summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore7
-rw-r--r--CVS/Entries15
-rw-r--r--CVS/Repository1
-rw-r--r--CVS/Root1
-rw-r--r--CommModule/CVS/Entries8
-rw-r--r--CommModule/CVS/Repository1
-rw-r--r--CommModule/CVS/Root1
-rwxr-xr-xCommModule/client.pl152
-rwxr-xr-xCommModule/clientloop.sh12
-rw-r--r--CommModule/error.txt1
-rwxr-xr-xCommModule/logclean.sh9
-rw-r--r--CommModule/readme.txt1
-rwxr-xr-xCommModule/server.pl1064
-rwxr-xr-xCommModule/usbclient.pl2
-rw-r--r--Makefile7
-rw-r--r--README1
-rw-r--r--cacertupload.pl53
-rw-r--r--cgi-bin/CVS/Entries2
-rw-r--r--cgi-bin/CVS/Repository1
-rw-r--r--cgi-bin/CVS/Root1
-rw-r--r--includes/.gitignore1
-rw-r--r--includes/CVS/Entries12
-rw-r--r--includes/CVS/Repository1
-rw-r--r--includes/CVS/Root1
-rw-r--r--includes/about_menu.php6
-rw-r--r--includes/account.php1562
-rw-r--r--includes/account_stuff.php123
-rw-r--r--includes/general.php405
-rw-r--r--includes/general_stuff.php32
-rw-r--r--includes/keygen.php128
-rw-r--r--includes/lib/account.php150
-rw-r--r--includes/lib/check_weak_key.php389
-rw-r--r--includes/lib/general.php162
-rw-r--r--includes/lib/l10n.php375
-rw-r--r--includes/loggedin.php127
-rw-r--r--includes/mysql.php.sample41
-rw-r--r--includes/notary.inc.php2140
-rw-r--r--includes/tverify_stuff.php16
-rw-r--r--locale/.gitignore6
-rw-r--r--locale/CVS/Entries32
-rw-r--r--locale/CVS/Repository1
-rw-r--r--locale/CVS/Root1
-rw-r--r--locale/Makefile184
-rw-r--r--locale/ar.po5195
-rw-r--r--locale/bg.po5195
-rw-r--r--locale/cs.po5195
-rw-r--r--locale/da.po5195
-rw-r--r--locale/de.po5195
-rw-r--r--locale/el.po5195
-rw-r--r--locale/es.po5195
-rw-r--r--locale/escape_special_chars.php80
-rw-r--r--locale/fa.po5195
-rw-r--r--locale/fi.po5195
-rw-r--r--locale/fi_FI/CVS/Entries1
-rw-r--r--locale/fi_FI/CVS/Repository1
-rw-r--r--locale/fi_FI/CVS/Root1
-rw-r--r--locale/fi_FI/LC_MESSAGES/CVS/Entries1
-rw-r--r--locale/fi_FI/LC_MESSAGES/CVS/Repository1
-rw-r--r--locale/fi_FI/LC_MESSAGES/CVS/Root1
-rw-r--r--locale/fr.po5195
-rw-r--r--locale/he.po5195
-rw-r--r--locale/hr.po5195
-rw-r--r--locale/hu.po5195
-rw-r--r--locale/is.po5195
-rw-r--r--locale/it.po5195
-rw-r--r--locale/ja.po5195
-rw-r--r--locale/ka.po5195
-rw-r--r--locale/ko.po5195
-rwxr-xr-xlocale/make.php33
-rw-r--r--locale/nb.po5195
-rw-r--r--locale/nl.po5195
-rw-r--r--locale/pl.po5195
-rw-r--r--locale/pt.po5195
-rw-r--r--locale/pt_BR/CVS/Entries1
-rw-r--r--locale/pt_BR/CVS/Repository1
-rw-r--r--locale/pt_BR/CVS/Root1
-rw-r--r--locale/pt_BR/LC_MESSAGES/CVS/Entries1
-rw-r--r--locale/pt_BR/LC_MESSAGES/CVS/Repository1
-rw-r--r--locale/pt_BR/LC_MESSAGES/CVS/Root1
-rw-r--r--locale/ro.po5195
-rw-r--r--locale/ru.po5195
-rw-r--r--locale/sv.po5195
-rw-r--r--locale/tl.po5195
-rw-r--r--locale/tr.po5195
-rw-r--r--locale/zh.po5195
-rw-r--r--messages.po5321
-rw-r--r--pages/CVS/Entries8
-rw-r--r--pages/CVS/Repository1
-rw-r--r--pages/CVS/Root1
-rw-r--r--pages/account/0.php3
-rw-r--r--pages/account/10.php70
-rw-r--r--pages/account/11.php86
-rw-r--r--pages/account/12.php56
-rw-r--r--pages/account/13.php101
-rw-r--r--pages/account/14.php10
-rw-r--r--pages/account/15.php2
-rw-r--r--pages/account/16.php99
-rw-r--r--pages/account/17.php133
-rw-r--r--pages/account/18.php183
-rw-r--r--pages/account/19.php6
-rw-r--r--pages/account/20.php63
-rw-r--r--pages/account/21.php72
-rw-r--r--pages/account/22.php176
-rw-r--r--pages/account/23.php2
-rw-r--r--pages/account/24.php26
-rw-r--r--pages/account/25.php28
-rw-r--r--pages/account/27.php16
-rw-r--r--pages/account/29.php4
-rw-r--r--pages/account/3.php141
-rw-r--r--pages/account/30.php3
-rw-r--r--pages/account/31.php2
-rw-r--r--pages/account/32.php6
-rw-r--r--pages/account/33.php17
-rw-r--r--pages/account/34.php2
-rw-r--r--pages/account/35.php117
-rw-r--r--[-rwxr-xr-x]pages/account/37.php21
-rw-r--r--[-rwxr-xr-x]pages/account/38.php25
-rw-r--r--[-rwxr-xr-x]pages/account/39.php78
-rw-r--r--pages/account/4.php175
-rw-r--r--[-rwxr-xr-x]pages/account/40.php59
-rw-r--r--pages/account/41.php21
-rw-r--r--pages/account/43.php1417
-rw-r--r--pages/account/44.php27
-rw-r--r--pages/account/49.php30
-rw-r--r--pages/account/5.php63
-rw-r--r--pages/account/50.php6
-rw-r--r--pages/account/52.php107
-rw-r--r--pages/account/55.php234
-rw-r--r--pages/account/56.php82
-rw-r--r--pages/account/57.php107
-rw-r--r--pages/account/58.php61
-rw-r--r--pages/account/59.php385
-rw-r--r--pages/account/6.php250
-rw-r--r--pages/account/8.php4
-rw-r--r--pages/account/CVS/Entries56
-rw-r--r--pages/account/CVS/Repository1
-rw-r--r--pages/account/CVS/Root1
-rw-r--r--pages/advertise/CVS/Entries1
-rw-r--r--pages/advertise/CVS/Repository1
-rw-r--r--pages/advertise/CVS/Root1
-rw-r--r--pages/advertising/CVS/Entries3
-rw-r--r--pages/advertising/CVS/Repository1
-rw-r--r--pages/advertising/CVS/Root1
-rw-r--r--pages/disputes/CVS/Entries7
-rw-r--r--pages/disputes/CVS/Repository1
-rw-r--r--pages/disputes/CVS/Root1
-rw-r--r--pages/gpg/0.php10
-rw-r--r--pages/gpg/2.php35
-rw-r--r--pages/gpg/CVS/Entries4
-rw-r--r--pages/gpg/CVS/Repository1
-rw-r--r--pages/gpg/CVS/Root1
-rw-r--r--pages/help/0.php19
-rw-r--r--pages/help/2.php69
-rw-r--r--pages/help/3.php78
-rw-r--r--pages/help/4.php35
-rw-r--r--pages/help/5.php8
-rw-r--r--pages/help/6.php18
-rw-r--r--pages/help/7.php16
-rw-r--r--pages/help/8.php10
-rw-r--r--pages/help/9.php51
-rw-r--r--pages/help/CVS/Entries10
-rw-r--r--pages/help/CVS/Repository1
-rw-r--r--pages/help/CVS/Root1
-rw-r--r--pages/index/0.php151
-rw-r--r--pages/index/1.php93
-rw-r--r--pages/index/10.php77
-rw-r--r--pages/index/11.php54
-rw-r--r--pages/index/12.php21
-rw-r--r--pages/index/13.php24
-rw-r--r--[-rwxr-xr-x]pages/index/16.php18
-rw-r--r--pages/index/19.php94
-rw-r--r--pages/index/21.php39
-rw-r--r--pages/index/3.php71
-rw-r--r--pages/index/4.php10
-rw-r--r--pages/index/52.php33
-rw-r--r--pages/index/6.php4
-rw-r--r--pages/index/8.php15
-rw-r--r--pages/index/CVS/Entries21
-rw-r--r--pages/index/CVS/Repository1
-rw-r--r--pages/index/CVS/Root1
-rw-r--r--pages/wot/1.php22
-rw-r--r--pages/wot/10.php53
-rw-r--r--pages/wot/11.php52
-rw-r--r--pages/wot/14.php47
-rw-r--r--[-rwxr-xr-x]pages/wot/15.php (renamed from scripts/nearest.php)23
-rw-r--r--pages/wot/2.php25
-rw-r--r--pages/wot/4.php74
-rw-r--r--pages/wot/5.php66
-rw-r--r--pages/wot/6.php192
-rw-r--r--pages/wot/7-old.php183
-rw-r--r--pages/wot/9.php28
-rw-r--r--pages/wot/CVS/Entries16
-rw-r--r--pages/wot/CVS/Repository1
-rw-r--r--pages/wot/CVS/Root1
-rw-r--r--scripts/49de-lt2013-berlin-email.txt17
-rw-r--r--scripts/49de-lt2013-berlin-mail.php.txt (renamed from scripts/ate-sydney-au20-mail.php.txt)81
-rw-r--r--scripts/50de-ate-luebeck-email.txt91
-rw-r--r--scripts/50de-ate-luebeck-mail.php.txt123
-rw-r--r--scripts/51at-ate-graz-email.txt91
-rw-r--r--scripts/51at-ate-graz-mail.php.txt126
-rw-r--r--scripts/52at-ate-wien-email.txt91
-rw-r--r--scripts/52at-ate-wien-mail.php.txt130
-rw-r--r--scripts/53de-ate-amberg-email.txt93
-rw-r--r--scripts/53de-ate-amberg-mail.php.txt133
-rw-r--r--scripts/54at-ate-linz-email.txt91
-rw-r--r--scripts/54at-ate-linz-mail.php.txt140
-rw-r--r--scripts/55de-ate-wiesbaden-email.txt46
-rw-r--r--scripts/55de-ate-wiesbaden-mail.php.txt122
-rw-r--r--scripts/56at-ate-oberwart-email.txt93
-rw-r--r--scripts/56at-ate-oberwart-mail.php.txt147
-rw-r--r--scripts/57at-ate-graz-email.txt91
-rw-r--r--scripts/57at-ate-graz-mail.php.txt130
-rw-r--r--scripts/58at-ate-wien-email.txt91
-rw-r--r--scripts/58at-ate-wien-mail.php.txt134
-rw-r--r--scripts/59de-ate-freiburg-email.txt91
-rw-r--r--scripts/59de-ate-freiburg-mail.php.txt138
-rw-r--r--scripts/60de-ate-bremen-email.txt92
-rw-r--r--scripts/60de-ate-bremen-mail.php.txt142
-rw-r--r--scripts/61de-ate-dresden-email.txt92
-rw-r--r--scripts/61de-ate-dresden-mail.php.txt147
-rw-r--r--scripts/62de-froscon2015-email.txt33
-rw-r--r--scripts/62de-froscon2015-mail.php.txt151
-rw-r--r--scripts/63dk-ate-nykobing-email.txt121
-rw-r--r--scripts/63dk-ate-nykobing-mail.php.txt155
-rw-r--r--scripts/CVS/Entries53
-rw-r--r--scripts/CVS/Repository1
-rw-r--r--scripts/CVS/Root1
-rw-r--r--scripts/DumpWeakCerts.pl193
-rwxr-xr-xscripts/addpoints.php2
-rwxr-xr-xscripts/areacheck.php64
-rw-r--r--scripts/assurer.php2
-rw-r--r--scripts/ate-bi-email.txt124
-rw-r--r--scripts/ate-bi-mail.php78
-rw-r--r--scripts/ate-d-email.txt127
-rw-r--r--scripts/ate-d-mail.php.txt85
-rw-r--r--scripts/ate-de09-email.txt117
-rw-r--r--scripts/ate-de09-mail.php.txt88
-rw-r--r--scripts/ate-de11-email.txt37
-rw-r--r--scripts/ate-de11-mail.php.txt92
-rw-r--r--scripts/ate-f-email.txt40
-rw-r--r--scripts/ate-f-mail.php.txt83
-rw-r--r--scripts/ate-goteborg-s16-email.txt58
-rw-r--r--scripts/ate-goteborg-s16-mail.php.txt110
-rw-r--r--scripts/ate-hh-email.txt40
-rw-r--r--scripts/ate-hh-mail.php.txt164
-rw-r--r--scripts/ate-l-email.txt40
-rw-r--r--scripts/ate-l-mail.php.txt84
-rw-r--r--scripts/ate-m-email.txt36
-rw-r--r--scripts/ate-m-mail.php.txt83
-rw-r--r--scripts/ate-nl01-email.txt88
-rw-r--r--scripts/ate-nl01-mail.php.txt89
-rw-r--r--scripts/ate-s-email.txt40
-rw-r--r--scripts/ate-s-mail.php.txt83
-rw-r--r--scripts/ate-sydney-au20-email.txt30
-rw-r--r--scripts/ate-us02-email.txt27
-rw-r--r--scripts/ate-us02-mail.php.txt97
-rw-r--r--scripts/blit-de15-email.txt23
-rw-r--r--scripts/cebitemail.txt36
-rwxr-xr-xscripts/cron/permissionreview.php250
-rwxr-xr-xscripts/cron/refresh_stats.php308
-rwxr-xr-xscripts/cron/removedead.php (renamed from scripts/removedead.php)13
-rwxr-xr-xscripts/cron/updatesort.php (renamed from scripts/updatesort.php)17
-rwxr-xr-xscripts/cron/warning.php (renamed from scripts/warning.php)66
-rwxr-xr-xscripts/db_migrations/version1.sh164
-rwxr-xr-xscripts/db_migrations/version2.sh96
-rwxr-xr-xscripts/db_migrations/version3.sh98
-rwxr-xr-xscripts/db_migrations/version4.sh100
-rwxr-xr-xscripts/db_migrations/version5.sh249
-rwxr-xr-xscripts/db_migrations/version6.sh70
-rw-r--r--scripts/gpgfillmissingemail.php4
-rw-r--r--scripts/koelnemail.txt28
-rw-r--r--scripts/lisa-us13-email.txt12
-rw-r--r--scripts/lisa-us13-mail.php.txt96
-rw-r--r--scripts/mail-weak-keys.php161
-rw-r--r--scripts/mailing archive/45au-ate-melbourne-email.txt32
-rw-r--r--scripts/mailing archive/45au-ate-melbourne-mail.php.txt (renamed from scripts/mission-hills-ca-us17-mail.php.txt)55
-rw-r--r--scripts/mailing archive/46us-ate-raleigh-email.txt41
-rw-r--r--scripts/mailing archive/46us-ate-raleigh-mail.php.txt (renamed from scripts/osd-copenhagen-dk18-mail.php.txt)64
-rw-r--r--scripts/mailing archive/47us-fudcon-lawrence-email.txt26
-rw-r--r--scripts/mailing archive/47us-fudcon-lawrence-mail.php.txt (renamed from scripts/blit-de15-mail.php.txt)46
-rw-r--r--scripts/mailing archive/48de-ate-kiel-email.txt68
-rw-r--r--scripts/mailing archive/48de-ate-kiel-mail.php.txt (renamed from scripts/scale8x-los-angeles-ca-us19-mail.php.txt)71
-rw-r--r--scripts/mailing archive/oa01-allowance.php.txt93
-rw-r--r--scripts/mailing archive/oa01-allowance.txt159
-rw-r--r--scripts/mailing archive/oa02-mailingtextCats.txt71
-rw-r--r--scripts/mailing archive/oa02-mailingtextPoints.txt79
-rw-r--r--scripts/mailing archive/oa02-mailingtextPointsCats.txt82
-rw-r--r--scripts/mailing archive/oa02-orgainformation.php.txt119
-rw-r--r--scripts/mailing archive/thawte_DE.txt35
-rw-r--r--scripts/mailing archive/thawte_EN.txt35
-rw-r--r--scripts/mailing archive/thawte_ES.txt31
-rw-r--r--scripts/mailing archive/thawte_FR.txt31
-rw-r--r--scripts/mailing archive/thawte_NL.txt35
-rw-r--r--scripts/mailing archive/thawte_RU.txt31
-rw-r--r--scripts/mass-revoke.php89
-rw-r--r--scripts/mission-hills-ca-us17-email.txt17
-rw-r--r--scripts/oa03-csr_org_client_cert.php.txt98
-rw-r--r--scripts/oa03-csr_org_client_cert.txt58
-rw-r--r--scripts/osd-copenhagen-dk18-email.txt35
-rw-r--r--scripts/ost-de14-email.txt22
-rw-r--r--scripts/ost-de14-mail.php.txt100
