being expired, revoked, disabled for certificate login, or simply not valid for this site. You can login using your Email/Pass Phrase to get a new certificate, by clicking on 'Normal Login' to the right of your screen.")?></p>
+<p><?=sprintf(_("Warning! You've attempted to log into the system with a client certificate, but the login failed due to the certificate being expired, revoked, disabled for certificate login, or simply not valid for this site. You can login using your email/pass phrase to get a new certificate, by clicking on %sPassword Login%s on the right side of this page."),"<a href='https://".$_SESSION['_config']['normalhostname']."/index.php?id=4'>", "</a>")?></p>
<? } else { ?>
<style>
.box2 {width:100%;text-align:center;}
-.box {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:250px;width:300px;padding:1em;}
+.box {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:auto;width:300px;padding:1em;}
.smalltext {font-size:10px;}
label {width:100px;display:block;float:left;}
text {width:166px;display:block;float:left;}
@@ -45,15 +45,15 @@ h1 {font-size:1.9em;text-align:center;}
<label for="email"><?=_("Email Address")?>:</label><input type='text' name="email" value="<?=sanitizeHTML(array_key_exists("email",$_REQUEST)?$_REQUEST['email']:"")?>" <? if(array_key_exists('notauto',$_REQUEST) && $_REQUEST['noauto'] == 1) echo " autocomplete='off'"; ?>/><br />
<label for="pword"><?=_("Pass Phrase")?>:</label><input type='password' name='pword' autocomplete="off"/><br />
<input type='submit' name="process" value="<?=_("Login")?>" /><br /><br />
-<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4'><?=_("Password Login")?></a> -
-<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=5'><?=_("Lost Password")?></a> -
+<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4'><?=_("Password Login")?></a> -
+<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=5'><?=_("Lost Password")?></a> -
<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4&amp;noauto=1'><?=_("Net Cafe Login")?></a><br />
<p class='smalltext'><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
</div>
</div>
-<? }
+<? }
if(array_key_exists("oldlocation",$_SESSION['_config']) && $_SESSION['_config']['oldlocation']!="")
{
echo "<br/><center>"._("If you want to use certificate login instead of username+password, please")." <a href='https://secure.cacert.org/".sanitizeHTML($_SESSION['_config']['oldlocation'])."'>"._("click here")."</a></center>";
diff --git a/pages/wot/11.php b/pages/wot/11.php
deleted file mode 100644
index e25a862..0000000
--- a/pages/wot/11.php
+++ /dev/null
@@ -1,52 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? if($_SESSION['profile']['admin'] == 1) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("Organisational Assurance")?></td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("Organisation Title")?>:</b></td>
- <td class="DataTD">&nbsp;</td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("Contact Email")?>:</b></td>
- <td class="DataTD">&nbsp;</td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("Town/Suburb")?>:</b></td>
- <td class="DataTD">&nbsp;</td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("State/Province")?>:</b></td>
- <td class="DataTD">&nbsp;</td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("Country")?>:</b></td>
- <td class="DataTD">&nbsp;</td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("Comments")?>:</b></td>
- <td class="DataTD">&nbsp;</td>
- </tr>
-</table>
-<? } else { ?>
-<p><?=_("This page is a work in Progress. Please see this")?>
-<a href="http://wiki.cacert.org/wiki/OrganisationEntities"><?=_("article on the Wiki")?></a>
-<?=_("for more information about Organizational Support.")?></a></p>
-<? } ?>
diff --git a/pages/wot/14.php b/pages/wot/14.php
deleted file mode 100644
index 21c5873..0000000
--- a/pages/wot/14.php
+++ /dev/null
@@ -1,47 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-
-<p>This is a demo page, which isn't fully functional yet.</p>
-
-<p><?=sprintf(_("If you have a %sSignaturecard%s (also called 'Buergerkarte'), you can digitally sign your assurance request here, and get 50 CAcert points:"),"<a href='http://www.buergerkarte.at/'>","</a>")?><br /></p>
-
-<p><?=sprintf(_("To get assured with your Signaturecard, you need the Software from <a href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>. To activate your E-Card, please go to <a href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>."))?></p>
-
-
-<pre><?=sanitizeHTML($_REQUEST['XMLResponse'])?></pre>
-
-<h1>1. Step: Assurance form</h1>
-
-<form name="form" method="post" action="http://localhost:3495/http-security-layer-request"/>
- <input type="submit" name="Weiter" value="Start Assurance">
- <input type="hidden" name="XMLRequest" value="&lt;CreateXMLSignatureRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/20020831#' xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'>&lt;KeyboxIdentifier>CertifiedKeypair&lt;/KeyboxIdentifier>&lt;DataObjectInfo Structure='enveloping'>&lt;sl10:DataObject>&lt;sl10:XMLContent>Mit dieser Signatur beantragen Sie die Assurance ihres CAcert Accounts '<?=$_SESSION['profile']['email']?>' mit ihrer Buergerkarte.&lt;/sl10:XMLContent>&lt;/sl10:DataObject>&lt;sl10:TransformsInfo>&lt;sl10:FinalDataMetaInfo>&lt;sl10:MimeType>text/plain&lt;/sl10:MimeType>&lt;/sl10:FinalDataMetaInfo>&lt;/sl10:TransformsInfo>&lt;/DataObjectInfo>&lt;/CreateXMLSignatureRequest>"/>
- <input type="hidden" name="actualtest_" value="4"/>
- <input type="hidden" name="DataURL" value="https://www.cacert.org/tverify/seclayer.php?id=14&amp;user=<?=$_SESSION['profile']['email']?>"/>
- <input type="hidden" name="TestResult_" value="&lt;strong&gt;TestResult&lt;/strong&gt;"/>
-</form>
-
-<h1>2. Step: Person binding (Birthday)</h1>
-
-<form name="form" method="post" action="http://localhost:3495/http-security-layer-request"/>
- <input type="submit" name="Weiter" value="Read birthday from Card">
- <input type="hidden" name="XMLRequest" value="&lt;InfoboxReadRequest xmlns=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot;&gt;&lt;InfoboxIdentifier&gt;IdentityLink&lt;/InfoboxIdentifier&gt;&lt;BinaryFileParameters ContentIsXMLEntity=&quot;true&quot;/&gt;&lt;/InfoboxReadRequest&gt;"/>
- <input type="hidden" name="actualtest_" value="4"/>
- <input type="hidden" name="DataURL" value="https://www.cacert.org/tverify/seclayer.php?id=14&amp;user=<?=$_SESSION['profile']['email']?>"/>
- <input type="hidden" name="TestResult_" value="&lt;strong&gt;TestResult&lt;/strong&gt;"/>
-</form>
-
diff --git a/pages/wot/15.php b/pages/wot/15.php
index 8579588..cca2702 100644
--- a/pages/wot/15.php
+++ b/pages/wot/15.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
- include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php");
+ require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$userid = intval($_SESSION['profile']['id']);
diff --git a/pages/wot/2.php b/pages/wot/2.php
index a75bc57..eda77bb 100644
--- a/pages/wot/2.php
+++ b/pages/wot/2.php
@@ -15,22 +15,19 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<span style="background-color: #FF8080; font-size: 150%">
-Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br>
-Until a subsidiary policy under AP is written, it is against AP rules.<br>
-</span>
-&nbsp;<br>
-<h3><?=_("To become an Assurer")?></h3>
-<p><?=_("There are several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!).")?></p>
+<h3><?=_('To become an Assurer')?></h3>
-<p><?=_("You can also become a CAcert Assurer by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p>
+<p><?=_('To become a CAcert Assurer you need to fulfill the following requirements:')?></p>
+<ol>
+ <li><?=_('You have to reach 100 Assurance points')?></li>
+ <li><?=_('You have to pass the CATS test')?></li>
+</ol>
-<p>CAcert Inc.<br>
-P.O. Box 4107<br>
-Denistone East NSW 2112<br>
-Australia</p>
+<p><?=_('To reach 100 Assurance Points you have to meet with assurers who assure you under the CAcert Assurance Programme according to Assurance Policy. During the face to face meeting you need to show at least one governmental issued photo ID.')?></p>
+
+<p><?=sprintf(_('The 2nd requirement in becoming assurer is to pass the CAcert Assurer Challenge, which can be started at %s. For more information explore the wiki regarding the %s.'),'<a href="https://cats.cacert.org">https://cats.cacert.org</a>','<a href="//wiki.cacert.org/AssurerChallenge">Assurer Challenge</a>')?><p>
+
+<p><?=sprintf(_('In case you cannot meet an Assurer (eg there are not many assurer in your area) you can be assured under the alternate %sTTP-assisted-assurance programme%s. Read the pages %s for the basic way how the TTP-assisted-assurance programme works for you and %s whether the TTP programme affects the country where you are located.'),'<a href="/wot.php?id=4">', '</a>','<a href="//wiki.cacert.org/TTP/TTPuser">TTPuser</a>','<a href="//wiki.cacert.org/TTP/TTPAL">TTPAL</a>')?> </p>