-rw-r--r--scripts/perl_mysql.sample6
-rw-r--r--scripts/resetpermissions.php71
-rw-r--r--scripts/scale8x-los-angeles-ca-us19-email.txt36
-rwxr-xr-xscripts/scanforexponents.php5
-rw-r--r--scripts/send_heartbleed.php248
-rw-r--r--scripts/send_policy_cca_20140916.php137
-rw-r--r--scripts/send_policy_cca_correct_20150221_1.php113
-rw-r--r--scripts/send_policy_cca_correct_20150221_2.php97
-rw-r--r--scripts/send_thawte.php.txt167
-rw-r--r--scripts/sfd-de12-email.txt24
-rw-r--r--scripts/sfd-de12-mail.php.txt94
-rw-r--r--stamp/CVS/Entries10
-rw-r--r--stamp/CVS/Repository1
-rw-r--r--stamp/CVS/Root1
-rw-r--r--stamp/common.php6
-rw-r--r--stamp/images/CVS/Entries2
-rw-r--r--stamp/images/CVS/Repository1
-rw-r--r--stamp/images/CVS/Root1
-rw-r--r--stamp/style.css91
-rw-r--r--tmp/CVS/Entries2
-rw-r--r--tmp/CVS/Repository1
-rw-r--r--tmp/CVS/Root1
-rw-r--r--tmp/Makefile3
-rw-r--r--tverify/CVS/Entries4
-rw-r--r--tverify/CVS/Repository1
-rw-r--r--tverify/CVS/Root1
-rw-r--r--tverify/index/CVS/Entries3
-rw-r--r--tverify/index/CVS/Repository1
-rw-r--r--tverify/index/CVS/Root1
-rw-r--r--www/.htaccess2
-rw-r--r--www/CVS/Entries40
-rw-r--r--www/CVS/Repository1
-rw-r--r--www/CVS/Root1
-rw-r--r--www/account.php47
-rw-r--r--www/advertising.php6
-rw-r--r--www/api/CVS/Entries5
-rw-r--r--www/api/CVS/Repository1
-rw-r--r--www/api/CVS/Root1
-rw-r--r--www/api/ccsr.php29
-rw-r--r--www/api/cemails.php9
-rw-r--r--www/cap.html.php8
-rw-r--r--www/cap.php68
-rw-r--r--www/capnew.php66
-rw-r--r--www/cats/.#cats_import.php.1.2165
-rw-r--r--www/cats/CVS/Entries2
-rw-r--r--www/cats/CVS/Repository1
-rw-r--r--www/cats/CVS/Root1
-rw-r--r--www/cats/cats_import.php9
-rw-r--r--www/certs/CAcert_Root_Certificates.msibin0 -> 1593344 bytes
-rw-r--r--www/certs/CVS/Entries8
-rw-r--r--www/certs/CVS/Repository1
-rw-r--r--www/certs/CVS/Root1
-rw-r--r--www/certs/class3.crt73
-rw-r--r--www/certs/class3.derbin1548 -> 1885 bytes
-rw-r--r--www/certs/class3.txt152
-rw-r--r--www/coap.html.php18
-rw-r--r--www/coapnew.php82
-rw-r--r--www/cps.php1553
-rw-r--r--www/disputes.php90
-rw-r--r--www/docs/CVS/Entries12
-rw-r--r--www/docs/CVS/Repository1
-rw-r--r--www/docs/CVS/Root1
-rw-r--r--www/gpg.php292
-rw-r--r--www/iistutorial/CVS/Entries17
-rw-r--r--www/iistutorial/CVS/Repository1
-rw-r--r--www/iistutorial/CVS/Root1
-rw-r--r--www/images/CAcert-logo-mono-1000.pngbin0 -> 19406 bytes
-rw-r--r--www/images/CVS/Entries2
-rw-r--r--www/images/CVS/Repository1
-rw-r--r--www/images/CVS/Root1
-rw-r--r--www/images/btn_paynowCC_LG.gifbin2432 -> 2410 bytes
-rw-r--r--www/images/btn_subscribeCC_LG.gifbin0 -> 2172 bytes
-rw-r--r--www/images/cacert-draft.png (renamed from www/policy/cacert-draft.png)bin4796 -> 4796 bytes
-rw-r--r--www/index.php275
-rw-r--r--www/keygenIE.js611
-rw-r--r--www/logos/CAcert-logo-colour-1000.pngbin0 -> 24317 bytes
-rw-r--r--www/logos/CAcert-logo-mono-1000.pngbin0 -> 19406 bytes
-rw-r--r--www/logos/CVS/Entries18
-rw-r--r--www/logos/CVS/Repository1
-rw-r--r--www/logos/CVS/Root1
-rw-r--r--www/logos/cacert-free-certificates4.pngbin4391 -> 4391 bytes
-rw-r--r--www/policy/AssurancePolicy.html750
-rw-r--r--www/policy/AssurancePolicy.php727
-rw-r--r--www/policy/CAcertCommunityAgreement.html407
-rw-r--r--www/policy/CAcertCommunityAgreement.php516
-rw-r--r--www/policy/CVS/Entries8
-rw-r--r--www/policy/CVS/Repository1
-rw-r--r--www/policy/CVS/Root1
-rw-r--r--www/policy/CertificationPracticeStatement.html4698
-rw-r--r--www/policy/CertificationPracticeStatement.php4095
-rw-r--r--www/policy/ConfigurationControlSpecification.html277
-rw-r--r--www/policy/DisputeResolutionPolicy.html780
-rw-r--r--www/policy/DisputeResolutionPolicy.php643
-rw-r--r--www/policy/NRPDisclaimerAndLicence.php105
-rw-r--r--www/policy/OrganisationAssurancePolicy.html408
-rw-r--r--www/policy/OrganisationAssurancePolicy.php383
-rw-r--r--www/policy/OrganisationAssurancePolicy_Australia.html309
-rw-r--r--www/policy/OrganisationAssurancePolicy_Europe.html1021
-rw-r--r--www/policy/OrganisationAssurancePolicy_Germany.html138
-rw-r--r--www/policy/PolicyOnJuniorAssurersMembers.html202
-rw-r--r--www/policy/PolicyOnPolicy.html356
-rw-r--r--www/policy/PolicyOnPolicy.php291
-rw-r--r--www/policy/PrivacyPolicy.html112
-rw-r--r--www/policy/PrivacyPolicy.php4
-rw-r--r--www/policy/RootDistributionLicense.html177
-rw-r--r--www/policy/RootDistributionLicense.php4
-rw-r--r--www/policy/SecurityPolicy.html1308
-rw-r--r--www/policy/TTPAssistedAssurancePolicy.html271
-rw-r--r--www/policy/images/cacert-draft.pngbin0 -> 4796 bytes
-rw-r--r--www/policy/images/cacert-policy.pngbin0 -> 5030 bytes
-rw-r--r--www/policy/images/valid-html401-blue.pngbin0 -> 1669 bytes
-rw-r--r--www/policy/images/valid-html50-blue.pngbin0 -> 1438 bytes
-rw-r--r--www/policy/images/valid-xhtml11-blue.pngbin0 -> 2037 bytes
-rw-r--r--www/policy/index.php11
-rw-r--r--www/siteimages/CVS/Entries9
-rw-r--r--www/siteimages/CVS/Repository1
-rw-r--r--www/siteimages/CVS/Root1
-rw-r--r--www/sqldump.php22
-rw-r--r--www/stats.php427
-rw-r--r--www/styles/CVS/Entries2
-rw-r--r--www/styles/CVS/Repository1
-rw-r--r--www/styles/CVS/Root1
-rw-r--r--www/styles/default.css478
-rw-r--r--www/ttp.php28
-rw-r--r--www/tverify/CVS/Entries2
-rw-r--r--www/tverify/CVS/Repository1
-rw-r--r--www/tverify/CVS/Root1
-rw-r--r--www/wot.php614
429 files changed, 30329 insertions, 167638 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4559ec0
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+# Gettext file is autogenerated by make
+# => ignore it
+# run "make all" to generate a new one and upload it to translingo
+/messages.po
+
+# Ignore file with the account data
+/password.dat
diff --git a/CVS/Entries b/CVS/Entries
deleted file mode 100644
index 00ce1ea..0000000
--- a/CVS/Entries
+++ /dev/null
@@ -1,15 +0,0 @@
-D/cgi-bin////
-D/includes////
-D/locale////
-D/pages////
-D/scripts////
-D/tverify////
-D/www////
-D/stamp////
-D/CommModule////
-/Makefile/1.2/Sun Apr 22 17:42:25 2007//
-/LICENSE/1.2/Sun Apr 6 19:45:24 2008//
-/cacertupload.pl/1.4/Sun Sep 7 22:20:28 2008//
-/messages.po/1.80/Thu Jun 25 20:09:26 2009//
-/README/1.3/Mon Sep 7 22:36:29 2009//
-D/tmp////
diff --git a/CVS/Repository b/CVS/Repository
deleted file mode 100644
index 97ea8c8..0000000
--- a/CVS/Repository
+++ /dev/null
@@ -1 +0,0 @@
-cacert
diff --git a/CVS/Root b/CVS/Root
deleted file mode 100644
index da7816b..0000000
--- a/CVS/Root
+++ /dev/null
@@ -1 +0,0 @@
-/var/lib/cvs/
diff --git a/CommModule/CVS/Entries b/CommModule/CVS/Entries
deleted file mode 100644
index b156d1e..0000000
--- a/CommModule/CVS/Entries
+++ /dev/null
@@ -1,8 +0,0 @@
-/clientloop.sh/1.1/Sun Jan 13 00:05:44 2008//
-/error.txt/1.1/Sun Jan 13 00:05:44 2008//
-/readme.txt/1.1/Sun Jan 13 00:05:44 2008//
-/usbclient.pl/1.3/Fri Jul 18 16:37:02 2008//
-/logclean.sh/1.2/Sun May 24 18:08:23 2009//
-/client.pl/1.12/Sat Sep 19 23:32:57 2009//
-/serial.conf/1.3/Sat Sep 19 23:32:57 2009//
-D
diff --git a/CommModule/CVS/Repository b/CommModule/CVS/Repository
deleted file mode 100644
index 4e4c1e9..0000000
--- a/CommModule/CVS/Repository
+++ /dev/null
@@ -1 +0,0 @@
-cacert/CommModule
diff --git a/CommModule/CVS/Root b/CommModule/CVS/Root
deleted file mode 100644
index a363882..0000000
--- a/CommModule/CVS/Root
+++ /dev/null
@@ -1 +0,0 @@
-/var/lib/cvs
diff --git a/CommModule/client.pl b/CommModule/client.pl
index 7b417d1..0874477 100755
--- a/CommModule/client.pl
+++ b/CommModule/client.pl
@@ -31,7 +31,7 @@ use DBI;
use Locale::gettext;
use IO::Socket;
use MIME::Base64;
-use Digest::SHA1 qw(sha1_hex);
+use Digest::SHA qw(sha1_hex);
#Protocol version:
my $ver=1;
@@ -172,7 +172,7 @@ else
$PortObj->baudrate(115200);
$PortObj->parity("none");
$PortObj->databits(8);
-$PortObj->stopbits(1);
+$PortObj->stopbits(1);
}
}
@@ -286,8 +286,8 @@ sub SendIt($)
# {
# $PortObj->write(substr($_[0],$_,1));
# }
-
-}
+
+}
my $modus=0;
@@ -313,17 +313,17 @@ sub SendHandshaked($)
$xor ^= unpack("C",substr($_[0],$_,1));
}
#print "XOR: $xor\n";
-
+
my $tryagain=1;
while($tryagain)
{
SendIt($_[0].pack("C",$xor)."rie4Ech7");
-
+
Error "Packet receipt was not confirmed in 5 seconds. Connection lost!\n" if(!scalar($sel->can_read(5)));
$data="";
$length=read SER,$data,1;
-
+
if($length && $data eq "\x10")
{
SysLog "Sent successfully!...\n";
@@ -335,14 +335,14 @@ sub SendHandshaked($)
}
else
{
- Error "I cannot send! $length ".unpack("C",$data)."\n";
+ Error "I cannot send! $length ".unpack("C",$data)."\n";
}
}
}
else
{
- print "!Cannot send! $length \n";
+ print "!Cannot send! $length \n";
Error "!Stopped sending.\n";
}
}
@@ -423,7 +423,7 @@ sub Request($$$$$$$$$$$)
my @fields=unpack3array(substr($data,3,-9));
SysLog "Answer from Server: ".hexdump($data)."\n" if($debug);
-
+
#if(open OUT,">result.dat")
#{
# print OUT $data;
@@ -441,7 +441,7 @@ sub calculateDays($)
{
if($_[0])
{
- my @sum = $dbh->selectrow_array("select sum(`points`) as `total` from `notary` where `to`='".$_[0]."' group by `to`");
+ my @sum = $dbh->selectrow_array("select sum(`points`) as `total` from `notary` where `to`='".$_[0]."' and `deleted`=0 group by `to`");
SysLog("Summe: $sum[0]\n") if($debug);
return ($sum[0]>=50)?730:180;
@@ -461,8 +461,8 @@ sub X509extractSAN($)
{
$SAN.="," if($SAN ne "");
$SAN.= trim($bit[1]);
- }
- else
+ }
+ else
{
$newsubject .= "/".$val;
}
@@ -470,7 +470,7 @@ sub X509extractSAN($)
$newsubject=~s{^//}{/};
$newsubject=~s/[\n\r\t\x00"\\']//g;
$SAN=~s/[ \n\r\t\x00"\\']//g;
- return($SAN,$newsubject);
+ return($SAN,$newsubject);
}
sub X509extractExpiryDate($)
@@ -526,25 +526,25 @@ sub X509extractSerialNumber($)
return "";
}
-sub OpenPGPextractExpiryDate ($)
+sub OpenPGPextractExpiryDate ($)
{
my $r="";
my $cts;
my @date;
-
+
open(RGPG, $gpgbin.' -vv '.$_[0].' 2>&1 |') or Error('Can\'t start GnuPG($gpgbin): '.$!."\n");
open(OUT, '> infogpg.txt' ) or Error('Can\'t open output file: infogpg.txt: '.$!);
$/="\n";
- while (<RGPG>)
+ while (<RGPG>)
{
print OUT $_;
- unless ($r)
+ unless ($r)
{
- if ( /^\s*version \d+, created (\d+), md5len 0, sigclass \d+\s*$/ )
+ if ( /^\s*version \d+, created (\d+), md5len 0, sigclass (?:0x[0-9a-fA-F]+|\d+)\s*$/ )
{
SysLog "Detected CTS: $1\n";
$cts = int($1);
- } elsif ( /^\s*critical hashed subpkt \d+ len \d+ \(sig expires after ((\d+)y)?((\d+)d)?((\d+)h)?(\d+)m\)\s*$/ )
+ } elsif ( /^\s*critical hashed subpkt \d+ len \d+ \(sig expires after ((\d+)y)?((\d+)d)?((\d+)h)?(\d+)m\)\s*$/ )
{
SysLog "Detected FRAME $2 $4 $6 $8\n";
$cts += $2 * 31536000; # secs per year (60 * 60 * 24 * 365)
@@ -560,19 +560,19 @@ sub OpenPGPextractExpiryDate ($)
}
}
- close(OUT );
+ close(OUT );
close(RGPG);
SysLog "CTS: $cts R: $r\n";
-
- if ( $r )
+
+ if ( $r )
{
@date = gmtime($r);
$r = sprintf('%.4i-%.2i-%.2i %.2i:%.2i:%.2i', # date format
$date[5] + 1900, $date[4] + 1, $date[3], # day
$date[2], $date[1], $date[0], # time
);
-
+
}
SysLog "$r\n";
return $r;
@@ -595,7 +595,7 @@ sub OpenPGPextractExpiryDate ($)
# Sets the locale according to the users preferred language
sub setUsersLanguage($)
{
- my $lang="de_DE";
+ my $lang="en_US";
print "Searching for the language of the user $_[0]\n";
my @a=$dbh->selectrow_array("select language from users where id='".int($_[0])."'");
$lang = $1 if($a[0]=~m/(\w+_[\w.@]+)/);
@@ -605,7 +605,7 @@ sub setUsersLanguage($)
if($lang ne "")
{
$ENV{"LANG"}=$lang;
- setlocale(LC_ALL, $lang);
+ setlocale(LC_ALL, $lang);
} else {
$ENV{"LANG"}="en_AU";
setlocale(LC_ALL, "en_AU");
@@ -642,7 +642,7 @@ sub sendmail($$$$$$$)
my ($to, $subject, $message, $from, $replyto, $toname, $fromname)=@_;
my $errorsto="returns\@cacert.org";
my $extra="";
-
+
# sendmail($user{email}, "[CAcert.org] Your GPG/PGP Key", $body, "support\@cacert.org", "", "", "CAcert Support");
my @lines=split("\n",$message);
@@ -653,14 +653,14 @@ sub sendmail($$$$$$$)
if($line eq ".")