-<p><?=_("Upon receiving your documents you will be notified, and points will be added to your account.")?></p>
-<p><?=_("Once you have received at least 100 Assurance Points you will have to pass a test called Assurer Challenge, which can be started at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>!'?></p>
diff --git a/pages/wot/4.php b/pages/wot/4.php
index 0da72da..628e6a5 100644
--- a/pages/wot/4.php
+++ b/pages/wot/4.php
@@ -14,19 +14,69 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<span style="background-color: #FF8080; font-size: 150%">
-Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br>
-Until a subsidiary policy under AP is written, it is against AP rules.<br>
-</span>
-&nbsp;<br>
+*/
+require_once(dirname(__FILE__).'/../../includes/notary.inc.php');
+?>
+
<h3><?=_("Trusted Third Parties")?></h3>
-<p><?=_("A trusted 3rd party is simply someone in your country that is responsible for witnessing signatures and ID documents. This role is covered by many different titles such as public notary, justice of the peace and so on. Other people are allowed to be authoritative in this area as well, such as bank managers, accountants and lawyers.")?></p>
+<p><?=_("The Trusted Third Party (TTP) programme is intended to be used in areas without many CAcert Assurers.")?></p>
+
+<p><?=_("A Trusted Third Party (TTP) is simply someone in your country that is responsible for witnessing signatures and ID documents. This role is covered by many different titles such as public notary, justice of the peace and so on.")?></p>
+
+<p><?=_("With the TTP programme you can potentially gain assurance up to a maximum of 100 assurance points.")?></p>
+
+<p><?=_("Currently CAcert has only developed the TTP programme to the level that you can gain 70 assurance points by TTP assurances.") ?></p>
+
+<p><?=_("We are working to develop a process that will fill the gap of the missing 30 assurance points to allow you to get the maximum 100 assurance points.")?> </p>
+
+<p><?=_("In the meanwhile you would need to close this gap with face to face assurances with CAcert Assurers. Think not only travelling to populated countries, but also remember that assurers may occasionally visit your country or area.")?></p>
-<p><?=_("You can become a CAcert Assurer by seeking out trusted 3rd parties. You will also need to download and print out a copy of the TTP Form (found under 'CAP/TTP Forms') and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p>
+<p><?=sprintf(_("If you are interested in the TTP programme, read the pages %s for the basic way how the TTP programme works for you, and %s whether the TTP programme affects the country where you are located."),"<a href='//wiki.cacert.org/TTP/TTPuser'>https://wiki.cacert.org/TTP/TTPuser</a>","<a href='//wiki.cacert.org/TTP/TTPAL'>https://wiki.cacert.org/TTP/TTPAL</a>")?> </p>
-<p>CAcert Inc.<br>
-P.O. Box 4107<br>
-Denistone East NSW 2112<br>
-Australia</p>
+<?
+// test for points <100
+if ($_SESSION['profile']['points']<100){
+ // test for TTP assurances
+ if (get_number_of_ttpassurances(intval($_SESSION['profile']['id']))<2){?>
+ <p><?=_("If you want to ask for TTP assurances fill out the missing data and send the request to support@cacert.org to start the process. CAcert will then inform you about the next steps.")?></p>
+ <form method="post" action="wot.php">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="DataTD"><?=_("Country where you want to visit the TTP")?></td>
+ <td class="DataTD"><select size="1" name="country">
+ <option>Australia</option>
+ <option>Puerto Rico</option>
+ <option>USA</option>
+ </select></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("I want to take part in the TTP Topup programme")?></td>
+ <td class="DataTD"><input type="checkbox" name="ttptopup" value="1"></td>
+ </tr>
+ <tr>
+ <td colspan="2" >
+ <input type="hidden" name="oldid" value="<?=intval($id)?>">
+ <input type="submit" name="ttp" value="<?=_("I need a TTP assurance")?>">
+ </td>
+ </tr>
+ </table>
+ </form>
+<? //"
+ } else {
+ /* As soon as the TPP TOPUP Programme is established this routine should be used
+ <p><?=_("As you have already got 2 TTP assurances you can only take part in the TTP TOPUP programme. If you want to ask for the TTP TOPUP programme use the submit button to send the request to support@cacert.org to start the process. CAcert will then inform you about the next steps.")?></p>
+ <form method="post" action="wot.php">
+ <input type="hidden" name="oldid" value="<?=intval($id)?>">
+ <input type="submit" name="ttptopup" value="<?=_("I need a TTP TOPUP")?>">
+ </form>
+*/
+?>
+ <p><?=_("We are working to develop the TTP TOPUP process to be able to fill the gap of the missing 30 assurance points to 100 assurance points. Meanwhile you have to close this gap with face to face assurances from CAcert Assurers. Think not only travelling to populated countries, but as well to assurers visiting your country or area.")?></p>
+<?
+ }
+} else {
+?>
+ <p><?=_("You reached the maximum points that can be granted by the TTP programme and therefore you cannot take part in the TTP programme any more.")?></p>
+<?
+}
diff --git a/pages/wot/5.php b/pages/wot/5.php
index f717870..c1a6438 100644
--- a/pages/wot/5.php
+++ b/pages/wot/5.php
@@ -16,6 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
include_once("../includes/shutdown.php");
+ require_once("../includes/lib/l10n.php");
?>
<?
if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
@@ -32,8 +33,8 @@
<select name="reminder-lang">
<?
if($_SESSION['_config']['reminder-lang'] == "")
- $_SESSION['_config']['reminder-lang'] = $_SESSION['profile']['language'];
- foreach($_SESSION['_config']['translations'] as $key => $val)
+ $_SESSION['_config']['reminder-lang'] = L10n::get_translation();
+ foreach(L10n::$translations as $key => $val)
{
echo "<option value='$key'";
if($key == $_SESSION['_config']['reminder-lang'])
diff --git a/pages/wot/6.php b/pages/wot/6.php
index bc37aa2..ef8cac7 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -16,6 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
+
if(!array_key_exists('notarise',$_SESSION['_config']))
{
echo "Error: No user data found.";
@@ -24,147 +25,61 @@
$row = $_SESSION['_config']['notarise'];
- if(!array_key_exists('pointsalready',$_SESSION['_config'])) $_SESSION['_config']['pointsalready']=0;
+ if($_SESSION['profile']['ttpadmin'] == 1)
+// $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP");
+// else
+ $methods = array("Face to Face Meeting", "Trusted 3rd Parties");
+ else
+ $methods = array("Face to Face Meeting");
+ $mnames = array(
+ '01' => _('January'),
+ '02' => _('February'),
+ '03' => _('March'),
+ '04' => _('April'),
+ '05' => _('May'),
+ '06' => _('June'),
+ '07' => _('July'),
+ '08' => _('August'),
+ '09' => _('September'),
+ '10' => _('October'),
+ '11' => _('November'),
+ '12' => _('December')
+ );
- if($_SESSION['profile']['ttpadmin'] == 1 && $_SESSION['profile']['board'] == 1)
- {
- $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "Thawte Points Transfer", "Administrative Increase", "CT Magazine - Germany");
- } else if($_SESSION['profile']['ttpadmin'] == 1) {
- $methods = array("Face to Face Meeting", "Trusted 3rd Parties");
- }
+ $fname = $row['fname'];
+ $mname = $row['mname'];
+ $lname = $row['lname'];
+ $suffix = $row['suffix'];
+ $dob = $row['dob'];
- $cap = "/cap.php?";
- $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
- $_SESSION['_config']['wothash'] = md5($name."-".$row['dob']);
- while(strstr($name, " "))
- $name = str_replace(" ", " ", $name);
- $cap .= "name=".urlencode($name);
- $cap .= "&amp;dob=".urlencode($row['dob']);
- $cap .= "&amp;email=".urlencode($row['email']);
- $name = $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'];
- while(strstr($name, " "))
- $name = str_replace(" ", " ", $name);
- $cap .= "&amp;assurer=".urlencode($name);
- $cap .= "&amp;date=now";
- $cap .= "&amp;maxpoints=".maxpoints();
+ $dob_date = explode('-', $dob, 3);
+ $dob_print = sprintf(
+ '<tt class="accountdetail">%s-%s-%s</tt> (%d %s %d)',
+ $dob_date[0], $dob_date[1], $dob_date[2],
+ intval($dob_date[2], 10), $mnames[$dob_date[1]], intval($dob_date[0], 10)
+ );
- $maxpoints = maxpoints();
- if($maxpoints > 100)
- $maxpoints = 100;
+ $name = $fname." ".$mname." ".$lname." ".$suffix;
+ $_SESSION['_config']['wothash'] = md5($name."-".$dob);
- if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?>
-<form method="post" action="wot.php">
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
- <tr>
- <td colspan="2" class="title"><?=_("Assurance Confirmation")?></td>
- </tr>
-<? if(array_key_exists('alreadydone',$_SESSION['_config']) && $_SESSION['_config']['alreadydone'] == 1) { ?>
- <tr>
- <td class="DataTD" colspan="2" align="left" style="color: red;"><b><?=_("PLEASE NOTE: You have already assured this person before! If this is unintentional please DO NOT CONTINUE with this assurance.")?></b></td>
- </tr>
-<?
- } if(100 - $_SESSION['_config']['pointsalready'] - $maxpoints < 0) {
- ?>
- <tr>
- <td class="DataTD" colspan="2" align="left" style="color: red;"><b><? printf(_("This person already has %s assurance points. Any points you give this person may be rounded down, or they may not even get any points. If you have less then 150 points you will still receive 2 points for assuring them."), $_SESSION['_config']['pointsalready']); ?></b></td>
- </tr>
-<? }
+ require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
- $query = "select `verified` from `users` where `id`='".$row['id']."'";
- $res = mysql_query($query);
- $drow = mysql_fetch_assoc($res);
- //if($_SESSION['_config']['verified'] <= 0)
- if($drow['verified']<=0)
- { ?>
- <tr>
- <td class="DataTD" colspan="2" align="left" style="color: red;"><b><?=_("You are about to assure a person that isn't currently verified. If you continue and they do not verify their account within 48 hours the account could automatically be removed by the system.")?></b></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD" colspan="2" align="left"><? printf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $row['fname']); ?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Name")?>:</td>
- <td class="DataTD"><?=$row['fname']?> <?=$row['mname']?> <?=$row['lname']?> <?=$row['suffix']?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Date of Birth")?>:</td>
- <td class="DataTD"><?=$row['dob']?> (<?=_("YYYY-MM-DD")?>)</td>
- </tr>
-<? if($_SESSION['profile']['ttpadmin'] == 1) { ?>
- <tr>
- <td class="DataTD"><?=_("Method")?>:</td>
- <td class="DataTD"><select name="method">
-<? foreach($methods as $val) { ?>
- <option value="<?=$val?>"<? if(array_key_exists('method',$_POST) && $val == $_POST['method']) echo " selected"; ?>><?=$val?></option>
-<? } ?>
- </select>
- </td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><?=_("Only tick the next box if the Assurance was face to face.")?></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD"><input type="checkbox" name="certify" value="1"<? if(array_key_exists('certify',$_POST) && $_POST['certify'] == 1) echo " checked"; ?>></td>
- <td class="DataTD"><? printf(_("I certify that %s %s %s has appeared in person"), $row['fname'], $row['mname'], $row['lname']); ?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Location")?>:</td>
- <td class="DataTD"><input type="text" name="location" value="<?=array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:""?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Date")?>:</td>
- <td class="DataTD"><input type="text" name="date" value="<?=array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:""?>"><br><?=_("Only fill this in if you assured the person on a different day")?></td>
- </tr>
-<? if($_SESSION['profile']['board'] == 1 && $_SESSION['_config']['pointsalready'] <= 150) { ?>
- <tr>
- <td class="DataTD" colspan="2"><?=_("Issuing a temporary increase will automatically boost their points to 200 points for a nomindated amount of days, after which the person will be reduced to 150 points regardless of the amount of points they had previously. Regardless of method chosen above it will be recorded in the system as an Administrative Increase and there is a maximum amount of 45 days that points can be issued for.")?></td>
- </tr>
- <tr>
- <td class="DataTD"><nobr><?=_("Temporary Increase")?>:</nobr><br><nobr><?=_("Number of days")?></nobr></td>
- <td class="DataTD"><input type="text" name="expire" value="<?=intval(array_key_exists('expire',$_POST)?$_POST['expire']:0)?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><nobr><?=_("Sponsoring Member")?>:</td>
- <td class="DataTD"><select name="sponsor">
-<?
- $query = "select * from `users` where `board`='1' and `id`!='".intval($_SESSION['profile']['id'])."'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- {
+ AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s %s %s %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname, $mname, $lname, $suffix));
+ AssureTextLine(_("Name"), sprintf(
+ "<tt><span class=\"accountdetail name\"><span class=\"accountdetail fname\">%s</span> <span class=\"accountdetail mname\">%s</span> <span class=\"accountdetail lname\">%s</span> <span class=\"accountdetail suffix\">%s</span></span></tt>",
+ $fname, $mname, $lname, $suffix
+ ));
+ AssureTextLine(_("Date of Birth"),$dob_print);
+ AssureMethodLine(_("Method"),$methods,'');
+ AssureBoxLine("certify",sprintf(_("I certify that %s %s %s %s has appeared in person."), $fname, $mname, $lname, $suffix),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
+ AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname, $suffix),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1);
+ AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"","");
+ AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD)."));
+ AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
+ AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
+ AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
+ AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
+ AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")");
+ AssureFoot($id,_("I confirm this Assurance"));
?>
- <option value="<?=$row['id']?>"<? if(array_key_exists('sponsor',$_POST) && $row['id'] == $_POST['sponsor']) echo " selected='selected'"; ?>><?=$row['fname']." ".$row['lname']?></option>
-<? } ?>
- </select>
- </td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD"><input type="checkbox" name="assertion" value="1"<? if(array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1) echo " checked='checked'"; ?>></td>
- <td class="DataTD"><?=_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible.")?></td>
- </tr>
- <tr>
- <td class="DataTD"><input type="checkbox" name="rules" value="1"<? if(array_key_exists('rules',$_POST) && $_POST['rules'] == 1) echo " checked='checked'"; ?>></td>
- <td class="DataTD"><?=_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook.")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Policy")?>:</td>
- <td class="DataTD"><a href="/policy/AssurancePolicy.php" target="_NEW"><?=_("Assurance Policy")?></a> - <a href="http://wiki.cacert.org/AssuranceHandbook2" target="_NEW"><?=_("Assurance Handbook")?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Points")?>:<br><nobr>(Max <?=maxpoints()?>)</nobr></td>
- <td class="DataTD"><input type="text" name="points" value=""></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("WoT Form")?>:</td>
- <td class="DataTD"><a href="<?=$cap?>" target="_NEW">A4 - <?=_("WoT Form")?></a> <a href="<?=$cap?>&amp;format=letter" target="_NEW">US - <?=_("WoT Form")?></a></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("I confirm this Assurance")?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
- </tr>
-</table>
-<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
diff --git a/pages/wot/9.php b/pages/wot/9.php
index b974c5d..bfa7a98 100644
--- a/pages/wot/9.php
+++ b/pages/wot/9.php
@@ -14,8 +14,11 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
+*/
+
+ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
+
+
$res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
if(mysql_num_rows($res) <= 0)
{
@@ -47,7 +50,7 @@
<? if($userlang != "") { ?>
<tr>
<td class="DataTD"><?=_("Language")?>:</td>
- <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], $_SESSION['_config']['translations'][$userlang]) ?></td>
+ <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], L10n::$translations[$userlang]) ?></td>
</tr>
<? } ?>
<?
diff --git a/password.dat.sample b/password.dat.sample
deleted file mode 100644
index f9bbb55..0000000
--- a/password.dat.sample
+++ /dev/null
@@ -1,2 +0,0 @@
-$translingo_password = 'ThePassword';
-$translingo_account = 'TheAccount';
diff --git a/scripts/21de-ate-essen-email.txt b/scripts/21de-ate-essen-email.txt
deleted file mode 100644
index bfeea13..0000000
--- a/scripts/21de-ate-essen-email.txt
+++ /dev/null
@@ -1,97 +0,0 @@
-CAcert Assurer Training Event Essen [Deutsch]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unters Volk zu bringen:
-
-- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ?
-- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ?
-- Unter welchen Umstaenden koennen z.Bsp. niederlaendische Rufnamen akzeptiert werden?
-
-Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs).