{
$message .= " .\n";
- } else
+ } else
{
$message .= $line."\n";
- }
+ }
}
$fromname = $from if($fromname eq "");
-
+
my @bits = split(",", $from);
$from = addslashes($bits['0']);
$fromname = addslashes($fromname);
@@ -670,13 +670,13 @@ sub sendmail($$$$$$$)
SysLog "SMTP: ".<$smtp>;
print $smtp "HELO hlin.cacert.org\r\n";
SysLog "SMTP: ".<$smtp>;
- print $smtp "MAIL FROM: <returns\@cacert.org>\r\n";
+ print $smtp "MAIL FROM:<returns\@cacert.org>\r\n";
SysLog "MAIL FROM: ".<$smtp>;
-
+
@bits = split(",", $to);
foreach my $user (@bits)
{
- print $smtp "RCPT TO: <".trim($user).">\r\n";
+ print $smtp "RCPT TO:<".trim($user).">\r\n";
SysLog "RCPT TO: ".<$smtp>;
}
print $smtp "DATA\r\n";
@@ -707,7 +707,7 @@ sub sendmail($$$$$$$)
print $smtp "Content-Type: text/plain; charset=\"utf-8\"\r\n";
print $smtp "Content-Transfer-Encoding: 8bit\r\n";
}
- else
+ else
{
print $smtp "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n";
print $smtp "Content-Transfer-Encoding: quoted-printable\r\n";
@@ -756,7 +756,7 @@ sub HandleCerts($$)
{
#Weird SQL structure ...
my @sqlres=$dbh->selectrow_array("select memid from domains where id='".int($row{'domid'})."'");
- $row{'memid'}=$sqlres[0];
+ $row{'memid'}=$sqlres[0];
SysLog("Fetched memid: $row{'memid'}\n") if($debug);
}
@@ -834,8 +834,15 @@ sub HandleCerts($$)
my $days=$org?($server?(365*2):365):calculateDays($row{"memid"});
+ my $md_id = 0;
+ $md_id = 1 if( $row{'md'} eq "md5");
+ $md_id = 2 if( $row{'md'} eq "sha1");
+ $md_id = 3 if( $row{'md'} eq "rmd160");
+ $md_id = 8 if( $row{'md'} eq "sha256");
+ $md_id = 9 if( $row{'md'} eq "sha384");
+ $md_id =10 if( $row{'md'} eq "sha512");
- $crt=Request($ver,1,1,$row{'rootcert'}-1,$profile,$row{'md'}eq"sha1"?2:0,$days,$row{'keytype'}eq"NS"?1:0,$content,$SAN,$subject);
+ $crt=Request($ver,1,1,$row{'rootcert'}-1,$profile,$md_id,$days,$row{'keytype'}eq"NS"?1:0,$content,$SAN,$subject);
if(length($crt))
{
if($crt=~m/^-----BEGIN CERTIFICATE-----/)
@@ -850,7 +857,7 @@ sub HandleCerts($$)
print OUT $crt;
close OUT;
system "$opensslbin x509 -in $crtname.der -inform der -out $crtname";
- }
+ }
}
else
{
@@ -887,14 +894,14 @@ sub HandleCerts($$)
my $body = _("Hi")." $user{fname},\n\n";
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row{'email'}.$row{'CN'});
$body .= "https://www.cacert.org/account.php?id=".($server?"15":"6")."&cert=$row{id}\n\n";
- $body .= _("If you have not imported CAcert´s root certificate, please go to:")."\n";
+ $body .= _("If you have not imported CAcert's root certificate, please go to:")."\n";
$body .= "https://www.cacert.org/index.php?id=3\n";
$body .= "Root cert fingerprint = A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B\n";
$body .= "Root cert fingerprint = 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n";
sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support");
}
- else
+ else
{
SysLog("Could not find the issued certificate. $crtname ".$row{"id"}."\n");
$dbh->do("update `$table` set warning=warning+1 where `id`='".$row{'id'}."'");
@@ -907,7 +914,7 @@ sub DoCRL($$)
{
my $crl=$_[0];
my $crlname=$_[1];
-
+
if(length($crl))
{
if($crl=~m/^-----BEGIN X509 CRL-----/)
@@ -922,7 +929,7 @@ sub DoCRL($$)
open OUT,">$crlname.patch";
print OUT $crl;
close OUT;
- my $res=system "xdelta patch $crlname.patch $crlname $crlname.tmp";
+ my $res=system "xdelta patch $crlname.patch $crlname $crlname.tmp";
#print "xdelta res: $res\n";
if($res==512)
{
@@ -932,7 +939,7 @@ sub DoCRL($$)
}
}
- my $res=`openssl crl -verify -in $crlname.tmp -inform der -noout 2>&1`;
+ my $res=`openssl crl -verify -in $crlname.tmp -inform der -noout 2>&1`;
SysLog "verify: $res\n";
if($res=~m/verify OK/)
{
@@ -1016,17 +1023,29 @@ sub RevokeCerts($$)
if($result)
{
- setUsersLanguage($row{memid});
-
- my %user=getUserData($row{memid});
-
$dbh->do("update `$table` set `revoked`=now() where `id`='".$row{'id'}."'");
- my $body = _("Hi")." $user{fname},\n\n";
- $body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row{'CN'});
- $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n";
- SysLog("Sending email to ".$user{"email"}."\n") if($debug);
- sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support");
+ if($org eq "")
+ {
+ if($server)
+ {
+ my @a=$dbh->selectrow_array("select `memid` from `domains` where `id`='".int($row{domid})."'");
+ sendRevokeMail($a[0], $row{'CN'}, $row{'serial'});
+ }
+ else
+ {
+ sendRevokeMail($row{memid}, $row{'CN'}, $row{'serial'});
+ }
+ }
+ else
+ {
+ my $orgsth = $dbh->prepare("select `memid` from `org` where `orgid`='".int($row{orgid})."'");
+ $orgsth->execute();
+ while ( my ($memid) = $orgsth->fetchrow_array() )
+ {
+ sendRevokeMail($memid, $row{'CN'}, $row{'serial'});
+ }
+ }
}
}
@@ -1039,6 +1058,21 @@ sub RevokeCerts($$)
}
+sub sendRevokeMail()
+{
+ my $memid = $_[0];
+ my $certName = $_[1];
+ my $serial = $_[2];
+ setUsersLanguage($memid);
+
+ my %user=getUserData($memid);
+
+ my $body = _("Hi")." $user{fname},\n\n";
+ $body .= sprintf(_("Your certificate for '%s' with the serial number '%s' has been revoked, as per request.")."\n\n", $certName, $serial);
+ $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n";
+ SysLog("Sending email to ".$user{"email"}."\n") if($debug);
+ sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support");
+}
@@ -1050,7 +1084,7 @@ sub HandleGPG()
while ( $rowdata = $sth->fetchrow_hashref() )
{
my %row=%{$rowdata};
-
+
my $prefix="gpg";
my $short=int($row{'id'}/1000);
my $csrname = "../csr/$prefix-".$row{'id'}.".csr";
@@ -1064,11 +1098,11 @@ sub HandleGPG()
#my $csrname = "../csr/gpg-".$row{'id'}.".csr";
#my $crtname = "../crt/gpg-".$row{'id'}.".crt";
-
+
SysLog "Opening $csrname\n";
-
+
my $crt="";
-
+
if(-s $csrname && open(IN,"<$csrname"))
{
undef $/;
@@ -1094,12 +1128,12 @@ sub HandleGPG()
{
SysLog "Opening $crtname\n";
setUsersLanguage($row{memid});
-
+
my $date=OpenPGPextractExpiryDate($crtname);
my %user=getUserData($row{memid});
-
+
$dbh->do("update `gpg` set `crt`='$crtname', issued=now(), `expire`='$date' where `id`='".$row{'id'}."'");
-
+
my $body = _("Hi")." $user{fname},\n\n";
$body .= sprintf(_("Your CAcert signed key for %s is available online at:")."\n\n", $row{'email'});
$body .= "https://www.cacert.org/gpg.php?id=3&cert=$row{id}\n\n";
@@ -1146,5 +1180,5 @@ while ( -f "./client.pl-active" )
my $timestamp=strftime("%m%d%H%M%Y.%S",gmtime);
Request($ver,0,0,0,0,0,0,0,$timestamp,"","");
sleep(1);
- usleep(1700000);
+ usleep(1700000);
}
diff --git a/CommModule/clientloop.sh b/CommModule/clientloop.sh
deleted file mode 100755
index c1254f2..0000000
--- a/CommModule/clientloop.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-while true
-do
-perl ./client.pl
-#mail -s CAcert-Alert pg@futureware.at <error.txt
-echo ******************************************************************
-echo ******************************************************************
-echo ******************************************************************
-sleep 1
-done
-
diff --git a/CommModule/error.txt b/CommModule/error.txt
deleted file mode 100644
index 7224707..0000000
--- a/CommModule/error.txt
+++ /dev/null
@@ -1 +0,0 @@
-The CommModule has a problem.
diff --git a/CommModule/logclean.sh b/CommModule/logclean.sh
index 99963ee..62aa04c 100755
--- a/CommModule/logclean.sh
+++ b/CommModule/logclean.sh
@@ -2,6 +2,9 @@
# logclean.sh - maintenance script for logfiles generated by CommModule
# run this daily or weekly from cron
+COMPRESS="xz -9 -M 1GiB" # compression program to use
+COMPRESS_EXT=xz # file extension for compression program
+
syslog_error()
{
logger -i -t CommModule/logclean.sh -p user.err $1
@@ -31,12 +34,12 @@ if [ -n "${FILES}" ]
then
for F in ${FILES}
do
- syslog_notice "Compressing ${F}" && bzip2 ${F}
+ syslog_notice "Compressing ${F}" && ${COMPRESS} ${F}
done
fi
# move compressed logfiles to oldlogs directory
-FILES=`find logfile20*.txt.bz2 -print`
+FILES=`find logfile20*.txt.${COMPRESS_EXT} -print`
if [ -n "${FILES}" ]
then
mkdir -p oldlogs
@@ -47,7 +50,7 @@ then
fi
# delete old logfiles which have not been modified in at least 2.5+ years
-FILES=`find oldlogs/logfile20*.txt.bz2 -mtime +913 -print`
+FILES=`find oldlogs/logfile20*.txt.${COMPRESS_EXT} -mtime +913 -print`
if [ -n "${FILES}" ]
then
for F in ${FILES}
diff --git a/CommModule/readme.txt b/CommModule/readme.txt
index d832491..94f09fe 100644
--- a/CommModule/readme.txt
+++ b/CommModule/readme.txt
@@ -3,4 +3,5 @@ commdaemon Script to run client.pl or server.pl
commmodule Script for startup/shutdown of CommModule from /etc/init.d
logclean.sh Maintenance script for logfiles generated by CommModule
serial.conf Serial Port configuration file
+server.pl The real server, running on the signing server
usbclient.pl Obsoleted USB version of client.pl above
diff --git a/CommModule/server.pl b/CommModule/server.pl
new file mode 100755
index 0000000..3fd77e6
--- /dev/null
+++ b/CommModule/server.pl
@@ -0,0 +1,1064 @@
+#!/usr/bin/perl -w
+
+# (c) 2006-2007 by CAcert.org
+
+# Server (running on the certificate machine)
+
+use strict;
+use Device::SerialPort qw( :PARAM :STAT 0.07 );
+use POSIX;
+use IO::Select;
+use File::CounterFile;
+use Time::HiRes q(usleep);
+use IPC::Open3;
+use File::Copy;
+use Digest::SHA1 qw(sha1_hex);
+
+#Protocol version:
+my $ver=1;
+
+my $debug=0;
+
+my $paranoid=1;
+
+my $serialport="/dev/ttyUSB0";
+#my $serialport="/dev/ttyS0";
+
+my $CPSUrl="http://www.cacert.org/cps.php";
+
+my $OCSPUrl="http://ocsp.cacert.org/";
+
+my $gpgbin="/usr/bin/gpg";
+
+my $opensslbin="/usr/bin/openssl";
+
+my $work="./work";
+
+#my $gpgID='gpgtest@cacert.at';
+my $gpgID='gpg@cacert.org';
+
+
+my %PkiSystems=(
+"1"=>"X.509",
+"2"=>"OpenPGP");
+my %rootkeys=(
+"1"=>5, #X.509
+"2"=>1);#OpenPGP
+my %hashes=(
+"0"=>"",
+"1"=>"-md md5",
+"2"=>"-md sha1",
+"3"=>"-md rmd160",
+"8"=>"-md sha256",
+"9"=>"-md sha384",
+"10"=>"-md sha512");
+my %templates=(
+ "0"=>"client.cnf",
+ "1"=>"client-org.cnf",
+ "2"=>"client-codesign.cnf",
+ "3"=>"client-machine.cnf",
+ "4"=>"client-ads.cnf",
+ "5"=>"server.cnf",
+ "6"=>"server-org.cnf",
+ "7"=>"server-jabber.cnf",
+ "8"=>"ocsp.cnf",
+ "9"=>"timestamp.cnf",
+ "10"=>"proxy.cnf",
+ "11"=>"subca.cnf"
+);
+
+my $starttime=5*60; # 5 minutes
+
+my %currenthash=();
+
+
+#End of configurations
+
+########################################################
+
+mkdir "$work",0700;
+mkdir "currentcrls";
+
+$ENV{'PATH'}='/usr/bin/:/bin';
+$ENV{'IFS'}="\n";
+$ENV{'LD_PRELOAD'}='';
+$ENV{'LD_LIBRARY_PATH'}='';
+$ENV{'LANG'}='';
+
+#Logging functions:
+sub SysLog($)
+{
+ my $date=strftime("%Y-%m-%d",localtime);
+ open LOG,">>logfile$date.txt";
+ return if(not defined($_[0]));
+ my $timestamp=strftime("%Y-%m-%d %H:%M:%S",localtime);
+ #$syslog->write($_[0]."\x00");
+ print LOG "$timestamp $_[0]";
+# print "$timestamp $_[0]";
+ flush LOG;
+ close LOG;
+}
+
+sub Error($)
+{
+ SysLog($_[0]);
+ if($paranoid)
+ {
+ die $_[0];
+ }
+}
+
+sub readfile($)
+{
+ my $olds=$/;
+ open READIN,"<$_[0]";
+ undef $/;
+ my $content=<READIN>;
+ close READIN;
+ $/=$olds;
+ return $content;
+}
+
+
+#Hexdump function: Returns the hexdump representation of a string
+sub hexdump($)
+{
+ return "" if(not defined($_[0]));
+ my $content="";
+ $content.=sprintf("%02X ",unpack("C",substr($_[0],$_,1))) foreach (0 .. length($_[0])-1);
+ return $content;
+}
+
+#pack3 packs together the length of the data in 3 bytes and the data itself, size limited to 16MB. In case the data is more than 16 MB, it is ignored, and a 0 Byte block is transferred
+sub pack3
+{
+ return "\x00\x00\x00" if(!defined($_[0]));
+ my $data=(length($_[0]) >= 2**24)? "":$_[0];
+ my $len=pack("N",length($data));
+ #print "len: ".length($data)."\n";
+ return substr($len,1,3).$data;
+}
+
+
+#unpack3 unpacks packed data.
+sub unpack3($)
+{
+ return undef if((not defined($_[0])) or length($_[0])<3);
+ #print "hexdump: ".hexdump("\x00".substr($_[0],0,3))."\n";
+ my $len=unpack("N","\x00".substr($_[0],0,3));
+ #print "len3: $len length(): ".length($_[0])." length()-3: ".(length($_[0])-3)."\n";
+ return undef if(length($_[0])-3 != $len);
+ return substr($_[0],3);
+}
+
+
+#unpack3array extracts a whole array of concatented packed data.
+sub unpack3array($)
+{
+ my @retarr=();
+ if((not defined($_[0])) or length($_[0])<3)
+ {
+ SysLog "Datenanfang kaputt\n";
+ return ();
+ }
+ my $dataleft=$_[0];
+ while(length($dataleft)>=3)
+ {
+ #print "hexdump: ".hexdump("\x00".substr($dataleft,0,3))."\n";
+ my $len=unpack("N","\x00".substr($dataleft,0,3));
+ #print "len3: $len length(): ".length($dataleft)." length()-3: ".(length($dataleft)-3)."\n";
+ if(length($dataleft)-3 < $len)
+ {
+ SysLog "Datensatz abgeschnitten\n";
+ return ();
+ }
+ push @retarr, substr($dataleft,3,$len);
+ $dataleft=substr($dataleft,3+$len);
+ }
+ if(length($dataleft)!=0)
+ {
+ SysLog "Ende abgeschnitten\n";
+ return ();
+ }
+ return @retarr;
+}
+
+
+
+
+my $timestamp=strftime("%Y-%m-%d %H:%M:%S",localtime);
+
+SysLog("Starting Server at $timestamp\n");
+
+SysLog("Opening Serial interface:\n");
+#if(1)
+#{
+
+sub SerialSettings
+{
+ my $PortObj=$_[0];
+ Error "Could not open Serial Port!\n" if(!defined($PortObj));
+ $PortObj->baudrate(115200);
+ $PortObj->parity("none");
+ $PortObj->databits(8);
+ $PortObj->stopbits(1);
+}
+
+#We have to open the SerialPort and close it again, so that we can bind it to a Handle
+my $PortObj = new Device::SerialPort($serialport);
+SerialSettings($PortObj);
+$PortObj->save("serialserver.conf");
+#}
+undef $PortObj;
+
+$PortObj = tie (*SER, 'Device::SerialPort', "serialserver.conf") || Error "Can't tie using Configuration_File_Name: $!\n";
+
+Error "Could not open Serial Interface!\n" if(not defined($PortObj));
+SerialSettings($PortObj);
+#open SER,">$serialport";
+
+SysLog("Serial interface opened: $PortObj\n");
+
+
+#Creating select() selector for improved reading:
+my $sel = new IO::Select( \*SER );
+
+#Raw send function over the Serial Interface (+debugging)
+sub SendIt($)
+{
+ return unless defined($_[0]);
+ SysLog "Sending ".length($_[0])."\n"; #hexdump($_[0])."\n";
+ my $data=$_[0];
+ my $runcount=0;
+ my $total=0;
+ my $mtu=30;
+ while(length($data))
+ {
+ my $iwrote=scalar($PortObj->write(substr($data,0,$mtu)))||0;
+ usleep(270*$iwrote+9000); # On Linux, we have to wait to make sure it is being sent, and we dont loose any data.