-
-Die kommende Veranstaltung in deiner Naehe findet statt am:
-
-Dienstag den 28. September 2010
-Zeit: 19:00 - 22:00
-
-Unperfekthaus Essen
-Friedrich-Ebert-Str. 18
-45127 Essen-City
-
-Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
-
-Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
-Wiki [https://wiki.cacert.org/events/2010_09_28-ATE-Essen]
-Blog [https://blog.cacert.org/2010/09/483.html]
-
-Unverbindliche Anmeldung und Registrierung:
-Rueckantwort mit 'Ich moechte teilnehmen: ATE-Essen'
-
-Kontakt: events@cacert.org
-
-
-
-CAcert Assurer Training Event Essen [Dutch]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Er is veel gebeurd de afgelopen 3 jaar. De oude manier van mondelink doorgegeven procedures is nu verdwenen, en onze regels zijn uitgebracht in formeel beleid. Nieuwe procedures (bijvoorbeeld de Assurer Challenge) en verplichtingen (bv in de CAcert Community Agreement) zijn goedgekeurd. De Assurer Training evenementen brengen dit alles naar u, de Gemeenschap:
-
-- Wat heb je aan toe te voegen aan het CAP formulier bij het waarmerken van jongere leden die nog geen 18+ zijn?
-- Wat zijn de 2 essentile thema's van de CCA als u die presenteert aan iemand?
-- Wanneer kun je een Nederlandse "roepnaam" accepteren?
-
-Antwoorden op deze, en vele andere vragen worden gegeven op Assurer Training Evenementen (ATE).
-
-ATE-Essen vindt plaats op: Dinsdag 28 September 2010, 19:00 - 22:00
-
-Unperfekthaus Essen
-Friedrich-Ebert-Str. 18
-45127 Essen-City
-
-Het Event-Team kijkt er naar uit om van u te horen.
-
-Details over locatie en vervoer vindt u onder
-Wiki [https://wiki.cacert.org/events/2010_09_28-ATE-Essen]
-Blog [https://blog.cacert.org/2010/09/483.html]
-
-Voor registratie van ATE-Essen kunt u reageren met
- 'Ik zal aanwezig zijn: ATE-Essen'
-gericht aan events@cacert.org
-
-Voor andere vragen of opmerkingen kunt u ook terecht bij events@cacert.org
-
-
-
-CAcert Assurer Training Event Essen [English]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Much has happened during the past 3 years. The old way of
-orally-transmitted procedures has now gone, and our rules have been cast
-into formal policies. New procedures (e.g. the Assurer Challenge) and
-obligations (e.g. in the CAcert Community Agreement) have been approved.
-The Assurer Training Events bring all this to you, the Community:
-
-- What you have to add onto the CAP form if you assure U18 people ?
-- What are the 2 essential topics regarding CCA you have to present an Assuree ?
-- When you can accept i.e. a Dutch "roepnaam" ?
-
-Answers to these and many other questions are given at the Assurer
-Training Events (ATEs).
-
-ATE-Essen takes place on:
-Tuesday, Sept 28, 2010, 19:00 - 22:00
-
-Unperfekthaus Essen
-Friedrich-Ebert-Str. 18
-45127 Essen-City
-
-The Event-Team is looking forward to hearing from you.
-
-Details on Location and Transportation you will find under
-Wiki [https://wiki.cacert.org/events/2010_09_28-ATE-Essen]
-Blog [https://blog.cacert.org/2010/09/483.html]
-
-Registration for ATE-Essen: please reply
-'I will attend: ATE-Essen'
-
-Contact: events@cacert.org
diff --git a/scripts/21de-ate-essen-mail.php.txt b/scripts/21de-ate-essen-mail.php.txt
deleted file mode 100644
index 18437d2..0000000
--- a/scripts/21de-ate-essen-mail.php.txt
+++ /dev/null
@@ -1,135 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("21de-ate-essen-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
- $maxdist = 200;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
- $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
- $eventname = "ATE-Essen";
- $city = "September 28, 2010";
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- echo "invitation sent to $xrows recipients.\n";
-?>
diff --git a/scripts/22de-ate-aachen-email.txt b/scripts/22de-ate-aachen-email.txt
deleted file mode 100644
index a93ba8d..0000000
--- a/scripts/22de-ate-aachen-email.txt
+++ /dev/null
@@ -1,133 +0,0 @@
-CAcert Assurer Training Event Aachen [Deutsch]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unters Volk zu bringen:
-
-- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ?
-- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ?
-- Unter welchen Umstaenden koennen z.Bsp. niederlaendische Rufnamen akzeptiert werden?
-
-Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs).
-
-Die kommende Veranstaltung in deiner Naehe findet statt am:
-
-Montag den 04. Oktber 2010
-in den Seminarraeumen (Madrid and Lissabon)
-
-Jugendherberge Aachen
-- Euregionales Jugendgaestehaus -
-Maria-Theresia-Allee 260
-52074 Aachen
-
-Es finden 2 Veranstaltungen statt. Eine am Nachmittag, eine am Abend:
-Unverbindliche Anmeldung und Registrierung:
-
-Nachmittag 14:00 - 17:00 (I)
-Rueckantwort mit 'Ich moechte am ATE-Aachen am Nachmittag teilnehmen'
-
-oder
-
-Abend: 19:00 - 22:00 (II)
-Rueckantwort mit 'Ich moechte am ATE-Aachen am Abend teilnehmen'
-
-Zur Durchfuehrung der jeweiligen Veranstaltung ist eine Mindestteilnehmerzahl von 6 Personen erforderlich.
-
-Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
-
-Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
-Wiki [https://wiki.cacert.org/Events/2010_10_04-ATE-Aachen]
-Blog [https://blog.cacert.org/2010/08/482.html]
-and [https://blog.cacert.org/2010/09/484.html]
-
-Kontakt: events@cacert.org
-
-
-
-CAcert Assurer Training Event Aachen [Dutch]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Er is veel gebeurd de afgelopen 3 jaar. De oude manier van mondeling doorgegeven procedures is nu verdwenen, en onze regels zijn uitgebracht in formeel beleid. Nieuwe procedures (bijvoorbeeld de Assurer Challenge) en verplichtingen (bv in de CAcert Community Agreement) zijn goedgekeurd. De Assurer Training evenementen brengen dit alles naar u, de Gemeenschap:
-
-- Wat heb je toe te voegen aan het CAP formulier bij het waarmerken van jongere leden die nog geen 18+ zijn?
-- Wat zijn de 2 essentile thema's van de CCA als u die presenteert aan iemand?
-- Wanneer kun je een Nederlandse "roepnaam" accepteren?
-
-Antwoorden op deze, en vele andere vragen worden gegeven op Assurer Training Evenementen (ATE).
-
-ATE-Aken vindt plaats op: maandag 04 october 2010
-In de hoorzalen (Madrid en Lissabon) van
-
-Jugendherberge Aken
-- Euregionales Jugendgaestehaus -
-Maria-Theresia-Allee 260
-52074 Aachen
-
-Er zullen 2 bijeenkomsten plaatsvinden. Een 's middags, de ander 's avonds.
-U kunt uw aanmelding/registratie ten alle tijden wijzigen.
-
-'s middags 14:00--17:00 (I)
-Reactie met "Ik wil graag 's middags deelnemen aan ATE-Aken (!)." gericht aan events@cacert.org.
-
-of
-
-'s avonds 19:00--22:00 (II)
-Reactie met "Ik wil graag 's avonds deelnemen aan ATE-Aken (II)." gericht aan events@cacert.org.
-
-(Om een bijeenkomst door te laten gaan hebben wij graag 6 of meer deelnemers.)
-
-Het Event-Team kijkt er naar uit om van u te horen.
-
-Details over locatie en vervoer vindt u onder
-Wiki [https://wiki.cacert.org/Events/2010_10_04-ATE-Aachen]
-Blog [https://blog.cacert.org/2010/08/482.html]
-en [https://blog.cacert.org/2010/09/484.html]
-
-Voor andere vragen of opmerkingen kunt u ook terecht bij events@cacert.org
-
-
-
-CAcert Assurer Training Event Aachen [English]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Much has happened during the past 3 years. The old way of
-orally-transmitted procedures has now gone, and our rules have been cast
-into formal policies. New procedures (e.g. the Assurer Challenge) and
-obligations (e.g. in the CAcert Community Agreement) have been approved.
-The Assurer Training Events bring all this to you, the Community:
-
-- What you have to add onto the CAP form if you assure U18 people ?
-- What are the 2 essential topics regarding CCA you have to present an Assuree ?
-- When you can accept i.e. a Dutch "roepnaam" ?
-
-Answers to these and many other questions are given at the Assurer
-Training Events (ATEs).
-
-ATE-Aachen takes place on:
-Monday, Oct 4th, 2010
-Lecture Rooms (Madrid and Lissabon)
-
-Jugendherberge Aachen
-- Euregionales Jugendgaestehaus -
-Maria-Theresia-Allee 260
-52074 Aachen
-
-We have scheduled two events: one in the afternoon, one in the evening:
-
-Afternoon 14:00-17:00 (I):
-For Registration please reply: 'I will attend ATE-Aachen in the afternoon'
-
-or
-
-Evening 19:00-22:00 (II):
-For Registration please reply: 'I will attend ATE-Aachen in the evening'
-
-For each of the events to take place, we will need at least 6 attendees.