+ $total+=$iwrote;
+ $data=substr($data,$iwrote);
+ print "i wrote: $iwrote total: $total left: ".length($data)."\n" if(!($runcount++ %10));
+ }
+
+# print "Sending ".length($_[0])."\n"; #hexdump($_[0])."\n";
+# foreach(0 .. length($_[0]))
+# {
+# $PortObj->write(substr($_[0],$_,1));
+# }
+
+}
+
+
+#Send data over the Serial Interface with handshaking:
+#Warning: This function is implemented paranoid. It exits the program in case something goes wrong.
+sub SendHandshakedParanoid($)
+{
+ #print "Shaking hands ...\n";
+ SendIt("\x02");
+
+ Error "Handshake uncompleted. Connection lost!" if(!scalar($sel->can_read(2)));
+ my $data="";
+ usleep(1000000);
+ my $length=read SER,$data,1;
+ if($length && $data eq "\x10")
+ {
+ print "OK ...\n";
+ my $xor=0;
+ foreach(0 .. length($_[0])-1)
+ {
+ #print "xor mit ".unpack("C",substr($_[0],$_,1))."\n";
+ $xor ^= unpack("C",substr($_[0],$_,1));
+ }
+ #print "XOR: $xor\n";
+
+ my $tryagain=1;
+ while($tryagain)
+ {
+ SendIt($_[0].pack("C",$xor)."rie4Ech7");
+
+ Error "Packet receipt was not confirmed in 5 seconds. Connection lost!" if(!scalar($sel->can_read(5)));
+
+ $data="";
+ $length=read SER,$data,1;
+
+ if($length && $data eq "\x10")
+ {
+ SysLog "Sent successfully!...\n";
+ $tryagain=0;
+ }
+ elsif($length && $data eq "\x11")
+ {
+ $tryagain=1;
+ }
+ else
+ {
+ Error "I cannot send! $length ".unpack("C",$data)."\n";
+ }
+ }
+
+ }
+ else
+ {
+ print "!Cannot send! $length $data\n";
+ Error "!Stopped sending.\n";
+ }
+}
+
+sub Receive
+{
+ my $data="";
+ my @ready = $sel->can_read(20);
+
+ my $length=read SER,$data,1,0;
+
+ #SysLog "Data: ".hexdump($data)."\n";
+
+ if($data eq "\x02")
+ {
+ my $modus=1;
+ SysLog "Start received, sending OK\n";
+ SendIt("\x10");
+
+ my $block="";
+ my $blockfinished=0;
+ my $tries=10000;
+
+ while(!$blockfinished)
+ {
+ Error("Tried reading too often\n") if(($tries--)<=0);
+
+ $data="";
+ if(!scalar($sel->can_read(2)))
+ {
+ SysLog("Timeout!\n");
+ return;
+ }
+ $length=read SER,$data,100,0;
+ if($length)
+ {
+ $block.=$data;
+ }
+ #SysLog("Received: $length ".length($block)."\n");
+ $blockfinished=defined(unpack3(substr($block,0,-9)))?1:0;
+
+ if(!$blockfinished and substr($block,-8,8) eq "rie4Ech7")
+ {
+ SysLog "BROKEN Block detected!";
+ SendIt("\x11");
+ $block="";
+ $blockfinished=0;
+ $tries=10000;
+ }
+
+ }
+ SysLog "Block done: \n";#.hexdump($block)."\n";
+ SendIt("\x10");
+ SysLog "Returning block\n";
+ return($block);
+ }
+ else
+ {
+ Error("Error: No Answer received, Timeout.\n") if(length($data)==0);
+ Error("Error: Wrong Startbyte: ".hexdump($data)." !\n");
+ }
+
+ SysLog "Waiting on next request ...\n";
+
+}
+
+
+#Checks the CRC of a received block for validity
+#Returns 1 upon successful check and 0 for a failure
+sub CheckCRC($)
+{
+ my $block=$_[0];
+ return 0 if(length($_[0])<1);
+ return 1 if($_[0] eq "\x00");
+ my $xor=0;
+ foreach(0 .. length($block)-2)
+ {
+ #print "xor mit ".unpack("C",substr($block,$_,1))."\n";
+ $xor ^= unpack("C",substr($block,$_,1));
+ }
+ #print "XOR: $xor BCC: ".unpack("C",substr($block,-1,1))."\n";
+ if($xor eq unpack("C",substr($block,-1,1)))
+ {
+ #print "Checksum correct\n";
+ return 1;
+ }
+ else
+ {
+ #print "Checksum on received packet wrong!\n";
+ return 0;
+ }
+
+}
+
+#Formatting and sending a Response packet
+sub Response($$$$$$$)
+{
+ SendHandshakedParanoid(pack3(pack3(pack("C*",$_[0],$_[1],$_[2],$_[3])).pack3($_[4]).pack3($_[5]).pack3($_[6])));
+}
+
+
+#Checks the parameters, whether the certificate system (OpenPGP, X.509, ...) is available,
+#whether the specified root key is available, whether the config file is available, ...
+#Returns 1 upon success, and dies upon error!
+sub CheckSystem($$$$)
+{
+ my ($system,$root,$template,$hash)=@_;
+ if(not defined($templates{$template}))
+ {
+ Error "Template unknown!\n";
+ }
+ if(not defined($hashes{$hash}))
+ {
+ Error "Hash algorithm unknown!\n";
+ }
+ if(defined($rootkeys{$system}))
+ {
+ if($root<$rootkeys{$system})
+ {
+ return 1;
+ }
+ else
+ {
+ Error "Identity System $system has only $rootkeys{$system} root keys, key $root does not exist.\n";
+ }
+ }
+ else
+ {
+ Error "Identity System $system not supported";
+ }
+
+ return 0;
+}
+
+
+#Selects the specified config file for OpenSSL and makes sure that the specified config file exists
+#Returns the full path to the config file
+sub X509ConfigFile($$)
+{
+ my ($root,$template)=@_;
+ my $opensslcnf="";
+ if($root==0)
+ {
+ $opensslcnf="/etc/ssl/openssl-$templates{$template}";
+ }
+ elsif($root==1)
+ {
+ $opensslcnf="/etc/ssl/class3-$templates{$template}";
+ }
+ elsif($root==2)
+ {
+ $opensslcnf="/etc/ssl/class3s-$templates{$template}";
+ }
+ else
+ {
+ $opensslcnf="/etc/ssl/root$root/$templates{$template}";
+ }
+ # Check that the config file exists
+ Error "Config file does not exist: $opensslcnf!" unless (-f $opensslcnf);
+
+ return $opensslcnf;
+}
+
+sub CreateWorkspace()
+{
+ mkdir "$work",0700;
+ my $id = (new File::CounterFile "./$work/.counter", "0")->inc;
+ mkdir "$work/".int($id/1000),0700;
+ mkdir "$work/".int($id/1000)."/".($id%1000),0700;
+ my $wid="$work/".int($id/1000)."/".($id%1000);
+ SysLog "Creating Working directory: $wid\n";
+ return $wid;
+}
+
+
+sub SignX509($$$$$$$$)
+{
+ my ($root,$template,$hash,$days,$spkac,$request,$san,$subject)=@_;
+
+ my $wid=CreateWorkspace();
+
+ my $opensslcnf=X509ConfigFile($root,$template);
+
+ print "Subject: $subject\n";
+ print "SAN: $san\n";
+
+
+ $subject=~ s/\\x([A-F0-9]{2})/pack("C", hex($1))/egi;
+ $san=~ s/\\x([A-F0-9]{2})/pack("C", hex($1))/egi;
+
+ Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/);
+ Error "Invalid characters in Subject: ".hexdump($subject)." - $subject\n" if($subject=~m/[\n\r\t\x00#"'\\]/);
+
+ print "Subject: $subject\n";
+ print "SAN: $san\n";
+
+ my $extfile="";
+ if($templates{$template}=~m/server/) #??? Should we really do that for all and only for server certs?
+ {
+ open OUT,">$wid/extfile";
+ print OUT "basicConstraints = critical, CA:FALSE\n";
+ print OUT "keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement\n";
+ print OUT "extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC\n";
+ print OUT "authorityInfoAccess = OCSP;URI:$OCSPUrl\n";
+
+ my $CRLUrl="";
+ if($root==0)
+ {
+ $CRLUrl="http://crl.cacert.org/revoke.crl";
+ }
+ elsif($root==1)
+ {
+ $CRLUrl="http://crl.cacert.org/class3-revoke.crl";
+ }
+ elsif($root==2)
+ {
+ $CRLUrl="http://crl.cacert.org/class3s-revoke.crl";
+ }
+ else
+ {
+ $CRLUrl="http://crl.cacert.org/root${root}.crl";
+ }
+ print OUT "crlDistributionPoints = URI:${CRLUrl}\n";
+ print OUT "subjectAltName = $san\n" if(length($san));
+ close OUT;
+ $extfile=" -extfile $wid/extfile ";
+ }
+
+ my $cmd=($request=~m/SPKAC\s*=/)?"-spkac":"-subj '$subject' -in";
+
+ #my $cmd=$spkac?"-spkac":"-subj '$subject' -in";
+
+
+ if(open OUT,">$wid/request.csr")
+ {
+ print OUT $request;
+ close OUT;
+
+ my $do = `$opensslbin ca $hashes{$hash} -config $opensslcnf $cmd $wid/request.csr -out $wid/output.crt -days $days -key test -batch $extfile 2>&1`;
+
+ SysLog $do;
+
+
+ if(open IN,"<$wid/output.crt")
+ {
+ undef $/;
+ my $content=<IN>;
+ close IN;
+ $/="\n";
+
+ $content=~s/^.*-----BEGIN/-----BEGIN/s;
+ SysLog "Antworte...\n";
+ Response($ver,1,0,0,$content,"","");
+ SysLog "Done.\n";
+ if(!$debug)
+ {
+ unlink "$wid/output.crt";
+ unlink "$wid/request.csr";
+ unlink "$wid/extfile";
+ }
+ }
+ else
+ {
+ Error("Could not read the resulting certificate.\n");
+ }
+ }
+ else
+ {
+ Error("Could not save request.\n");
+ }
+ unlink "$wid";
+}
+
+sub SignOpenPGP
+{
+ my ($root,$template,$hash,$days,$spkac,$request,$san,$subject)=@_;
+
+ my $wid=CreateWorkspace();
+
+ if(! -f "secring$root.gpg")
+ {
+ Error "Root Key not found: secring$root.gpg !\n";
+ }
+
+ copy("secring$root.gpg","$wid/secring.gpg");
+ copy("pubring$root.gpg","$wid/pubring.gpg");
+
+ my $keyid=undef;
+
+ Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/);
+ Error "Invalid characters in Subject!\n" if($subject=~m/[ \n\r\t\x00#"'\\;]/);
+
+
+ if(open OUT,">$wid/request.key")
+ {
+ print OUT $request;
+ close OUT;
+
+
+#!!!! ?!?
+ #my $homedir=-w "/root/.gnupg" ? "/root/.gnupg":"$wid/";
+ my $homedir="$wid/";
+
+ {
+ SysLog "Running GnuPG in $homedir...\n";
+ my ($stdin,$stdout,$stderr) = (IO::Handle->new(),IO::Handle->new(),IO::Handle->new());
+
+
+ SysLog "Importiere $gpgbin --no-tty --homedir $homedir --import $wid/request.key\n";
+
+ my $pid = open3($stdin,$stdout,$stderr, "$gpgbin --no-tty --homedir $homedir --command-fd 0 --status-fd 1 --logger-fd 2 --with-colons --import $wid/request.key");
+
+ if (!$pid) {
+ Error "Cannot fork GnuPG.";
+ }
+ $/="\n";
+ while(<$stdout>)
+ {
+ SysLog "Received from GnuPG: $_\n";
+ if(m/^\[GNUPG:\] GOT_IT/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] GET_BOOL keyedit\.setpref\.okay/)
+ {
+ print $stdin "no\n";
+ }
+ elsif(m/^\[GNUPG:\] ALREADY_SIGNED/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] GOOD_PASSPHRASE/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] KEYEXPIRED/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] SIGEXPIRED/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] IMPORT_OK/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] IMPORT_RES/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] IMPORTED ([0-9A-F]{16})/)
+ {
+ Error "More than one OpenPGP sent at once!" if(defined($keyid));
+ $keyid=$1;
+ }
+ elsif(m/^\[GNUPG:\] NODATA/)
+ {
+ # To crash or not to crash, thats the question.
+ }
+ else
+ {
+ Error "ERROR: UNKNOWN $_\n";
+ }
+
+ }
+
+ while(<$stderr>)
+ {
+
+ SysLog "Received from GnuPG on stderr: $_\n";
+
+ if(m/^key ([0-9A-F]{8}): public key/)
+ {
+ #$keyid=$1;
+ }
+ }
+
+ waitpid($pid,0);
+
+ }
+
+ Error "No KeyID found!" if(!defined($keyid));
+
+
+ SysLog "Running GnuPG to Sign...\n";
+
+ {
+ my ($stdin,$stdout,$stderr) = (IO::Handle->new(),IO::Handle->new(),IO::Handle->new());
+
+
+
+ $ENV{'LANG'}="";
+
+ my $line="$gpgbin --no-tty --default-key $gpgID --homedir $homedir --default-cert-expire $days"."d --ask-cert-expire --cert-policy-url $CPSUrl --command-fd 0 --status-fd 1 --logger-fd 2 --sign-key $keyid ";
+ SysLog($line."\n");
+
+ my $pid = open3($stdin,$stdout,$stderr,$line);
+
+ if (!$pid) {
+ Error "Cannot fork GnuPG.";
+ }
+ SysLog "Got PID $pid\n";
+ while(<$stdout>)
+ {
+ SysLog "Received from GnuPG: $_\n";
+ if(m/^\[GNUPG:\] GET_BOOL keyedit\.sign_all\.okay/)
+ {
+ print $stdin "yes\n";
+ }
+ elsif(m/^\[GNUPG:\] GOT_IT/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] GET_BOOL sign_uid\.okay/)
+ {
+ print $stdin "yes\n";
+ }
+ elsif(m/^\[GNUPG:\] GET_BOOL sign_uid\.expire_okay/)
+ {
+ print $stdin "yes\n";
+ }
+ elsif(m/^\[GNUPG:\] GET_LINE siggen\.valid\s?$/)
+ {
+ print $stdin "$days\n";
+ }
+ elsif(m/^\[GNUPG:\] GET_LINE sign_uid\.expire\s?$/)
+ {
+ print "DETECTED: Do you want your signature to expire at the same time? (Y/n) -> yes\n";
+ print $stdin "no\n";
+ }
+ elsif(m/^\[GNUPG:\] GET_BOOL sign_uid\.replace_expired_okay/)
+ {
+ print $stdin "yes\n";
+ }
+ elsif(m/^\[GNUPG:\] GET_BOOL sign_uid\.dupe_okay/)
+ {
+ print $stdin "yes\n";
+ }
+ elsif(m/^\[GNUPG:\] GET_BOOL keyedit\.sign_revoked\.okay/)
+ {
+ print $stdin "no\n";
+ }
+ elsif(m/^\[GNUPG:\] GET_BOOL sign_uid\.revoke_okay/)
+ {
+ print $stdin "no\n";
+ }
+ elsif(m/^\[GNUPG:\] GET_BOOL sign_uid\.expired_okay/)
+ {
+ print "The key has already expired!!!\n";
+ print $stdin "no\n";
+ }
+ elsif(m/^\[GNUPG:\] GET_BOOL sign_uid\.nosig_okay/)
+ {
+ print $stdin "no\n";
+ }
+ elsif(m/^\[GNUPG:\] GET_BOOL sign_uid\.v4_on_v3_okay/)
+ {
+ print $stdin "no\n";
+ }
+ elsif(m/^\[GNUPG:\] GET_BOOL keyedit\.setpref\.okay/)
+ {
+ print $stdin "no\n";
+ }
+ elsif(m/^\[GNUPG:\] ALREADY_SIGNED/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] GOOD_PASSPHRASE/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] KEYEXPIRED/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] SIGEXPIRED/)
+ {
+ }
+ elsif(m/^\[GNUPG:\] NODATA/)
+ {
+ # To crash or not to crash, thats the question.
+ }
+ else
+ {
+ Error "ERROR: UNKNOWN $_\n";
+ }
+ }
+
+ while(<$stderr>)
+ {
+
+ SysLog "Received from GnuPG on stderr: $_\n";
+
+ if(m/^key ([0-9A-F]{8}): public key/)
+ {
+ #$keyid=$1;
+ }
+ }
+
+
+
+ waitpid($pid,0);
+
+ }
+
+#$do = `( $extras echo "365"; echo "y"; echo "2"; echo "y")|$gpgbin --no-tty --default-key gpg@cacert.org --homedir $homedir --batch --command-fd 0 --status-fd 1 --cert-policy-url http://www.cacert.org/index.php?id=10 --ask-cert-expire --sign-key $row[email] 2>&1`;
+
+ SysLog "Running GPG to export...\n";
+
+ my $do = `$gpgbin --no-tty --homedir $homedir --export --armor $keyid > $wid/result.key`;
+ SysLog $do;
+ $do = `$gpgbin --no-tty --homedir $homedir --batch --yes --delete-key $keyid 2>&1`;
+ SysLog $do;
+
+ if(open IN,"<$wid/result.key")
+ {
+ undef $/;
+ my $content=<IN>;
+ close IN;
+ $/="\n";
+
+ $content=~s/^.*-----BEGIN/-----BEGIN/s;
+ SysLog "Antworte...\n";
+ Response($ver,2,0,0,$content,"","");
+ SysLog "Done.\n";
+
+ if(!$debug)
+ {
+ unlink "$wid/request.key";
+ unlink "$wid/result.key";
+ }
+
+ }
+ else
+ {
+ SysLog "NO Resulting Key found!";
+ }
+ }
+ else
+ {
+ Error "Kann Request nicht speichern!\n";
+ }
+
+ unlink("$wid/secring.gpg");
+ unlink("$wid/pubring.gpg");
+ unlink("$wid");
+}
+
+sub RevokeX509
+{
+ my ($root,$template,$hash,$days,$spkac,$request,$san,$subject)=@_;
+
+ Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/);
+ Error "Invalid characters in Hash!\n" if(! $subject=~m/^[0-9a-fA-F]+$/);
+
+ SysLog "Widerrufe $PkiSystems{$_[0]}\n";
+ SysLog "Aktueller Hash vom Webserver: $subject\n";
+
+ my $iscurrent=0;
+
+ $currenthash{$root}=sha1_hex(readfile("revoke-root$root.crl"));
+
+ print "Aktueller Hash vom Signingserver: $currenthash{$root}\n";
+
+ if($subject eq $currenthash{$root})
+ {
+ print "Hash matches current CRL.\n";
+ print "Deleting old CRLs...\n";
+ foreach (<currentcrls/$root/*>)
+ {
+ if($_ ne "currentcrls/$root/$subject.crl")
+ {
+ print "Deleting $_\n";
+ unlink $_ ;
+ }
+ }
+ print "Done with deleting old CRLs.\n";
+ $iscurrent=1;
+ }
+
+ my $wid=CreateWorkspace();
+
+ my $opensslcnf=X509ConfigFile($root,$template);
+
+ if(open OUT,">$wid/request.crt")
+ {
+ print OUT $request;
+ close OUT;
+
+ my $do = `$opensslbin ca $hashes{$hash} -config $opensslcnf -key test -batch -revoke $wid/request.crt > /dev/null 2>&1`;
+ $do = `$opensslbin ca $hashes{$hash} -config $opensslcnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out $wid/cacert-revoke.crl > /dev/null 2>&1`;
+ $do = `$opensslbin crl -inform PEM -in $wid/cacert-revoke.crl -outform DER -out $wid/revoke.crl > /dev/null 2>&1`;
+ unlink "$wid/cacert-revoke.crl";
+
+ if(open IN,"<$wid/revoke.crl")
+ {
+ undef $/;
+ my $content=<IN>;
+ close IN;
+ $/="\n";
+ unlink "$wid/revoke.crl";
+
+ mkdir "currentcrls/$root";
+ my $newcrlname="currentcrls/$root/".sha1_hex($content).".crl";
+ open OUT,">$newcrlname";
+ print OUT $content;
+ close OUT;
+
+ if($iscurrent)
+ {
+ SysLog "Schicke aktuelles Delta...\n";
+ system "xdelta delta revoke-root$root.crl $newcrlname delta$root.diff";
+ Response($ver,2,0,0,readfile("delta$root.diff"),"","");
+ #Response($ver,2,0,0,$content,"","");
+ }
+ else
+ {
+ if(-f "currentcrls/$root/$subject.crl")
+ {
+ SysLog "Schicke altes Delta...\n";
+ system "xdelta delta currentcrls/$root/$subject.crl $newcrlname delta$root.diff";
+
+ Response($ver,2,0,0,readfile("delta$root.diff"),"","");
+ #Response($ver,2,0,0,$content,"","");
+ }
+ else
+ {
+ SysLog "Out of Sync! Sending empty CRL...\n";
+ Response($ver,2,0,0,"","",""); # CRL !!!!!!!!!
+ }
+ }
+
+ open OUT,">revoke-root$root.crl";
+ print OUT $content;
+ close OUT;
+
+
+ SysLog "Done.\n";
+ }
+ }
+ unlink "$wid";
+}
+
+
+sub analyze($)
+{
+ SysLog "Analysiere ...\n";
+ #SysLog hexdump($_[0])."\n";
+
+ my @fields=unpack3array(substr($_[0],3,-9));
+ Error "Wrong number of parameters: ".scalar(@fields)."\n" if(scalar(@fields)!=4);
+
+ SysLog "Header: ".hexdump($fields[0])."\n";
+ my @bytes=unpack("C*",$fields[0]);
+
+ Error "Header too short!\n" if(length($fields[0])<3);
+
+ Error "Version mismatch. Server does not support version $bytes[0], server only supports version $ver!\n" if($bytes[0]!=$ver);
+
+ Error "Header has wrong length: ".length($fields[0])."!\n" if(length($fields[0])!=9);
+
+ if($bytes[1] == 0) # NUL Request
+ {
+ SysLog "NUL Request detected.\n";
+ if($fields[1] =~ /^\d+\.\d+$/)
+ {
+ open OUT,">timesync.sh";
+ print OUT "date -u '$fields[1]'\n";
+ print OUT "hwclock --systohc\n";
+ close OUT;
+ }
+ Response($ver,0,0,0,"","","");
+ }
+ elsif($bytes[1]==1) # Sign Request
+ {
+ SysLog "SignRequest detected...\n";
+ CheckSystem($bytes[2],$bytes[3],$bytes[4],$bytes[5]);
+ if($bytes[2]==1)
+ {
+ SignX509($bytes[3],$bytes[4],$bytes[5],($bytes[6]<<8)+$bytes[7], $bytes[8],$fields[1],$fields[2],$fields[3]);
+ }
+ elsif($bytes[2]==2)
+ {
+ SignOpenPGP($bytes[3],$bytes[4],$bytes[5],($bytes[6]<<8)+$bytes[7], $bytes[8],$fields[1],$fields[2],$fields[3]);
+ }
+ }
+ elsif($bytes[1]==2) # Revocation Request
+ {
+ SysLog "Revocation Request ...\n";
+ CheckSystem($bytes[2],$bytes[3],$bytes[4],$bytes[5]);
+ if($bytes[2]==1)
+ {
+ RevokeX509($bytes[3],$bytes[4],$bytes[5],($bytes[6]<<8)+$bytes[7], $bytes[8],$fields[1],$fields[2],$fields[3]);
+ }
+ }
+ else
+ {
+ Error "Unknown command\n";
+ }
+
+}
+
+SysLog "Server started. Waiting 5 minutes for contact from client ...\n";
+
+#When started, we wait for 5 minutes for the client to connect:
+my @ready=$sel->can_read($starttime);
+
+
+my $count=0;
+
+#As soon as the client connected successfully, the client has to send a request faster than every 10 seconds
+while(@ready = $sel->can_read(15) && -f "./server.pl-active")
+{
+ my $data="";
+ #my $length=read SER,$data,1;
+
+ #SysLog "Data: ".hexdump($data)."\n";
+
+ #Receive();
+
+ $data=Receive();
+ SysLog "Analysing ...\n";
+ analyze($data);
+
+# if($data eq "\x02")
+# {
+# #SysLog "Start empfangen, sende OK\n";
+# SendIt("\x10");
+#
+# my $block="";
+# my $blockfinished=0;
+# my $tries=10000;
+#
+# while(!$blockfinished)
+# {
+# Error "Tried reading too often\n" if(($tries--)<=0);
+#
+# $data="";
+# @ready = $sel->can_read(2);
+# $length=read SER,$data,100;
+# if($length)
+# {
+# $block.=$data;
+# }
+# $blockfinished=defined(unpack3(substr($block,0,-1)))?1:0;
+# }
+# #SysLog "Block done: ".hexdump($block)."\n";
+# if(CheckCRC($block))
+# {
+# SendIt("\x10");
+# analyze($block);
+# }
+# else
+# {
+# Error "CRC Error\n";
+# }
+# }
+# else
+# {
+# Error "Error: Wrong Startbyte!\n";
+# }
+
+ $count++;
+
+ SysLog "$count requests processed. Waiting on next request ...\n";
+
+}
+
+
+Error "Timeout! No data from client anymore!\n";
+
diff --git a/CommModule/usbclient.pl b/CommModule/usbclient.pl
index 3cbe2c3..6cbc111 100755
--- a/CommModule/usbclient.pl
+++ b/CommModule/usbclient.pl
@@ -425,7 +425,7 @@ sub calculateDays($)
{
if($_[0])
{
- my @sum = $dbh->selectrow_array("select sum(`points`) as `total` from `notary` where `to`='".$_[0]."' group by `to`");
+ my @sum = $dbh->selectrow_array("select sum(`points`) as `total` from `notary` where `to`='".$_[0]."' and `deleted`=0 group by `to`");
SysLog("Summe: $sum[0]\n") if($debug);
return ($sum[0]>=50)?730:180;
diff --git a/Makefile b/Makefile
deleted file mode 100644
index 914d979..0000000
--- a/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-all:
- xgettext -s -o messages.po --no-wrap --foreign-user includes/*.php www/*.php pages/account/*.php pages/index/*.php pages/wot/*.php pages/gpg/*.php pages/disputes/*.php pages/help/*.php pages/disputes/*.php scripts/removedead.php
- perl cacertupload.pl
- cd locale; php make.php
-
-other: all
- cat messages.po|sed "s/CHARSET/iso-8859-1/"|sed "s/PACKAGE VERSION/CAcert/"|sed "s/This file is put in the public domain./This file is distributed under the same license as the CAcert package./"|sed "s/# SOME DESCRIPTIVE TITLE.//" > messages.po
diff --git a/README b/README
index 6e07b04..7f2ca78 100644
--- a/README
+++ b/README
@@ -9,6 +9,7 @@ PHP
GetText
UFPDF - PDF generation library from http://acko.net/node/56
OpenSSL - X.509 toolkit from http://www.openssl.org/
+openssl-vulnkey including blacklists for all common key sizes
GnuPG - OpenPGP toolkit from http://www.gnupg.org/
whois - whois client from http://www.linux.it/~md/software/
XEnroll - Enrollment Active-X control for IE5/6 from Microsoft (search for xenroll.cab)
diff --git a/cacertupload.pl b/cacertupload.pl
deleted file mode 100644
index 4c883c8..0000000
--- a/cacertupload.pl
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/usr/bin/perl
-
-#LibreSSL - CAcert web application
-#Copyright (C) 2004-2008 CAcert Inc.
-#
-#This program is free software; you can redistribute it and/or modify
-#it under the terms of the GNU General Public License as published by
-#the Free Software Foundation; version 2 of the License.
-#
-#This program is distributed in the hope that it will be useful,
-#but WITHOUT ANY WARRANTY; without even the implied warranty of
-#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#GNU General Public License for more details.
-#
-#You should have received a copy of the GNU General Public License
-#along with this program; if not, write to the Free Software
-#Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-
-use LWP::UserAgent;
-$ua = LWP::UserAgent->new(agent => 'Translingo Client 1.0');
-use HTTP::Request::Common qw(POST);
-
-$ua->cookie_jar({});
-$ua->timeout(10000);
-
-my $req = POST 'http://translingo.cacert.org/login.php',
-[
-];
-# ggf. Referer faken
-$req->referer('http://translingo.cacert.org/');
- $ua->request($req)->as_string;
-
-# 1.Test - Umgebung
-my $req = POST 'http://translingo.cacert.org/login.php',
-[
- username => 'support@cacert.org',
- password => 'ilccSSAMNIemU',
- submit => 'Login',
-];
-# ggf. Referer faken
-$req->referer('http://translingo.cacert.org/');
-$ua->request($req)->as_string;
-
-# 2.Test - FileUpload
-my $req = POST 'http://translingo.cacert.org/upload.php',
-Content_Type => 'form-data',
-Content => [
- project => '1',
- fileformat => '1',
- pofile => ["messages.po" => "messages.po", 'Content_Type' => "application/x-gettext"],
-];
-print $ua->request($req)->as_string;
-
diff --git a/cgi-bin/CVS/Entries b/cgi-bin/CVS/Entries
deleted file mode 100644
index 883ec37..0000000
--- a/cgi-bin/CVS/Entries
+++ /dev/null
@@ -1,2 +0,0 @@
-/siteseal.cgi/1.4/Sun Apr 6 19:45:25 2008//
-D
diff --git a/cgi-bin/CVS/Repository b/cgi-bin/CVS/Repository
deleted file mode 100644
index 0dca230..0000000
--- a/cgi-bin/CVS/Repository
+++ /dev/null
@@ -1 +0,0 @@
-cacert/cgi-bin
diff --git a/cgi-bin/CVS/Root b/cgi-bin/CVS/Root
deleted file mode 100644
index a363882..0000000
--- a/cgi-bin/CVS/Root
+++ /dev/null
@@ -1 +0,0 @@
-/var/lib/cvs
diff --git a/includes/.gitignore b/includes/.gitignore
new file mode 100644
index 0000000..9ac2156
--- /dev/null
+++ b/includes/.gitignore
@@ -0,0 +1 @@
+mysql.php
diff --git a/includes/CVS/Entries b/includes/CVS/Entries
deleted file mode 100644
index b077642..0000000
--- a/includes/CVS/Entries
+++ /dev/null
@@ -1,12 +0,0 @@
-/mysql.php.sample/1.10/Sun Apr 6 19:45:25 2008//
-/shutdown.php/1.2/Sun Apr 6 19:45:25 2008//
-/.cvsignore/1.2/Thu Sep 4 13:54:37 2008//
-/loggedin.php/1.17/Sun Nov 23 05:09:08 2008//
-/sponsorinfo.php/1.4/Sun May 31 16:50:55 2009//
-/tverify_stuff.php/1.6/Sun May 31 16:50:55 2009//
-/account.php/1.144/Sun Sep 20 17:38:19 2009//
-/about_menu.php/1.10/Mon Sep 21 18:27:01 2009//
-/account_stuff.php/1.53/Mon Sep 21 18:27:01 2009//
-/general.php/1.82/Mon Sep 21 18:27:01 2009//
-/general_stuff.php/1.46/Sat Sep 26 14:07:26 2009//
-D
diff --git a/includes/CVS/Repository b/includes/CVS/Repository
deleted file mode 100644
index 4cf480c..0000000
--- a/includes/CVS/Repository
+++ /dev/null
@@ -1 +0,0 @@
-cacert/includes
diff --git a/includes/CVS/Root b/includes/CVS/Root
deleted file mode 100644
index a363882..0000000
--- a/includes/CVS/Root
+++ /dev/null
@@ -1 +0,0 @@
-/var/lib/cvs
diff --git a/includes/about_menu.php b/includes/about_menu.php
index ff1e265..f34a274 100644
--- a/includes/about_menu.php
+++ b/includes/about_menu.php
@@ -2,18 +2,16 @@
<h3 class="pointer" onclick="explode('misc')">+ <?=_("About CAcert.org")?></h3>
<ul class="menu" id="misc">
<li><a href="http://blog.cacert.org/"><?=_("CAcert News")?></a></li>
- <li><a href="/help.php"><?=_("Howto Information")?></a></li>
<li><a href="http://wiki.CAcert.org/"><?=_("Wiki Documentation")?></a></li>
<li><a href="/policy/"><?=_("Policies")?></a></li>
- <li><a href="/index.php?id=19"><?=_("Point System")?></a></li>
- <li><a href="/policy/NRPDisclaimerAndLicence.php" target="_blank"><?=_("Disclaimer")?></a></li>
+ <li><a href="//wiki.cacert.org/FAQ/Privileges"><?=_("Point System")?></a></li>
<li><a href="http://bugs.CAcert.org/"><?=_("Bug Database")?></a></li>
<? // <li><a href="/index.php?id=47">< = _ ("PR Materials" ) > </a></li> ?>
<? // <li><a href="/logos.php">< ? = _ ( " CAcert Logos " ) ? > </a></li> ?>
<? if(array_key_exists('mconn',$_SESSION) && $_SESSION['mconn']) { ?> <li><a href="/stats.php"><?=_("CAcert Statistics")?></a></li> <? } ?>
<li><a href="http://blog.CAcert.org/feed/"><?=_("RSS News Feed")?></a></li>
<? //- <li><a href="/index.php?id=7"> < ? = _ ( " Credits " ) ? > </a></li> ?>
- <li><a href="/index.php?id=8"><?=_("CAcert Board")?></a></li>
+ <li><a href="//wiki.cacert.org/Board"><?=_("CAcert Board")?></a></li>
<li><a href="https://lists.cacert.org/wws"><?=_("Mailing Lists")?></a></li>
<li><a href="/src-lic.php"><?=_("Sourcecode")?></a></li>
</ul>
diff --git a/includes/account.php b/includes/account.php
index c264a09..6dacf2d 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -10,23 +10,84 @@
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
require_once("../includes/loggedin.php");
+ require_once("../includes/lib/l10n.php");
+ require_once("../includes/lib/check_weak_key.php");
+ require_once("../includes/notary.inc.php");
loadem("account");
- $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
- $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
- $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
+/**
+ * Build a subject string as needed by the signer
+ *
+ * @param array(string) $domains
+ * First domain is used as CN and repeated in subjectAltName. Duplicates
+ * should already been removed
+ *
+ * @param bool $include_xmpp_addr
+ * [default: true] Whether to include the XmppAddr in the subjectAltName.