-
-The Event-Team is looking forward to hearing from you.
-
-Details on Location and Transportation you will find under
-Wiki [https://wiki.cacert.org/Events/2010_10_04-ATE-Aachen]
-Blog [https://blog.cacert.org/2010/08/482.html]
-and [https://blog.cacert.org/2010/09/484.html]
-
-Contact: events@cacert.org
diff --git a/scripts/22de-ate-aachen-mail.php.txt b/scripts/22de-ate-aachen-mail.php.txt
deleted file mode 100644
index fa60d74..0000000
--- a/scripts/22de-ate-aachen-mail.php.txt
+++ /dev/null
@@ -1,141 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("22de-ate-aachen-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
-// maxdist in [Km]
- $maxdist = 200;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Aachen, DE, Oct 4th 2010
- $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
- $eventname = "ATE-Aachen";
- $city = "October 4th, 2010";
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- echo "invitation sent to $xrows recipients.\n";
-?>
diff --git a/scripts/23au-ate-canberra-email.txt b/scripts/23au-ate-canberra-email.txt
deleted file mode 100644
index 58d4e55..0000000
--- a/scripts/23au-ate-canberra-email.txt
+++ /dev/null
@@ -1,31 +0,0 @@
-CAcert Assurer Training Event -- Canberra
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Dear Member of the CAcert Community,
-
-Much has happened during recent years. The old way of orally-transmitted procedures has now gone, and our rules have been cast into formal policies. New procedures (e.g. the Assurer Challenge) and obligations (e.g. in the CAcert Community Agreement) have been approved.
-
-The Assurer Training Events bring all this to you, the Assurer, and the Community:
-
-- What do you have to add onto the CAP form if you assure minors ?
-- What are the 2 essential CCA points you have to present an Assuree ?
-- Who can access the Member's privacy information?
-
-Answers to these and many other questions typically faced by Assurers are given at the Assurer Training Events (ATEs).
-
-ATE-Canberra takes place at:
-* Tuesday, Oct 12th, 2010
-* Grant Cameron Community Centre, 27-29 Mulley St, Holder
-* 7:00pm
-
-For Registration please reply: 'I will attend ATE-Canberra'
-
-We are looking forward to hearing from you.
-
-
-- Best regards from the Event Team!
-
-
-PS: Contact: events@cacert.org
-Location, Transportation and other event details at
-[https://wiki.cacert.org/events/20101012Canberra]
diff --git a/scripts/23au-ate-canberra-mail.php.txt b/scripts/23au-ate-canberra-mail.php.txt
deleted file mode 100644
index b7293cc..0000000
--- a/scripts/23au-ate-canberra-mail.php.txt
+++ /dev/null
@@ -1,142 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("23au-ate-canberra-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
- $maxdist = 200;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Canberra, AU, Oct 12 2010
- $locid = 2255408; // Canberra, Australian Capital Territory, Australia
- $eventname = "ATE-Canberra";
- $city = "Tuesday 12th October";
-
-
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- echo "invitation sent to $xrows recipients.\n";
-?>
diff --git a/scripts/24de-blit2010-email.txt b/scripts/24de-blit2010-email.txt
deleted file mode 100644
index 8c186cd..0000000
--- a/scripts/24de-blit2010-email.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-7. Brandenburger Linux-Infotag 2010 -- Helfer Gesucht
-:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Hallo CAcerties,
-
-am Samstag, dem 6. November 2010 moechte sich CAcert mit einem Stand auf dem 7. Brandenburger Linux-Infotag 2010 praesentieren. Hierzu wurde nun im Wiki eine Organisationsseite eingerichtet, auf der Ihr Euch als Helfer eintragen koennt (http://wiki.cacert.org/events/blit2010). Sofern Ihr aus Berlin, Potsdam sowie Umgebung oder von woanders kommt und Zeit wie auch Lust habt, dann tragt Euch bitte ein. Wer im vergangenen Jahr dabei war, weiss vieviel Spass es allen gemacht hat!
-
-Auf der Veranstaltung sind Professoren, wissenschaftliche Mitarbeiter und in jedem Fall viele Studenten zu erwarten. Es waere daher super, wenn wir dort moeglichst viele von CAcert ueberzeugen koennen, um eine neue Keimzelle entstehen lassen zu koennen. Daher benoetigen wir mindestens drei Assurer, um 100 Punkte vergeben zu koennen.
-
-Wir freuen uns auf Eure Mithilfe.
-
-
-Wiki Organisationsseite: [http://wiki.cacert.org/events/blit2010]
-
-Kontakt: events@cacert.org
diff --git a/scripts/24de-blit2010-mail.php.txt b/scripts/24de-blit2010-mail.php.txt
deleted file mode 100644
index fbc5342..0000000
--- a/scripts/24de-blit2010-mail.php.txt
+++ /dev/null
@@ -1,147 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("24de-blit2010-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
- $maxdist = 200;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Canberra, AU, Oct 12 2010
-// $locid = 2255408; // Canberra, Australian Capital Territory, Australia
-// $eventname = "ATE-Canberra";
-// $city = "Tuesday 12th October";
-
-// BLIT2010, 7. Brandenburger Linux-Infotag, 6.11.2010
- $locid = 1486658; // Potsdam, Brandenburg, Germany
- $eventname = "7. Brandenburger Linux-Infotag (BLIT2010)";
- $city = "Potsdam - 6. Nov 2010";
-
-
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- echo "invitation sent to $xrows recipients.\n";
-?>
diff --git a/scripts/25de-ate-hamburg-mail.php.txt b/scripts/25de-ate-hamburg-mail.php.txt
deleted file mode 100644
index 64c43b0..0000000
--- a/scripts/25de-ate-hamburg-mail.php.txt
+++ /dev/null
@@ -1,143 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("25de-ate-hamburg-mail.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
- $maxdist = 200;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Hamburg, DE, Nov 05 2010
- $locid = 715191; // Hamburg
- $eventname = "ATE-Hamburg";
- $city = "Nov 05, 2010";
-
-
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "ate-hh@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to ate-hh@cacert.org
- sendmail("ate-hh@cacert.org", "[CAcert.org] $eventname - $city", $lines, "ate-hh@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- echo "invitation sent to $xrows recipients.\n";
-?>
-
diff --git a/scripts/25de-ate-hamburg-mail.txt b/scripts/25de-ate-hamburg-mail.txt
deleted file mode 100644
index 41786d5..0000000
--- a/scripts/25de-ate-hamburg-mail.txt
+++ /dev/null
@@ -1,67 +0,0 @@
-CAcert Assurer Training Event Hamburg [Deutsch]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unters Volk zu bringen:
-
-- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ?
-- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ?
-- Unter welchen Umstaenden koennen z.Bsp. niederlaendische Rufnamen akzeptiert werden?
-
-Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs).
-
-Die kommende Veranstaltung in deiner Naehe findet statt am:
-
-Freitag den 05. November 2010, 19:00 - 22:00
-
-Attraktor e.V.
-Mexikoring 21
-22297 Hamburg
-
-Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
-
-Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
-Wiki [https://wiki.cacert.org/events/2010-11-05-ATE-Hamburg]
-Blog [https://blog.cacert.org/2010/10/491.html]
-
-
-
-Unverbindliche Anmeldung und Registrierung:
-Rueckantwort mit 'Ich moechte teilnehmen: ATE-Hamburg'
-
-Kontakt: ate-hh@cacert.org
-
-
-CAcert Assurer Training Event Hamburg [English]
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Much has happened during the past 3 years. The old way of
-orally-transmitted procedures has now gone, and our rules have been cast
-into formal policies. New procedures (e.g. the Assurer Challenge) and
-obligations (e.g. in the CAcert Community Agreement) have been approved.
-The Assurer Training Events bring all this to you, the Community:
-
-- What you have to add onto the CAP form if you assure U18 people ?
-- What are the 2 essential topics regarding CCA you have to present an Assuree ?
-- When you can accept i.e. a Dutch "roepnaam" ?
-
-Answers to these and many other questions are given at the Assurer
-Training Events (ATEs).
-
-ATE-Hamburg takes place on:
-Friday, Nov 05, 2010, 19:00 - 22:00
-
-Attraktor e.V.
-Mexikoring 21
-22297 Hamburg
-
-The Event-Team is looking forward to hearing from you.