+ * This is needed if the Jabber server is jabber.example.com but a Jabber ID
+ * on that server would be alice@example.com
+ *
+ * @return string
+ */
+function buildSubject(array $domains, $include_xmpp_addr = true) {
+ $subject = "/CN=${domains[0]}";
+
+ foreach ($domains as $domain) {
+ $subject .= "/subjectAltName=DNS:$domain";
+
+ if ($include_xmpp_addr) {
+ $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain";
+ }
+ }
+
+ return $subject;
+}
+
+/**
+ * Builds the subject string from the session variables
+ * $_SESSION['_config']['rows'] and $_SESSION['_config']['altrows']
+ *
+ * @return string
+ */
+function buildSubjectFromSession() {
+ $domains = array();
+
+ if (is_array($_SESSION['_config']['rows'])) {
+ $domains = array_merge($domains, $_SESSION['_config']['rows']);
+ }
+
+ if (is_array($_SESSION['_config']['altrows']))
+ foreach ($_SESSION['_config']['altrows'] as $row) {
+ if (substr($row, 0, 4) === "DNS:") {
+ $domains[] = substr($row, 4);
+ }
+ }
+
+ return buildSubject(array_unique($domains));
+}
- $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']);
- $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
- $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
- $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);
+ $id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0;
+ $oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
+ $process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : "";
+// $showdetalis refers to Secret Question and Answers from account/13.php
+ $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0;
+
+ $cert = array_key_exists('cert',$_REQUEST) ? intval($_REQUEST['cert']) : 0;
+ $orgid = array_key_exists('orgid',$_REQUEST) ? intval($_REQUEST['orgid']) : 0;
+ $memid = array_key_exists('memid',$_REQUEST) ? intval($_REQUEST['memid']) : 0;
+ $domid = array_key_exists('domid',$_REQUEST) ? intval($_REQUEST['domid']) : 0;
+
+ $actionrequest = array_key_exists('action',$_REQUEST) ? $_REQUEST['action'] : "";
+
+ $ticketno = array_key_exists('ticketno',$_REQUEST) ? $_REQUEST['ticketno'] : "";
+ $ticketvalidation = FALSE;
if(!$_SESSION['mconn'])
@@ -35,6 +96,12 @@
exit;
}
+ if ($process == _("Cancel"))
+ {
+ // General reset CANCEL process requests
+ $process = "";
+ }
+
if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
{
@@ -62,9 +129,7 @@
}
$oldid=0;
$_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
- $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ if(check_email_exists($_REQUEST['email'])==true)
{
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
@@ -75,7 +140,7 @@
if($checkemail != "OK")
{
showheader(_("My CAcert.org Account!"));
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
} else {
@@ -86,7 +151,7 @@
exit;
}
$hash = make_hash();
- $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
+ $query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -106,7 +171,7 @@
{
$id = 2;
$emailid = intval($_REQUEST['emailid']);
- $query = "select * from `email` where `id`='$emailid' and `memid`='".$_SESSION['profile']['id']."' and `hash` = '' and `deleted`=0";
+ $query = "select * from `email` where `id`='$emailid' and `memid`='".intval($_SESSION['profile']['id'])."' and `hash` = '' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@@ -116,9 +181,9 @@
exit;
}
$row = mysql_fetch_assoc($res);
- $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
- $body .= _("You are receiving this email because you or someone else")."\n";
- $body .= _("has changed the default email on your account.")."\n\n";
+ $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
+ $body .= _("You are receiving this email because you or someone else ".
+ "has changed the default email on your account.")."\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
@@ -126,7 +191,7 @@
"support@cacert.org", "", "", "CAcert Support");
$_SESSION['profile']['email'] = $row['email'];
- $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
+ $query = "update `users` set `email`='".mysql_real_escape_string($row['email'])."' where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
showheader(_("My CAcert.org Account!"));
printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
@@ -142,27 +207,22 @@
$delcount = 0;
if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
{
+ $deltitle=false;
foreach($_REQUEST['delid'] as $id)
{
+ if (!$deltitle) {
+ echo _('The following email addresses have been removed:')."<br>\n";
+ $deltitle=true;
+ }
$id = intval($id);
$query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
- `email`!='".$_SESSION['profile']['email']."'";
+ `email`!='".mysql_real_escape_string($_SESSION['profile']['email'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
- $query = "select `emailcerts`.`id`
- from `emaillink`,`emailcerts` where
- `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
- `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
- group by `emailcerts`.`id`";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
-
- $query = "update `email` set `deleted`=NOW() where `id`='$id'";
- mysql_query($query);
+ account_email_delete($row['id']);
$delcount++;
}
}
@@ -171,11 +231,9 @@
{
echo _("You did not select any email accounts for removal.");
}
- if($delcount > 0)
+ if(0 == $delcount)
{
- echo _("The following accounts have been removed:")."<br>\n";
- } else {
- echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
+ echo _("You did not select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
}
showfooter();
@@ -184,6 +242,14 @@
if($process != "" && $oldid == 3)
{
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
+
if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
{
showheader(_("My CAcert.org Account!"));
@@ -223,6 +289,9 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
}
+
+ $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
+
$csr = "";
if(trim($_REQUEST['optionalCSR']) == "")
{
@@ -232,6 +301,8 @@
$_REQUEST['keytype'] = "MS";
$csr = clean_csr($_REQUEST['optionalCSR']);
}
+
+ $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
}
if($oldid == 4)
@@ -255,7 +326,7 @@
if(is_array($_SESSION['_config']['addid']))
foreach($_SESSION['_config']['addid'] as $id)
{
- $res = mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `id`='".intval($id)."'");
+ $res = mysql_query("select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `id`='".intval($id)."'");
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
@@ -274,7 +345,7 @@
showfooter();
exit;
}
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
+ $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
if($_SESSION['_config']['SSO'] == 1)
$emails .= "$count.emailAddress = ".$user['uniqueID']."\n";
@@ -299,14 +370,27 @@
$_SESSION['_config']['rootcert'] = 1;
$emails .= "SPKAC = $spkac";
+ if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
+ {
+ $id = 4;
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
$query = "insert into emailcerts set
- `CN`='$defaultemail',
+ `CN`='$defaultemail',
`keytype`='NS',
`memid`='".intval($_SESSION['profile']['id'])."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
- `rootcert`='".intval($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@@ -317,19 +401,30 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $CSRname_esc = escapeshellarg($CSRname);
+ $res=shell_exec("openssl spkac -verify -in $CSRname_esc");
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
if($csr == "")
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
+
+ if (($weakKey = checkWeakKeyCSR($csr)) !== "")
+ {
+ $id = 4;
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
$tmpfname = tempnam("/tmp", "id4CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
@@ -340,8 +435,8 @@
$csrsubject="";
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
- if(strlen($user['mname']) == 1)
- $user['mname'] .= '.';
+ if(strlen($user['mname']) == 1)
+ $user['mname'] .= '.';
if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
$csrsubject = "/CN=CAcert WoT User";
if($_SESSION['_config']['incname'] == 1)
@@ -369,7 +464,9 @@
$csrsubject .= "/emailAddress = ".$user['uniqueID'];
$tmpname = tempnam("/tmp", "id4csr");
- $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`;
+ $tmpfname_esc = escapeshellarg($tmpfname);
+ $tmpname_esc = escapeshellarg($tmpname);
+ $do = shell_exec("/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc"); // -subj "$csr";
@unlink($tmpfname);
$csr = "";
$fp = fopen($tmpname, "r");
@@ -388,14 +485,17 @@
showfooter();
exit;
}
- $query = "insert into emailcerts set
- `CN`='$defaultemail',
+ $query = "insert into emailcerts set
+ `CN`='$defaultemail',
`keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
- `memid`='".$_SESSION['profile']['id']."',
+ `memid`='".intval($_SESSION['profile']['id'])."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='".mysql_real_escape_string($csrsubject)."',
- `codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `codesign`='".intval($_SESSION['_config']['codesign'])."',
+ `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
+ `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@@ -429,10 +529,10 @@
csrf_check("adddomain");
if(strstr($_REQUEST['newdomain'],"\x00"))
{
- showheader(_("My CAcert.org Account!"));
- echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
+ showfooter();
+ exit;
}
list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
@@ -470,7 +570,7 @@
$addy = array();
$adds = array();
if(strtolower(substr($newdom, -4, 3)) != ".jp")
- $adds = explode("\n", trim(`/usr/bin/whois $newdom|grep "@"`));
+ $adds = explode("\n", trim(shell_exec("/usr/bin/whois $newdom|grep \"@\"")));
if(substr($newdomain, -4) == ".org" || substr($newdomain, -5) == ".info")
{
if(is_array($adds))
@@ -488,6 +588,7 @@
$line = trim(str_replace("\t", " ", $line));
$line = trim(str_replace("(", "", $line));
$line = trim(str_replace(")", " ", $line));
+ $line = trim(str_replace(":", " ", $line));
$bits = explode(" ", $line);
foreach($bits as $bit)
@@ -546,7 +647,7 @@
{
showheader(_("My CAcert.org Account!"));
//echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
} else {
@@ -559,7 +660,7 @@
$hash = make_hash();
$query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
- `memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
+ `memid`='".intval($_SESSION['profile']['id'])."',`created`=NOW(),`hash`='$hash'";
mysql_query($query);
$domainid = mysql_insert_id();
@@ -587,17 +688,15 @@
foreach($_REQUEST['delid'] as $id)
{
$id = intval($id);
- $query = "select * from `domains` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
+ $query = "select * from `domains` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
echo $row['domain']."<br>\n";
- mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'");
- $dres = mysql_query("select * from `domlink` where `domid`='$id'");
- while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
+ account_domain_delete($row['id']);
}
+
}
}
else
@@ -611,22 +710,38 @@
if($process != "" && $oldid == 10)
{
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
+
$CSR = clean_csr($_REQUEST['CSR']);
- $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
- $fp = fopen($_SESSION['_config']['tmpfname'], "w");
if(strpos($CSR,"---BEGIN")===FALSE)
{
- // In case the CSR is missing the ---BEGIN lines, add them automatically:
- fputs($fp,"-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n");
+ // In case the CSR is missing the ---BEGIN lines, add them automatically:
+ $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
}
- else
+
+ if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
- fputs($fp, $CSR);
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
}
+
+ $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
+
+ $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
+ $fp = fopen($_SESSION['_config']['tmpfname'], "w");
+ fputs($fp, $CSR);
fclose($fp);
- $CSR = $_SESSION['_config']['tmpfname'];
- $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
- $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+ $CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
+ $_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep \"Subject:\""));
+ $bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:")));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -653,10 +768,29 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
}
+
+ $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
}
if($process != "" && $oldid == 11)
{
+ if(!file_exists($_SESSION['_config']['tmpfname']))
+ {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
+ showfooter();
+ exit;
+ }
+
+ if (($weakKey = checkWeakKeyCSR(file_get_contents(
+ $_SESSION['_config']['tmpfname']))) !== "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
$id = 11;
if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
{
@@ -666,57 +800,35 @@
exit;
}
- $subject = "";
- $count = 0;
- $supressSAN=0;
- if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
+ $subject = buildSubjectFromSession();
- if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row)
- {
- $count++;
- if($count <= 1)
- {
- $subject .= "/CN=$row";
- if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
- if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
- } else {
- if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
- if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
- }
- }
- if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row)
- {
- if(substr($row, 0, 4) == "DNS:")
- {
- $row = substr($row, 4);
- if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
- if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
- }
- }
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
{
- $query = "insert into `domaincerts` set
+ $query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
- $query = "insert into `domaincerts` set
+ $query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
} else {
showheader(_("My CAcert.org Account!"));
echo _("Domain not verified.");
showfooter();
exit;
-
}
mysql_query($query);
@@ -730,13 +842,6 @@
mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
$CSRname=generatecertpath("csr","server",$CSRid);
- if(!file_exists($_SESSION['_config']['tmpfname']))
- {
- showheader(_("My CAcert.org Account!"));
- printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
- showfooter();
- exit;
- }
rename($_SESSION['_config']['tmpfname'], $CSRname);
chmod($CSRname,0644);
mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
@@ -772,31 +877,42 @@
$query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
- `domains`.`memid`='".$_SESSION['profile']['id']."'";
+ `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
continue;
}
- mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
+
$row = mysql_fetch_assoc($res);
- $query = "insert into `domaincerts` set
- `domid`='".$row['domid']."',
+
+ if (($weakKey = checkWeakKeyX509(file_get_contents(
+ $row['crt_name']))) !== "")
+ {
+ echo $weakKey, "<br/>\n";
+ continue;
+ }
+
+ mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
+ $query = "insert into `domaincerts` set
+ `domid`='".intval($row['domid'])."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',".
//`csr_name`='".$row['csr_name']."', // RACE CONDITION
- "`created`='".$row['created']."',
- `modified`=NOW(),
- `rootcert`='".$row['rootcert']."',
- `type`='".$row['type']."',
- `pkhash`='".$row['pkhash']."'";
+ "`created`='".mysql_real_escape_string($row['created'])."',
+ `modified`=NOW(),
+ `rootcert`='".intval($row['rootcert'])."',
+ `type`='".intval($row['type'])."',
+ `pkhash`='".mysql_real_escape_string($row['pkhash'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","server",$newid);
copy($row['csr_name'], $newfile);
- $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
- $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+ $newfile_esc = escapeshellarg($newfile);
+ $_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d \"\\0\"|grep \"Subject:\""));
+ $bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:")));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -812,29 +928,7 @@
continue;
}
- $subject = "";
- $count = 0;
- if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row)
- {
- $count++;
- if($count <= 1)
- {
- $subject .= "/CN=$row";
- if(!strstr($subject, "=$row/") &&
- substr($subject, -strlen("=$row")) != "=$row")
- $subject .= "/subjectAltName=$row";
- } else {
- if(!strstr($subject, "=$row/") &&
- substr($subject, -strlen("=$row")) != "=$row")
- $subject .= "/subjectAltName=$row";
- }
- }
- if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row)
- if(!strstr($subject, "=$row/") &&
- substr($subject, -strlen("=$row")) != "=$row")
- $subject .= "/subjectAltName=$row";
+ $subject = buildSubjectFromSession();
$subject = mysql_real_escape_string($subject);
mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
@@ -847,7 +941,8 @@
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
$drow = mysql_fetch_assoc($res);
- $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
+ $crt_name = escapeshellarg($drow['crt_name']);
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crt_name");
echo "<pre>\n$cert\n</pre>\n";
}
}
@@ -856,6 +951,7 @@
{
echo _("You did not select any certificates for renewal.");
}
+
showfooter();
exit;
}
@@ -871,10 +967,10 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
+ $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
- `domains`.`memid`='".$_SESSION['profile']['id']."'";
+ `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@@ -888,8 +984,12 @@
continue;
}
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
+
}
else
{
@@ -902,10 +1002,10 @@
foreach($_REQUEST['delid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
+ $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
- `domains`.`memid`='".$_SESSION['profile']['id']."'";
+ `domains`.`memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@@ -928,6 +1028,24 @@
exit;
}
+ if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
{
showheader(_("My CAcert.org Account!"));
@@ -937,27 +1055,37 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
- where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
+ $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
+ where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
+
$row = mysql_fetch_assoc($res);
- $query = "insert into emailcerts set
- `memid`='".$row['memid']."',
+
+ if (($weakKey = checkWeakKeyX509(file_get_contents(
+ $row['crt_name']))) !== "")
+ {
+ echo $weakKey, "<br/>\n";
+ continue;
+ }
+
+ mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
+ $query = "insert into emailcerts set
+ `memid`='".intval($row['memid'])."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `keytype`='".mysql_real_escape_string($row['keytype'])."',
+ `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
+ `created`='".mysql_real_escape_string($row['created'])."',
`modified`=NOW(),
- `disablelogin`='".$row['disablelogin']."',
- `codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."'";
+ `disablelogin`='".intval($row['disablelogin'])."',
+ `codesign`='".intval($row['codesign'])."',
+ `rootcert`='".intval($row['rootcert'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","client",$newid);
@@ -1001,8 +1129,8 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
- where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
+ $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
+ where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@@ -1016,8 +1144,11 @@
continue;
}
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
}
else
{
@@ -1030,8 +1161,8 @@
foreach($_REQUEST['delid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
- where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
+ $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
+ where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@@ -1056,27 +1187,30 @@
if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
{
- showheader(_("My CAcert.org Account!"));
- //echo _("Now changing the settings for the following certificates:")."<br>\n";
- foreach($_REQUEST as $id => $val)
- {
- //echo $id."<br/>";
- if(substr($id,0,5)=="cert_")
- {
- $id = intval(substr($id,5));
- $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
- //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
- mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
- //$row = mysql_fetch_assoc($res);
- }
- }
- echo(_("Certificate settings have been changed.")."<br/>\n");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,5)=="cert_")
+ {
+ $cid = intval(substr($id,5));
+ $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
+ mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
+ }
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ if(!empty($_REQUEST['check_comment_'.$cid])) {
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".intval($_SESSION['profile']['id'])."'");
+ }
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
}
-
- if($oldid == 13 && $process != "")
+ if($oldid == 13 && $process != "" && $showdetails!="")
{
csrf_check("perschange");
$_SESSION['_config']['user'] = $_SESSION['profile'];
@@ -1092,42 +1226,42 @@
$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
- if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
- {
- $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
- $id = $oldid;
+ if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
+ {
+ $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
+ $id = $oldid;
$oldid=0;
- }
+ }
if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
@@ -1141,11 +1275,11 @@
if($oldid == 13 && $process != "")
{
- $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
$ddres = mysql_query($ddquery);
$ddrow = mysql_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
-
+
if($_SESSION['profile']['points'] == 0)
{
$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
@@ -1181,37 +1315,29 @@
`lname`='".$_SESSION['_config']['user']['lname']."',
`suffix`='".$_SESSION['_config']['user']['suffix']."',
`dob`='".$_SESSION['_config']['user']['year']."-".$_SESSION['_config']['user']['month']."-".$_SESSION['_config']['user']['day']."'