-
-Details on Location and Transportation you will find under
-Wiki [https://wiki.cacert.org/events/2010-11-05-ATE-Hamburg]
-Blog [https://blog.cacert.org/2010/10/491.html]
-
-Registration for ATE-Hamburg: please reply
-'I will attend: ATE-Hamburg'
-
-Contact: ate-hh@cacert.org
-
diff --git a/scripts/26us-lisa2010-email.txt b/scripts/26us-lisa2010-email.txt
deleted file mode 100644
index 15cdc56..0000000
--- a/scripts/26us-lisa2010-email.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-Dear CAcert Assurer,
-
-If you are attending the LISA'2010 conference in San Jose, CA, or if you live in the area, please consider attending the BoF (Birds of a Feather) sessions on Tuesday evening, 11/09/2010. I will be leading two seperate hour long BoF sessions. Both will be held in the Blossom Hill room of the San Jose Convention Center. The first is a GPG key signing event at 8:00pm. The second is a CAcert BoF, where we hope to educate and enroll some new assurers.
-
-I presented these same two BoF sessions at the LISA'09 conference in Baltimore. In order to bring any new assurers up to the 100 point level, we will need a few other assurers to help them earn their first trust points. I will also encourage them to them assurer each other on paper. They can then go on-line after the event and once they complete the Assurer Challenge, they start earning experience points.
-
-I can't pull off a successful CAcert event without a few other assurers. I am qualified to give out 35 points. I have one other assurer who has already contacted me and he is good for up to 15 points (and looking to earn more experience points himself). There were a few assurers who showed up to help last year, but I did not know in advance who was coming. If you can help, please reply to this e-mail letting me know you can attend and how many points you are qualified to assign.
-
-For more details on the events, please visit the following web pages or contact Ken. I don't really need help with the GPG key signing BoF, but you are certainly welcome to join us.
-
-[http://www.usenix.org/events/lisa10/bofs.html#gpg]
-[http://www.usenix.org/events/lisa10/bofs.html#cacert]
-
-I have updated the Event entry on the CAcert Wiki. The listing is found at:
-[https://wiki.cacert.org/events/LISA2010]
-Feel free to add your own information if you can attend, or I can add your information if you like.
-
-Ken Schumacher
-My own CAcert Assurance web page at [http://wiki.cacert.org/KenSchumacher]
-
-CAcert Bof Session, Tues Nov 9, 2010 9:00pm till 10:00pm
-Blossom Hill Room at the San Jose Marriott Hotel
-Free Admission to BoFs, no badge or ticket required
-
-
-Contact: events@cacert.org
diff --git a/scripts/26us-lisa2010-mail.php.txt b/scripts/26us-lisa2010-mail.php.txt
deleted file mode 100644
index 95f07c7..0000000
--- a/scripts/26us-lisa2010-mail.php.txt
+++ /dev/null
@@ -1,151 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("26us-lisa2010-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
- $maxdist = 50;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Canberra, AU, Oct 12 2010
-// $locid = 2255408; // Canberra, Australian Capital Territory, Australia
-// $eventname = "ATE-Canberra";
-// $city = "Tuesday 12th October";
-
-// BLIT2010, 7. Brandenburger Linux-Infotag, 6.11.2010
-// $locid = 1486658; // Potsdam, Brandenburg, Germany
-// $eventname = "7. Brandenburger Linux-Infotag (BLIT2010)";
-// $city = "Potsdam - 6. Nov 2010";
-
-// LISA2010, Nov 7-12, 2010
- $locid = 2096344; // San Jose (Santa Clara), California, United States
- $eventname = "LISA2010";
- $city = "San Jose, CA - Nov 7-12, 2010";
-
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- echo "invitation sent to $xrows recipients.\n";
-?>
diff --git a/scripts/27au-ate-melbourne-email.txt b/scripts/27au-ate-melbourne-email.txt
deleted file mode 100644
index 4b3e525..0000000
--- a/scripts/27au-ate-melbourne-email.txt
+++ /dev/null
@@ -1,31 +0,0 @@
-CAcert Assurer Training Event -- Melbourne
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Dear Member of the CAcert Community,
-
-Much has happened during recent years. The old way of orally-transmitted procedures has now gone, and our rules have been cast into formal policies. New procedures (e.g. the Assurer Challenge) and obligations (e.g. in the CAcert Community Agreement) have been approved.
-
-The Assurer Training Events bring all this to you, the Assurer, and the Community:
-
-- What do you have to add onto the CAP form if you assure minors ?
-- What are the 2 essential CCA points you have to present an Assuree ?
-- Who can access the Member's privacy information?
-
-Answers to these and many other questions typically faced by Assurers are given at the Assurer Training Events (ATEs). Bring your ID for assurances. Especially note that Tverify/Thawte people need to boost up their Assurance Points.
-
-ATE-Melbourne takes place at:
-* Thursday, 16th Dec, 2010
-* Readify P/L; Level 4, Life.Lab Building, 198 Harbour Esplanade, Docklands
-* 6:00pm
-
-For Registration please reply: 'I will attend ATE-Melbourne' Don't forget your ID!
-
-We are looking forward to hearing from you.
-
-
-- Best regards from the Event Team!
-
-
-PS: Contact: events@cacert.org
-Location, Transportation and other event details at
-https://wiki.cacert.org/events/20101216Melbourne
diff --git a/scripts/27au-ate-melbourne-mail.php.txt b/scripts/27au-ate-melbourne-mail.php.txt
deleted file mode 100644
index 55870bf..0000000
--- a/scripts/27au-ate-melbourne-mail.php.txt
+++ /dev/null
@@ -1,156 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("27au-ate-melbourne-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
- $maxdist = 50;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Canberra, AU, Oct 12 2010
-// $locid = 2255408; // Canberra, Australian Capital Territory, Australia
-// $eventname = "ATE-Canberra";
-// $city = "Tuesday 12th October";
-
-// BLIT2010, 7. Brandenburger Linux-Infotag, 6.11.2010
-// $locid = 1486658; // Potsdam, Brandenburg, Germany
-// $eventname = "7. Brandenburger Linux-Infotag (BLIT2010)";
-// $city = "Potsdam - 6. Nov 2010";
-
-// LISA2010, Nov 7-12, 2010
-// $locid = 2096344; // San Jose (Santa Clara), California, United States
-// $eventname = "LISA2010";
-// $city = "San Jose, CA - Nov 7-12, 2010";
-
-// ATE Melbourne, AU, Dec 16 2010
- $locid = 2262656; // Melbourne, VIC, Australia
- $eventname = "ATE-Melbourne";
- $city = "Thursday 16th December";
-
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- echo "invitation sent to $xrows recipients.\n";
-?>
diff --git a/scripts/28au-ate-melbourne-email.txt b/scripts/28au-ate-melbourne-email.txt
deleted file mode 100644
index 5685d52..0000000
--- a/scripts/28au-ate-melbourne-email.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-Hi there from CAcert Education Team!
-
-Just a reminder for the Assurer Training Event, this Thursday evening:
-
-- Time: 6:00pm to 10:00pm
-- Date: Thursday 16th December.
-- Location: Readify offices in Docklands, Melbourne
-
-- Info: http://wiki.cacert.org/events/20101216Melbourne
-
-RSVP to events@cacert.org: I will attend ATE-Melbourne so we know to let
-you in the door!
-
-Bring your ID docs. Essential info for the Assurer, highly recommended
-event.
-
-See you there, iang.
diff --git a/scripts/28au-ate-melbourne-mail.php.txt b/scripts/28au-ate-melbourne-mail.php.txt
deleted file mode 100644
index 9466d32..0000000
--- a/scripts/28au-ate-melbourne-mail.php.txt
+++ /dev/null
@@ -1,156 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("28au-ate-melbourne-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
- $maxdist = 50;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Canberra, AU, Oct 12 2010
-// $locid = 2255408; // Canberra, Australian Capital Territory, Australia
-// $eventname = "ATE-Canberra";
-// $city = "Tuesday 12th October";
-
-// BLIT2010, 7. Brandenburger Linux-Infotag, 6.11.2010
-// $locid = 1486658; // Potsdam, Brandenburg, Germany
-// $eventname = "7. Brandenburger Linux-Infotag (BLIT2010)";
-// $city = "Potsdam - 6. Nov 2010";
-
-// LISA2010, Nov 7-12, 2010
-// $locid = 2096344; // San Jose (Santa Clara), California, United States
-// $eventname = "LISA2010";
-// $city = "San Jose, CA - Nov 7-12, 2010";
-
-// ATE Melbourne, AU, Dec 16 2010
- $locid = 2262656; // Melbourne, VIC, Australia
- $eventname = "ATE-Melbourne";
- $city = "Thursday 16th December";
-
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- echo "invitation sent to $xrows recipients.\n";
-?>
diff --git a/scripts/29au-ate-brisbane-email.txt b/scripts/29au-ate-brisbane-email.txt
deleted file mode 100644
index 71ab3f0..0000000
--- a/scripts/29au-ate-brisbane-email.txt
+++ /dev/null
@@ -1,38 +0,0 @@
-CAcert Assurer Training Event -- Brisbane
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Dear Member of the CAcert Community,
-
-Much has happened during recent years. The old way of orally-transmitted procedures has now gone, and our rules have been cast into formal policies. New procedures (e.g. the Assurer Challenge) and obligations (e.g. in the CAcert Community Agreement) have been approved.
-
-The Assurer Training Events bring all this to you, the Assurer, and the Community:
-
-- What do you have to add onto the CAP form if you assure minors ?
-- What are the 2 essential CCA points you have to present an Assuree ?
-- Who can access the Member's privacy information?
-
-Answers to these and many other questions typically faced by Assurers are given at the Assurer Training Events (ATEs). Bring your ID for assurances. Especially note that Tverify/Thawte people need to boost up their Assurance Points.
-
-ATE-Brisbane takes place at:
-* Monday, 24th Jan, 2011
-* Z-Block in Queensland's University of Technology (QUT) Gardens Point Campus
-* Registration is essential, otherwise you cannot get in!
-* 14:20 - 17:30
-
-Alternative time/location if you cannot make Monday Afternoon:
-* Sunday 23rd Jan Evening
-* The Marquis Brisbane, 103 George St.
-
-For Registration please reply: 'I will attend ATE-Brisbane'
-
-Don't forget your ID!
-
-We are looking forward to hearing from you.
-
-
-- Best regards from the Event Team!
-
-
-PS: Contact: events@cacert.org
-Location, Transportation and other event details at
-https://wiki.cacert.org/events/20110124Brisbane
diff --git a/scripts/29au-ate-brisbane-mail.php.txt b/scripts/29au-ate-brisbane-mail.php.txt
deleted file mode 100644
index dcb7ccd..0000000
--- a/scripts/29au-ate-brisbane-mail.php.txt
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("29au-ate-brisbane-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
- $maxdist = 100;
-
-// ATE Brisbane, AU, 24 Jan 2011
- $locid = 2258704; // Brisbane, QLD, Australia
- $eventname = "ATE-Brisbane";
- $city = "Monday 24th January";
-
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- echo "invitation sent to $xrows recipients.\n";
-
-?>
diff --git a/scripts/30de-ate-muenchen-email.txt b/scripts/30de-ate-muenchen-email.txt
deleted file mode 100644
index ea30421..0000000
--- a/scripts/30de-ate-muenchen-email.txt
+++ /dev/null
@@ -1,46 +0,0 @@
-Das Thema "Sicherheit" war schon einige Male Gegenstand der Muenchner OpenSourceTreffen.
-
-So wurde im November 2009 eine Einfuehrung in die freie Certification Authority CAcert gegeben,
-gefolgt von einer Uebersicht in die Struktur der CAcert-Community im Maerz 2010.
-Im April 2010 gab es Informationen ueber den Aufbau eines sicheren privaten Netzes
-und im Mai 2010 hiess es Digitally Signing email - Why, how ?
-
-Jetzt ist ein gemeinsamer Workshop geplant, ein CAcert Assurer Training Event (ATE).
-
-Was ist ein ATE ?
-
-Ein ATE ist eine Veranstaltung zur Qualitaetssicherung des CAcert Web-of-Trusts, denn im Gegensatz zu vielen kommerziellen Zertifikats-Ausstellern findet bei CAcert keine zentralisierte Identitaetsueberpruefung beim Aussteller statt.
-
-Statt dessen gibt es ein Netzwerk aus Freiwilligen (Assurern), gegenueber denen sich ein Interessent (Assuree) ausweisen kann, um sich seine Identitaet bestaetigen zu lassen.
-Diese Bestaetigung ist Voraussetzung dafuer, dass sich der Interessent spaeter Zertifikate generieren lassen kann, die seinen Namen enthalten.
-
-Fuer das Web-of-Trust gibt es ein Regelwerk, CAcert Community Agreement (CCA), Assurance Policy und Assurance Handbook seien beispielhaft genannt.
-
-Das ATE schult die CAcert Assurer ueber Neuerungen im Regelwerk und hilft, Kenntnisse aufzufrischen:
-
-- Was hast du auf dem CAcert Assurance Program (CAP)-Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ?
-- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ?
-- Unter welchen Umstaenden koennen z.B. niederlaendische Rufnamen akzeptiert werden?
-
-Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung trainiert und auditiert, um die Qualitaet der Assurances in der taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, wie diese vermieden werden koennen.
-
-Das CAcert ATE ist geplant fuer den 2. April 2011.
-
-- Datum: Sonnabend, 2. April 2011
-- Zeit: 13:00 - ca. 17:00 Uhr
-- Ort:
-- Cafe Netzwerk
-- Luisenstr. 11
-- 80333 Muenchen
-- Telefon: (089) 54 83 27 00
-
-
-Weitere Details dazu findet man unter https://www.xing.com/events/assurer-training-event-718128
-sowie http://wiki.cacert.org/Events/2011-04-02-ATE-Munich .
-
-Teilnehmer Registrierung mit Rueckantwort: 'Ich moechte am ATE-Muenchen teilnehmen'
-
-Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
-
-Kontakt: events@cacert.org
-
diff --git a/scripts/30de-ate-muenchen-mail.php.txt b/scripts/30de-ate-muenchen-mail.php.txt
deleted file mode 100644
index 3c9a4be..0000000
--- a/scripts/30de-ate-muenchen-mail.php.txt
+++ /dev/null
@@ -1,146 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("30de-ate-muenchen-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
-// maxdist in [Km]
- $maxdist = 200;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Aachen, DE, Oct 4th 2010
-// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Aachen";
-// $city = "October 4th, 2010";
-
-// ATE Muenchen, DE, Apr 2nd 2011
- $locid = 1260319; // Muenchen
- $eventname = "ATE-Muenchen";
- $city = "2. April, 2011";
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- echo "invitation sent to $xrows recipients.\n";
-?>
diff --git a/scripts/31de-lt2011-berlin-email.txt b/scripts/31de-lt2011-berlin-email.txt
deleted file mode 100644
index 85b0ff5..0000000
--- a/scripts/31de-lt2011-berlin-email.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-Hallo CAcert Assurers,
-
-Der diesjaehrige Linuxtag hat begonnen.
-
-Leider ohne CAcert Teilnahme mit einem leeren Stand ....
-
-Wir suchen noch haenderingend Assurer rund um Berlin die Donnerstag und Freitag noch auf dem Stand aushelfen koennen.
-
-Der Stand ist in bester Lage (Mozilla hatte abgesagt, und wir haben deren Stand bekommen). Der leere Stand wirft natuerlich kein gutes Licht auf CAcert.
-
-Aus dem Grund benoetigen wir jede Hilfe, die wir noch bekommen koennen. Auch wenn es vielleicht nur fuer einen halben Tag ist.
-
-Bis zu 7 Karten koennen wir noch zur Verfuegung stellen, sofern ihr eure Mithilfe angebietet.
-
-Hierzu eine kurze Rueckantwort an events@cacert.org
-
-Vielen Dank fuer Eure Unterstuetzung im Vorraus.
-
-
-Kontakt: events@cacert.org
diff --git a/scripts/31de-lt2011-berlin-mail.php.txt b/scripts/31de-lt2011-berlin-mail.php.txt
deleted file mode 100644
index 96a6241..0000000
--- a/scripts/31de-lt2011-berlin-mail.php.txt
+++ /dev/null
@@ -1,152 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("31de-lt2011-berlin-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
-// maxdist in [Km]
- $maxdist = 50;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Aachen, DE, Oct 4th 2010
-// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Aachen";
-// $city = "October 4th, 2010";
-
-// ATE Muenchen, DE, Apr 2nd 2011
-// $locid = 1260319; // Muenchen
-// $eventname = "ATE-Muenchen";
-// $city = "2. April, 2011";
-
-
-// Linuxtag, Berlin, May 11, 2011,
- $locid = 228950; // Berlin
- $eventname = "Linuxtag Berlin";
- $city = "11.-14. Mai, 2011";
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- echo "invitation sent to $xrows recipients.\n";
-?>
diff --git a/scripts/32de-ate-bonn-email.txt b/scripts/32de-ate-bonn-email.txt
deleted file mode 100644
index 5c830a6..0000000
--- a/scripts/32de-ate-bonn-email.txt
+++ /dev/null
@@ -1,38 +0,0 @@
-Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen:
-
-Ein ATE ist eine Veranstaltung zur Qualitaetssicherung des CAcert Web-of-Trusts, denn im Gegensatz zu vielen kommerziellen Zertifikats-Ausstellern findet bei CAcert keine zentralisierte Identitaetsueberpruefung beim Aussteller statt.
-
-Statt dessen gibt es ein Netzwerk aus Freiwilligen (Assurern), gegenueber denen sich ein Interessent (Assuree) ausweisen kann, um sich seine Identitaet bestaetigen zu lassen.