- where `id`='".$_SESSION['profile']['id']."'";
+ where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
}
- $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
- `Q2`='".$_SESSION['_config']['user']['Q2']."',
- `Q3`='".$_SESSION['_config']['user']['Q3']."',
- `Q4`='".$_SESSION['_config']['user']['Q4']."',
- `Q5`='".$_SESSION['_config']['user']['Q5']."',
- `A1`='".$_SESSION['_config']['user']['A1']."',
- `A2`='".$_SESSION['_config']['user']['A2']."',
- `A3`='".$_SESSION['_config']['user']['A3']."',
- `A4`='".$_SESSION['_config']['user']['A4']."',
- `A5`='".$_SESSION['_config']['user']['A5']."'
- where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
-
- //!!!Should be rewritten
- $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
- $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
- if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
- {
- $query = "update `users` set `otphash`='".$_SESSION['_config']['user']['otphash']."',
- `otppin`='".$_SESSION['_config']['user']['otppin']."' where `id`='".$_SESSION['profile']['id']."'";
+ if ($showdetails!="") {
+ $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
+ `Q2`='".$_SESSION['_config']['user']['Q2']."',
+ `Q3`='".$_SESSION['_config']['user']['Q3']."',
+ `Q4`='".$_SESSION['_config']['user']['Q4']."',
+ `Q5`='".$_SESSION['_config']['user']['Q5']."',
+ `A1`='".$_SESSION['_config']['user']['A1']."',
+ `A2`='".$_SESSION['_config']['user']['A2']."',
+ `A3`='".$_SESSION['_config']['user']['A3']."',
+ `A4`='".$_SESSION['_config']['user']['A4']."',
+ `A5`='".$_SESSION['_config']['user']['A5']."'
+ where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
}
$_SESSION['_config']['user']['set'] = 0;
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
+ $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
$_SESSION['profile']['loggedin'] = 1;
- $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
$ddres = mysql_query($ddquery);
$ddrow = mysql_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
@@ -1236,6 +1362,8 @@
showheader(_("My CAcert.org Account!"));
if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
{
+ echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
+ '</h3>', "\n";
echo _("New Pass Phrases specified don't match or were blank.");
} else {
$score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
@@ -1243,7 +1371,7 @@
if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
{
- $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
+ $match = mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and
(`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
`password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
$rc = mysql_num_rows($match);
@@ -1252,18 +1380,25 @@
}
if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
+ echo '<h3 style="color:red">',
+ _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
echo _("The Pass Phrase you submitted was too short.");
} else if($score < 3) {
+ echo '<h3 style="color:red">',
+ _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
} else if($rc <= 0) {
+ echo '<h3 style="color:red">',
+ _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
echo _("You failed to correctly enter your current Pass Phrase.");
} else {
mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
- where `id`='".$_SESSION['profile']['id']."'");
+ where `id`='".intval($_SESSION['profile']['id'])."'");
+ echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
- $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
- $body .= _("You are receiving this email because you or someone else")."\n";
- $body .= _("has changed the password on your account.")."\n";
+ $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
+ $body .= _("You are receiving this email because you or someone else ".
+ "has changed the password on your account.")."\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
@@ -1300,7 +1435,9 @@
$_SESSION['_config']['emails'][] = $val;
}
$_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
- $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
+ $_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU']));
+
+ $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
}
if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
@@ -1314,7 +1451,6 @@
if($oldid == 16 && $process != "")
{
-
if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
{
$_REQUEST['codesign'] = 1;
@@ -1330,6 +1466,10 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+ $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
+
+ $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
+
if(@count($_SESSION['_config']['emails']) > 0)
$id = 17;
}
@@ -1364,7 +1504,7 @@
if($_SESSION['_config']['name'] != "")
$emails .= "commonName = ".$_SESSION['_config']['name']."\n";
if($_SESSION['_config']['OU'])
- $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n";
+ $emails .= "organizationalUnitName = ".mysql_real_escape_string($_SESSION['_config']['OU'])."\n";
if($org['O'])
$emails .= "organizationName = ".$org['O']."\n";
if($org['L'])
@@ -1376,14 +1516,27 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+
$emails .= "SPKAC = $spkac";
- $query = "insert into `orgemailcerts` set
- `CN`='$defaultemail',
+ if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
+ {
+ $id = 17;
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
+ $query = "insert into `orgemailcerts` set
+ `CN`='$defaultemail',
+ `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
`keytype`='NS',
- `orgid`='".$org['orgid']."',
+ `orgid`='".intval($org['orgid'])."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
- `codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `codesign`='".intval($_SESSION['_config']['codesign'])."',
+ `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1395,18 +1548,34 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $CSRname_esc = escapeshellarg($CSRname);
+ $res=shell_exec("openssl spkac -verify -in $CSRname_esc");
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
- $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
+ $csr = clean_csr($_REQUEST['CSR']);
+ if(strpos($csr,"---BEGIN") === FALSE)
+ {
+ // In case the CSR is missing the ---BEGIN lines, add them automatically:
+ $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$csr."\n-----END CERTIFICATE REQUEST-----\n";
+ }
+
+ if (($weakKey = checkWeakKeyCSR($csr)) !== "")
+ {
+ $id = 17;
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
$tmpfname = tempnam("/tmp", "id17CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
@@ -1437,7 +1606,9 @@
$csrsubject .= "/countryName=".$org['C'];
$tmpname = tempnam("/tmp", "id17csr");
- $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`;
+ $tmpfname_esc = escapeshellarg($tmpfname);
+ $tmpname_esc = escapeshellarg($tmpname);
+ $do = shell_exec("/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc");
@unlink($tmpfname);
$csr = "";
$fp = fopen($tmpname, "r");
@@ -1456,14 +1627,17 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
- $query = "insert into `orgemailcerts` set
- `CN`='$defaultemail',
+ $query = "insert into `orgemailcerts` set
+ `CN`='$defaultemail',
+ `ou`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
`keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
- `orgid`='".$org['orgid']."',
+ `orgid`='".intval($org['orgid'])."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
- `subject`='$csrsubject',
- `codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `subject`='".mysql_real_escape_string($csrsubject)."',
+ `codesign`='".intval($_SESSION['_config']['codesign'])."',
+ `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1505,7 +1679,7 @@
echo "Renewing certificate #$id ...\n<br/>";
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
- where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
+ where `orgemailcerts`.`id`='$id' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -1513,23 +1687,34 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
+
$row = mysql_fetch_assoc($res);
+
+ if (($weakKey = checkWeakKeyX509(file_get_contents(
+ $row['crt_name']))) !== "")
+ {
+ echo $weakKey, "<br/>\n";
+ continue;
+ }
+
+ mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- $query = "insert into `orgemailcerts` set
- `orgid`='".$row['orgid']."',
- `CN`='".$row['CN']."',
- `subject`='".$row['subject']."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ $query = "insert into `orgemailcerts` set
+ `orgid`='".intval($row['orgid'])."',
+ `CN`='".mysql_real_escape_string($row['CN'])."',
+ `ou`='".mysql_real_escape_string($row['ou'])."',
+ `subject`='".mysql_real_escape_string($row['subject'])."',
+ `keytype`='".mysql_real_escape_string($row['keytype'])."',
+ `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
+ `created`='".mysql_real_escape_string($row['created'])."',
`modified`=NOW(),
- `codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."'";
+ `codesign`='".intval($row['codesign'])."',
+ `rootcert`='".intval($row['rootcert'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","orgclient",$newid);
@@ -1567,7 +1752,7 @@
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `orgemailcerts`, `org`
- where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
+ where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -1582,8 +1767,11 @@
continue;
}
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
}
else
{
@@ -1597,7 +1785,7 @@
{
$id = intval($id);
$query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `orgemailcerts`, `org`
- where `orgemailcerts`.`id`='$id' and `org`.`memid`='".$_SESSION['profile']['id']."' and
+ where `orgemailcerts`.`id`='".intval($id)."' and `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orgemailcerts`.`orgid`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -1621,16 +1809,61 @@
exit;
}
+ if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+ if($oldid == 18 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
+ {
+ $id=18;
+ $_SESSION['_config']['orgfilterid']=$_REQUEST['orgfilterid'];
+ $_SESSION['_config']['sorting']=$_REQUEST['sorting'];
+ $_SESSION['_config']['status']=$_REQUEST['status'];
+ }
+
+ if($oldid == 18 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
+ {
+ $id=18;
+ $_SESSION['_config']['orgfilterid']=0;
+ $_SESSION['_config']['sorting']=0;
+ $_SESSION['_config']['status']=0;
+ }
+
if($process != "" && $oldid == 20)
{
$CSR = clean_csr($_REQUEST['CSR']);
+
+ if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
+ {
+ $id = 20;
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
+ $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
fclose($fp);
- $CSR = $_SESSION['_config']['tmpfname'];
- $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
- $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+ $CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
+ $_SESSION['_config']['subject'] = trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep \"Subject:\""));
+ $bits = explode(",", trim(shell_exec("/usr/bin/openssl req -text -noout -in $CSR |tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:")));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -1643,16 +1876,16 @@
getalt2();
$query = "select * from `orginfo`,`org`,`orgdomains` where
- `org`.`memid`='".$_SESSION['profile']['id']."' and
+ `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orginfo`.`id` and
`org`.`orgid`=`orgdomains`.`orgid` and
- `orgdomains`.`domain`='".$_SESSION['_config']['0.CN']."'";
+ `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.CN'])."'";
$_SESSION['_config']['CNorg'] = mysql_fetch_assoc(mysql_query($query));
$query = "select * from `orginfo`,`org`,`orgdomains` where
- `org`.`memid`='".$_SESSION['profile']['id']."' and
+ `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orginfo`.`id` and
`org`.`orgid`=`orgdomains`.`orgid` and
- `orgdomains`.`domain`='".$_SESSION['_config']['0.subjectAltName']."'";
+ `orgdomains`.`domain`='".mysql_real_escape_string($_SESSION['_config']['0.subjectAltName'])."'";
$_SESSION['_config']['SANorg'] = mysql_fetch_assoc(mysql_query($query));
//echo "<pre>"; print_r($_SESSION['_config']); die;
@@ -1668,12 +1901,31 @@
$_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+
+ $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
}
if($process != "" && $oldid == 21)
{
$id = 21;
+ if(!file_exists($_SESSION['_config']['tmpfname']))
+ {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
+ showfooter();
+ exit;
+ }
+
+ if (($weakKey = checkWeakKeyCSR(file_get_contents(
+ $_SESSION['_config']['tmpfname']))) !== "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
{
showheader(_("My CAcert.org Account!"));
@@ -1682,17 +1934,17 @@
exit;
}
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
$query = "select * from `org`,`orginfo` where
- `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
+ `orginfo`.`id`='".intval($_SESSION['_config']['rowid']['0'])."' and
`orginfo`.`id`=`org`.`orgid` and
- `org`.`memid`='".$_SESSION['profile']['id']."'";
+ `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
} else {
$query = "select * from `org`,`orginfo` where
- `orginfo`.`id`='".$_SESSION['_config']['altid']['0']."' and
+ `orginfo`.`id`='".intval($_SESSION['_config']['altid']['0'])."' and
`orginfo`.`id`=`org`.`orgid` and
- `org`.`memid`='".$_SESSION['profile']['id']."'";
+ `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
}
$org = mysql_fetch_assoc(mysql_query($query));
$csrsubject = "";
@@ -1710,45 +1962,36 @@
//if($org['contact'])
// $csrsubject .= "/emailAddress=".trim($org['contact']);
- if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row)
- $csrsubject .= "/commonName=$row";
- $SAN="";
- if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $subalt)
- {
- if($SAN != "")
- $SAN .= ",";
- $SAN .= "$subalt";
- }
-
- if($SAN != "")
- $csrsubject .= "/subjectAltName=".$SAN;
+ $csrsubject .= buildSubjectFromSession();
$type="";
if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
- $query = "insert into `orgdomaincerts` set
- `CN`='".$_SESSION['_config']['rows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type'";
- } else {
- $query = "insert into `orgdomaincerts` set
- `CN`='".$_SESSION['_config']['altrows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type'";
- }
- mysql_query($query);
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
+ `orgid`='".intval($org['id'])."',
+ `created`=NOW(),
+ `subject`='".mysql_real_escape_string($csrsubject)."',
+ `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `type`='".$type."',
+ `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+ } else {
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
+ `orgid`='".intval($org['id'])."',
+ `created`=NOW(),
+ `subject`='".mysql_real_escape_string($csrsubject)."',
+ `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
+ `type`='".$type."',
+ `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
+ }
+ mysql_query($query);
$CSRid = mysql_insert_id();
$CSRname=generatecertpath("csr","orgserver",$CSRid);
@@ -1757,10 +2000,10 @@
mysql_query("update `orgdomaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
if(is_array($_SESSION['_config']['rowid']))
foreach($_SESSION['_config']['rowid'] as $id)
- mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
+ mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $id)
- mysql_query("insert into `orgdomlink` set `orgdomid`='$id', `orgcertid`='$CSRid'");
+ mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($id)."', `orgcertid`='$CSRid'");
waitForResult("orgdomaincerts", $CSRid,$oldid);
$query = "select * from `orgdomaincerts` where `id`='$CSRid' and `crt_name` != ''";
$res = mysql_query($query);
@@ -1791,29 +2034,39 @@
`orgdomaincerts`,`org`
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
- `org`.`memid`='".$_SESSION['profile']['id']."'";
+ `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
+
$row = mysql_fetch_assoc($res);
+
+ if (($weakKey = checkWeakKeyX509(file_get_contents(
+ $row['crt_name']))) !== "")
+ {
+ echo $weakKey, "<br/>\n";
+ continue;
+ }
+
+ mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- $query = "insert into `orgdomaincerts` set
- `orgid`='".$row['orgid']."',
- `CN`='".$row['CN']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
- `modified`=NOW(),
- `subject`='".$row['subject']."',
- `type`='".$row['type']."',
- `rootcert`='".$row['rootcert']."'";
+ $query = "insert into `orgdomaincerts` set
+ `orgid`='".intval($row['orgid'])."',
+ `CN`='".mysql_real_escape_string($row['CN'])."',
+ `csr_name`='".mysql_real_escape_string($row['csr_name'])."',
+ `created`='".mysql_real_escape_string($row['created'])."',
+ `modified`=NOW(),
+ `subject`='".mysql_real_escape_string($row['subject'])."',
+ `type`='".intval($row['type'])."',
+ `rootcert`='".intval($row['rootcert'])."',
+ `description`='".mysql_real_escape_string($row['description'])."'";
mysql_query($query);
$newid = mysql_insert_id();
//echo "NewID: $newid<br/>\n";
@@ -1823,7 +2076,7 @@
echo _("Renewing").": ".$row['CN']."<br>\n";
$res = mysql_query("select * from `orgdomlink` where `orgcertid`='".$row['id']."'");
while($r2 = mysql_fetch_assoc($res))
- mysql_query("insert into `orgdomlink` set `orgdomid`='".$r2['id']."', `orgcertid`='$newid'");
+ mysql_query("insert into `orgdomlink` set `orgdomid`='".intval($r2['orgdomid'])."', `orgcertid`='$newid'");
waitForResult("orgdomaincerts", $newid,$oldid,0);
$query = "select * from `orgdomaincerts` where `id`='$newid' and `crt_name` != ''";
$res = mysql_query($query);
@@ -1832,7 +2085,8 @@
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
$drow = mysql_fetch_assoc($res);
- $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
+ $crtname = escapeshellarg($drow['crt_name']);
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
echo "<pre>\n$cert\n</pre>\n";
}
}
@@ -1859,7 +2113,7 @@
`orgdomaincerts`,`org`
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
- `org`.`memid`='".$_SESSION['profile']['id']."'";
+ `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@@ -1873,8 +2127,11 @@
continue;
}
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' has been revoked.")."<br>\n", $row['CN']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
+
+ // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
+ echo '<br/>'._('All listed certificates will be added to the Certificate Revocation List (CRL) soon.').'<br/>';
}
else
{
@@ -1891,7 +2148,7 @@
`orgdomaincerts`,`org`
where `orgdomaincerts`.`id`='$id' and
`orgdomaincerts`.`orgid`=`org`.`orgid` and
- `org`.`memid`='".$_SESSION['profile']['id']."'";
+ `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@@ -1914,6 +2171,40 @@
exit;
}
+ if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+ if($oldid == 22 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
+ {
+ $id=22;
+ $_SESSION['_config']['dorgfilterid']=$_REQUEST['dorgfilterid'];
+ $_SESSION['_config']['dsorting']=$_REQUEST['dsorting'];
+ $_SESSION['_config']['dstatus']=$_REQUEST['dstatus'];
+ }
+
+ if($oldid == 22 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
+ {
+ $id=22;
+ $_SESSION['_config']['dorgfilterid']=0;
+ $_SESSION['_config']['dsorting']=0;
+ $_SESSION['_config']['dstatus']=0;
+ }
+
+
if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
@@ -1973,7 +2264,7 @@
`ST`='".$_SESSION['_config']['ST']."',
`C`='".$_SESSION['_config']['C']."',
`comments`='".$_SESSION['_config']['comments']."'