-Diese Bestaetigung ist Voraussetzung dafuer, dass sich der Interessent spaeter Zertifikate generieren lassen kann, die seinen Namen enthalten.
-
-Fuer das Web-of-Trust gibt es ein Regelwerk, CAcert Community Agreement (CCA), Assurance Policy und Assurance Handbook seien beispielhaft genannt.
-
-Das ATE schult die CAcert Assurer ueber Neuerungen im Regelwerk und hilft, Kenntnisse aufzufrischen:
-
-- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ?
-- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ?
-- Unter welchen Umstaenden koennen z.Bsp. niederlaendische Rufnamen akzeptiert werden?
-
-Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs).
-
-Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung trainiert und auditiert, um die Qualitaet der Assurances in der taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, wie diese vermieden werden koennen.
-
-As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers, and include parts which contribute directly to our audit. Come and find out how you can also contribute.
-
-Die kommende Veranstaltung in deiner Naehe findet statt am:
-
-- Mittwoch den 08. Juni 2011
-- in der Zeit von: 19:00 - ca. 22:00 Uhr
-- im Jugendzentrum St. Martin
-- Heilsbachstr. 4
-- 53123 Bonn
-
-Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
-Wiki [http://wiki.cacert.org/Events/2011-06-08-ATE-Bonn]
-Blog [http://blog.cacert.org/2011/05/514.html]
-
-Teilnehmer Registrierung mit Rueckantwort: 'Ich moechte am ATE-Bonn teilnehmen'
-
-Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
-
-Kontakt: events@cacert.org
diff --git a/scripts/32de-ate-bonn-mail.php.txt b/scripts/32de-ate-bonn-mail.php.txt
deleted file mode 100644
index ea8c579..0000000
--- a/scripts/32de-ate-bonn-mail.php.txt
+++ /dev/null
@@ -1,151 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("32de-ate-bonn-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
-// maxdist in [Km]
- $maxdist = 200;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-
-// Software Freedom Day 19. Sept 2009
-// $locid = 715191; // Hamburg
-
-// LISA2009 Baltimore, 1.11.2009
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
-// $city = "Baltimore, MD - Nov. 3rd 2009";
-
-// OpenSourceTreffen-Muenchen, 20.11.2009
-// $locid = 1260319; // Muenchen
-// $city = "Muenchen - 20. Nov 2009";
-
-// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
-// $locid = 1486658; // Potsdam
-// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
-// $city = "Potsdam - 21. Nov 2009";
-
-// ATE-Goteborg, 16.12.2009
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $eventname = "ATE-Goteborg";
-// $city = "Goteborg - Dec 16th 2009";
-
-// Assurance Event Mission Hills CA, 15.01.2010
-// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
-// $eventname = "Assurance Event";
-// $city = "Mission Hills CA - Jan 15th 2010";
-
-// Assurance Event OSD Copenhagen DK, 5.03.2010
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "Assurance Event OpenSource-Days 2010";
-// $city = "Copenhagen DK - March 5th/6th 2010";
-
-// SCALE 8x Los Angeles, CA, Feb 19-21 2010
-// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
-// $eventname = "SCALE 8x 2010";
-// $city = "Los Angeles, CA - February 19-21 2010";
-
-// ATE Sydney, AU, Mar 24 2010
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $eventname = "ATE-Sydney";
-// $city = "March 24, 2010";
-
-// ATE Essen, DE, Sept 28 2010
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Essen";
-// $city = "September 28, 2010";
-
-// ATE Aachen, DE, Oct 4th 2010
-// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Aachen";
-// $city = "October 4th, 2010";
-
-// ATE Muenchen, DE, Apr 2nd 2011
-// $locid = 1260319; // Muenchen
-// $eventname = "ATE-Muenchen";
-// $city = "2. April, 2011";
-
-// ATE Bonn, DE, Jun 8th 2011
- $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
- $eventname = "ATE-Bonn";
- $city = "8. Juni, 2011";
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mysql_fetch_assoc(mysql_query($query));
-
- $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
- (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
- COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
- FROM `locations`
- inner join `users` on `users`.`locid` = `locations`.`id`
- inner join `alerts` on `users`.`id`=`alerts`.`memid`
- inner join `notary` on `users`.`id`=`notary`.`to`
- WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
- GROUP BY `users`.`id`
- HAVING `distance` <= '$maxdist'
- ORDER BY `distance` ";
- echo $query;
-
- // comment next line when starting to send mail not only to me
- // $query = "select * from `users` where `email` like 'cacerttest%'";
-
- $res = mysql_query($query);
- $xrows = mysql_num_rows($res);
-
- while($row = mysql_fetch_assoc($res))
- {
- // uncomment next line to send mails ...
- sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- }
- // 1x cc to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- // 1x mailing report to events.cacert.org
- sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
-
- // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
- sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
- echo "invitation sent to $xrows recipients.\n";
-
-?>
diff --git a/scripts/33us-ate-wdc-email.txt b/scripts/33us-ate-wdc-email.txt
deleted file mode 100644
index 6547347..0000000
--- a/scripts/33us-ate-wdc-email.txt
+++ /dev/null
@@ -1,40 +0,0 @@
-CAcert Assurer Training Event -- Washington DC / Chantilly
-::::::::::::::::::::::::::::::::::::::::::::::::::
-
-Dear Member of the CAcert Community,
-
-Much has happened during recent years. The old way of orally-transmitted
-procedures has now gone, and our rules have been cast into formal
-policies. New procedures (e.g. the Assurer Challenge) and obligations
-(e.g. in the CAcert Community Agreement) have been approved.
-
-The Assurer Training Events bring all this to you, the Assurer, and the
-Community:
-
-- What do you have to add onto the CAP form if you assure minors ?
-- What are the 2 essential CCA points you have to present an Assuree ?
-- Who can access the Member's privacy information?
-
-Answers to these and many other questions typically faced by Assurers
-are given at the Assurer Training Events (ATEs). Bring your ID for
-assurances. Especially note that Tverify/Thawte people need to boost up
-their Assurance Points.
-
-ATE-WDC takes place at:
-* Saturday, June 18th, 2011
-* Eggspectations Restaurant, Westone Plaza, Chantilly VA.
-* 12:00 - 16:30
-
-For Registration please reply: 'I will attend ATE-Washington'
-
-Don't forget your ID!
-
-We are looking forward to hearing from you.
-
-
-- Best regards from the Event Team!
-
-
-PS: Contact: events@cacert.org
-Location, Transportation and other event details at
-[https://wiki.cacert.org/Events/20110618ATE-WashingtonDC]
diff --git a/scripts/33us-ate-wdc-mail.php.txt b/scripts/33us-ate-wdc-mail.php.txt
deleted file mode 100644
index 117fadb..0000000
--- a/scripts/33us-ate-wdc-mail.php.txt
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/usr/bin/php -q
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2009 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- include_once("../includes/mysql.php");
-
- $lines = "";
- $fp = fopen("33us-ate-wdc-email.txt", "r");
- while(!feof($fp))
- {
- $line = trim(fgets($fp, 4096));
- $lines .= wordwrap($line, 75, "\n")."\n";
- }
- fclose($fp);
-
-
-// $locid = intval($_REQUEST['location']);
-// $maxdist = intval($_REQUEST['maxdist']);
-// maxdist in [Km]
- $maxdist = 200;
-
-
-// location location.ID
-// verified: 29.4.09 u.schroeter
-// $locid = 7902857; // Paris
-// $locid = 238568; // Bielefeld
-// $locid = 715191; // Hamburg
-// $locid = 1102495; // London
-// $locid = 520340; // Duesseldorf
-// $locid = 1260319; // Muenchen
-// $locid = 606058; // Frankfurt
-// $locid = 1775784; // Stuttgart
-// $locid = 228950; // Berlin
-// $locid = 606058; // Frankfurt
-// $locid = 599389; // Flensburg
-// $locid = 61065; // Amsterdam, Eemnes
-// $locid = 228950; // Berlin
-// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US
-// $locid = 1486658; // Potsdam
-// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
-// $locid = 2094781; // Mission Hills (Los Angeles), California, US
-// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
-// $locid = 2257312; // Sydney, New South Wales, Australia
-// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
-// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
-
-// ATE Bonn, DE, Jun 8th 2011
-// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
-// $eventname = "ATE-Bonn";
-// $city = "8. Juni, 2011";
-
-// ATE Washington DC, US, Jun 18th 2011
- $locid = 2102723; // Washington (District of Columbia, ..., US
- $eventname = "ATE-Washington-DC";
- $city = "June 18th, 2011";
-
-
- $query = "select * from `locations` where `id`='$locid'";
- $loc = mys