- where `id`='".$_SESSION['_config']['orgid']."'");
+ where `id`='".intval($_SESSION['_config']['orgid'])."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
showfooter();
@@ -2011,9 +2302,9 @@
if($oldid == 29 && $process != "")
{
- $domain = mysql_real_escape_string(stripslashes(trim($domainname)));
+ $domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
- $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($_SESSION['_config']['domid'])."'");
+ $res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
{
@@ -2023,20 +2314,20 @@
}
}
- if(($oldid == 29 || $oldid == 30) && $process != _("Cancel"))
+ if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
{
- $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
+ $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
- `orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
+ `orgdomains`.`id`='".intval($domid)."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
- $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
+ $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
- `orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
+ `orgdomains`.`id`='".intval($domid)."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
@@ -2044,23 +2335,23 @@
if($oldid == 29 && $process != "")
{
- $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
- mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'");
+ $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
+ mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
- echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
+ echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
showfooter();
exit;
}
if($oldid == 30 && $process != "")
{
- $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
+ $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
$domain = $row['domain'];
- mysql_query("delete from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'");
+ mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
- echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
+ echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
showfooter();
exit;
}
@@ -2071,13 +2362,13 @@
$orgid = 0;
}
- if($oldid == 31 && $process != _("Cancel"))
+ if($oldid == 31 && $process != "")
{
$query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
{
- $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
+ $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
@@ -2089,7 +2380,7 @@
mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
}
- $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
+ $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
@@ -2112,8 +2403,7 @@
$orgid = 0;
}
- if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 ||
- $id == 35 || $oldid == 35)
+ if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
{
$query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
$_macc = mysql_num_rows(mysql_query($query));
@@ -2126,6 +2416,19 @@
}
}
+ if($id == 35 || $oldid == 35)
+ {
+ $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
+ $is_orguser = mysql_num_rows(mysql_query($query));
+ if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You don't have access to this area.");
+ showfooter();
+ exit;
+ }
+ }
+
if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
{
$orgid = intval($_SESSION['_config']['orgid']);
@@ -2141,11 +2444,11 @@
{
csrf_check('orgadmadd');
if($_SESSION['profile']['orgadmin'] == 1)
- $masteracc = $_SESSION['_config'][masteracc] = intval($_REQUEST['masteracc']);
+ $masteracc = $_SESSION['_config']['masteracc'] = intval($_REQUEST['masteracc']);
else
- $masteracc = $_SESSION['_config'][masteracc] = 0;
+ $masteracc = $_SESSION['_config']['masteracc'] = 0;
$_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
- $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
+ $_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU']));
$comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments'])));
$res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0");
if(mysql_num_rows($res) <= 0)
@@ -2155,15 +2458,28 @@
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
} else {
$row = mysql_fetch_assoc($res);
- mysql_query("insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
- `masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
+ if ( !is_assurer(intval($row['id'])) )
+ {
+ $id = $oldid;
+ $oldid=0;
+ $_SESSION['_config']['errmsg'] =
+ _("The user is not an Assurer yet");
+ } else {
+ mysql_query(
+ "insert into `org`
+ set `memid`='".intval($row['id'])."',
+ `orgid`='".intval($_SESSION['_config']['orgid'])."',
+ `masteracc`='$masteracc',
+ `OU`='".mysql_real_escape_string($_SESSION['_config']['OU'])."',
+ `comments`='$comments'");
+ }
}
}
if(($oldid == 34 || $id == 34) && $_SESSION['profile']['orgadmin'] != 1)
{
$orgid = intval($_SESSION['_config']['orgid']);
- $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'");
+ $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'");
if(mysql_num_rows($res) <= 0)
$id = 32;
}
@@ -2218,11 +2534,11 @@
{
csrf_check("mainlang");
$lang = mysql_real_escape_string($_REQUEST['lang']);
- foreach($_SESSION['_config']['translations'] as $key => $val)
+ foreach(L10n::$translations as $key => $val)
{
if($key == $lang)
{
- mysql_query("update `users` set `language`='$lang' where `id`='".$_SESSION['profile']['id']."'");
+ mysql_query("update `users` set `language`='$lang' where `id`='".intval($_SESSION['profile']['id'])."'");
$_SESSION['profile']['language'] = $lang;
showheader(_("My CAcert.org Account!"));
echo _("Your language setting has been updated.");
@@ -2279,8 +2595,8 @@
exit;
}
- if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
- ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
+ if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
+ ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
$_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
{
$id = 53;
@@ -2290,7 +2606,7 @@
$locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
$name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
$long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
- $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
+ $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
$action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
if($locid > 0 && $action == "edit")
@@ -2377,10 +2693,27 @@
$oldid=0;
}
- if($oldid == 43 && $_REQUEST['action'] == "updatedob")
+ //check if ticket number was entered
+ if ( $id == 43 || $oldid == 43 || $id == 44 || $oldid == 44 ) {
+ if ($ticketno != "" ) {
+ $ticketno = trim($_REQUEST['ticketno']);
+ $ticketvalidation = valid_ticket_number($ticketno);
+ }
+
+ $_SESSION['ticketno'] = $ticketno;
+ }
+
+ if($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == TRUE)
{
$id = 43;
$oldid=0;
+ $userid = intval($_REQUEST['userid']);
+ if (!write_se_log($userid, $_SESSION['profile']['id'],'SE Name/DOB Change',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$fname = mysql_real_escape_string($_REQUEST['fname']);
$mname = mysql_real_escape_string($_REQUEST['mname']);
$lname = mysql_real_escape_string($_REQUEST['lname']);
@@ -2388,14 +2721,29 @@
$day = intval($_REQUEST['day']);
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);
- $userid = intval($_REQUEST['userid']);
- $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
- $details = mysql_fetch_assoc(mysql_query($query));
- $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
- `new-lname`='$lname',`new-dob`='$year-$month-$day',`uid`='$userid',`adminid`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
mysql_query($query);
+ }elseif($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == FALSE){
+ $id = 43;
+ $oldid=0;
+ $_SESSION['ticketmsg']='No action (name/dob change) taken. Ticket number is missing!';
+ }
+
+ if($oldid == 43 && $actionrequest == 'revokecert' && $ticketvalidation == TRUE)
+ {
+ $userid = intval($_REQUEST['userid']);
+ if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE Revoke all certificates',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
+ revoke_all_private_cert($userid);
+ $id=43;
+ }elseif($oldid == 43 && $actionrequest == "revokecert" && $ticketvalidation == FALSE){
+ $id = 43;
+ $oldid=0;
+ $_SESSION['ticketmsg']='No certificates revokes. Ticket number is missing!';
}
if($oldid == 48 && $_REQUEST['domain'] == "")
@@ -2412,8 +2760,7 @@
if($id == 44)
{
- if($_REQUEST['userid'] != "")
- $_REQUEST['userid'] = intval($_REQUEST['userid']);
+ $_REQUEST['userid'] = intval($_REQUEST['userid']);
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
if($row['email'] == "")
$id = 42;
@@ -2421,38 +2768,51 @@
$_REQUEST['email'] = $row['email'];
}
- if($oldid == 44)
+ if($oldid == 44 && $ticketvalidation == TRUE)
{
showheader(_("My CAcert.org Account!"));
if(intval($_REQUEST['userid']) <= 0)
{
echo _("No such user found.");
} else {
+ if (!write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'SE reset password',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
-
- $body = sprintf(_("Hi %s,"),$row['fname'])."\n";
- $body .= _("You are receiving this email because a CAcert administrator")."\n";
- $body .= _("has changed the password on your account.")."\n";
+ $my_translation = L10n::get_translation();
+ L10n::set_recipient_language(intval($_REQUEST['userid']));
+ $body = sprintf(_("Hi %s,"),$row['fname'])."\n\n";
+ $body .= _("You are receiving this email because a CAcert administrator ".
+ "has changed the password on your account.")."\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body,
"support@cacert.org", "", "", "CAcert Support");
-
+ L10n::set_translation($my_translation);
}
+
showfooter();
exit;
+ }elseif($oldid == 44 && $ticketvalidation == FALSE){
+ $_SESSION['ticketmsg']='No password reset taken. Ticket number is missing!';
}
+
if($process != "" && $oldid == 45)
{
$CSR = clean_csr($CSR);
$_SESSION['_config']['CSR'] = $CSR;
- $_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`);
- $bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+ runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep \"Subject:\"", $CSR, $CSRSubjects);
+ runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:", $CSR, $CSRAlts);
+ $_SESSION['_config']['subject'] = trim($CSRSubjects);
+ $bits = explode(",", trim($CSRAlts));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -2476,8 +2836,11 @@
if($process != "" && $oldid == 46)
{
$CSR = clean_csr($_SESSION['_config']['CSR']);
- $_SESSION['_config']['subject'] = trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep "Subject:"`);
- $bits = explode(",", trim(`echo "$CSR"|/usr/bin/openssl req -text -noout|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+ runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep \"Subject:\"", $CSR, $CSRSubjects);
+ runCommand("/usr/bin/openssl req -text -noout|tr -d \"\\0\"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:", $CSR, $CSRAlts);
+
+ $_SESSION['_config']['subject'] = trim($CSRSubjects);
+ $bits = explode(",", trim($CSRAlts));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -2497,7 +2860,15 @@
exit;
}
- $query = "insert into `domaincerts` set
+ if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
+ $query = "insert into `domaincerts` set
`CN`='".$_SESSION['_config']['0.CN']."',
`domid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW()";
@@ -2505,10 +2876,10 @@
$CSRid = mysql_insert_id();
foreach($_SESSION['_config']['rowid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
+ mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
if(is_array($_SESSION['_config']['altid']))
foreach($_SESSION['_config']['altid'] as $dom)
- mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
+ mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='".intval($dom)."'");
$CSRname=generatecertpath("csr","server",$CSRid);
$fp = fopen($CSRname, "w");
@@ -2531,150 +2902,279 @@
}
}
- if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0)
+ /* presently not needed
+ if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change tverify status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['tverify'];
mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
+ }elseif($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==FALSE){
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
+ */
- if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
- {
- csrf_check('admsetassuret');
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer'];
- mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
- }
-
- if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
- {
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer_blocked'];
- mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
- }
-
- if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
- {
- csrf_check('admactlock');
+ if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == TRUE)
+ {
+ csrf_check('admsetassuret');
+ $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer'];
+ mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+ }elseif($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+ $_SESSION['ticketmsg']='No action (Change assurer status) taken. Ticket number is missing!';
+ }
+
+ if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == TRUE)
+ {
+ $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer blocked status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer_blocked'];
+ mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+ }elseif($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+ }
+
+ if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == TRUE)
+ {
+ csrf_check('admactlock');
$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change locked status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locked'];
mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
+ }elseif($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['locked']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0)
+ if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admcodesign');
$memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change codesign status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['codesign'];
mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
+ }elseif($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['codesign']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0)
+ if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admorgadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change org assuer status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['orgadmin'];
mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
+ }elseif($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0)
+ if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admttpadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
+ if(!write_se_log($memid, $_SESSION['profile']['id'],'SE Change ttp admin status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['ttpadmin'];
mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
+ }elseif($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0)
+ if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change advertising admin status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = $row['adadmin'] + 1;
if($ver > 2)
$ver = 0;
mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
+ }elseif($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0)
+ if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change location admin status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locadmin'];
mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
+ }elseif($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0)
+ if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admsetadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['admin']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change SE status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['admin'];
mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
+ }elseif($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['admin']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0)
+ if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['general']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change general status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['general'];
mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
+ }elseif($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['general']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0)
+ if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['country']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change country status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['country'];
mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
+ }elseif($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['country']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0)
+ if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['regional']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change regional status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['regional'];
mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
+ }elseif($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['regional']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0)
+ if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['radius']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change radius status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['radius'];
mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
+ }elseif($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == false){
+ $_REQUEST['userid'] = intval($_REQUEST['radius']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
if($id == 50)
{
- if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] != "")
+ if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] !== "") {
$_REQUEST['userid'] = intval($_REQUEST['userid']);
+ }
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
- if($row['email'] == "")
+ if($row['email'] == "") {
$id = 42;
- else
+ } else {
$_REQUEST['email'] = $row['email'];
+ }
}
if($oldid == 50)
@@ -2686,145 +3186,77 @@
if($oldid == 50 && $process != "")
{
$_REQUEST['userid'] = intval($_REQUEST['userid']);
- $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'");
- if(mysql_num_rows($res) > 0)
- {
- $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01'
- WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
+ if (trim($_REQUEST['arbitrationno'])==""){
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not enter an arbitration number entry.");
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
+ showfooter();
+ exit;
}
- }
-
- if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
- {
- showheader(_("My CAcert.org Account!"));
- echo _("You don't have access to this area.");
- showfooter();
- exit;
- }
-
- if($oldid == 52)
- {
- $uid = intval($_REQUEST['uid']);
- $query = "select * from `tverify` where `id`='$uid' and `modified`=0";
- $rc = mysql_num_rows(mysql_query($query));
- if($rc <= 0)
- {
+ if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
showheader(_("My CAcert.org Account!"));
- echo _("Unable to find a valid tverify request for this ID.");
+ printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
- }
-
- if($oldid == 52)
- {
- $query = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".$_SESSION['profile']['id']."'";
- $rc = mysql_num_rows(mysql_query($query));
- if($rc > 0)
- {
+ if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
showheader(_("My CAcert.org Account!"));
- echo _("You have already voted on this request.");
+ printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
- }
-
- if($oldid == 52 && ($_REQUEST['agree'] != "" || $_REQUEST['disagree'] != ""))
- {
- $vote = -1;
- if($_REQUEST['agree'] != "")
- $vote = 1;
-
- $query = "insert into `tverify-vote` set
- `tverify`='$uid',
- `memid`='".$_SESSION['profile']['id']."',
- `when`=NOW(), `vote`='$vote',
- `comment`='".mysql_real_escape_string($_REQUEST['comment'])."'";
- mysql_query($query);
-
- $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"));
- if($rc >= 8)
- {
- mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'");
- $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'"));
- $memid = $tverify['memid'];
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
- $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));
-
- $points = 0;
- if($tverify['URL'] != "" && $tverify['photoid'] != "")
- $points = 150 - intval($tmp['points']);
- if($tverify['URL'] != "" && $tverify['photoid'] == "")
- $points = 90 - intval($tmp['points']);
- if($tverify['URL'] == "" && $tverify['photoid'] == "")
- $points = 50 - intval($tmp['points']);
-
- if($points < 0)
- $points = 0;
-
- if($points > 0)
- {
- mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
- `method`='Thawte Points Transfer', `when`=NOW()");
- fix_assurer_flag($memid);
- }
- $totalpoints = intval($tmp['points']) + $points;
-
- $body = _("Your request to have points transfered was successful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n"._("The following comments were made by reviewers")."\n\n";
- $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'");
- while($row = mysql_fetch_assoc($res))
- $body .= $row['comment']."\n";
- $body .= "\n";
-
- $body .= _("Best regards")."\n";
- $body .= _("CAcert Support Team");
- sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
+ if (check_client_cert_running(intval($_REQUEST['userid']),1) ||
+ check_server_cert_running(intval($_REQUEST['userid']),1) ||
+ check_gpg_cert_running(intval($_REQUEST['userid']),1)) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("The CCA retention time for at least one certificate is not over. Can't continue."));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
+ showfooter();
+ exit;
}
-
- $rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'"));
- if($rc >= 4)
- {
- mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'");
- $tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'"));
- $memid = $tverify['memid'];
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
-
- $body = _("Unfortunately your request for a points increase has been denied, below is the comments from people that reviewed your request as to why they rejected your application.")."\n\n";
- $res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'");
- while($row = mysql_fetch_assoc($res))
- $body .= $row['comment']."\n";
- $body .= "\n";
-
- $body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n";
-
- $body .= _("Best regards")."\n";
- $body .= _("CAcert Support Team");
- sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
+ if (check_is_orgadmin(intval($_REQUEST['userid']),1)) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("The user is listed as Organisation Administrator. Can't continue."));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
+ showfooter();
+ exit;
+ }
+ if (!write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno']))) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
+ showfooter();
+ exit;
}
+ account_delete(intval($_REQUEST['userid']), trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
+ }
+ if(($id == 51 || $id == 52 || $oldid == 52))
+ {
showheader(_("My CAcert.org Account!"));
- echo _("Your vote has been accepted.");
+ echo _("You don't have access to this area.\nThe Tverify programme is terminated as of 16th November 2010" );
showfooter();
exit;
}
+ if($id == 59){
+ if (!($oldid == 43 && $_SESSION['profile']['admin'] == 1) &&
+ !($oldid == 13 && intval($_REQUEST['userid']) == $_SESSION['profile']['id']))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You do not have access to this page.");
+ showfooter();
+ exit;
+ }
+ }
+
+
if(intval($cert) > 0)
$_SESSION['_config']['cert'] = intval($cert);
if(intval($orgid) > 0)
$_SESSION['_config']['orgid'] = intval($orgid);
if(intval($memid) > 0)
$_SESSION['_config']['memid'] = intval($memid);
- if(intval($domid) > 0)
- $_SESSION['_config']['domid'] = intval($domid);
?>
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index 39ae5ed..0fda2f1 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -22,6 +22,7 @@
function showheader($title = "CAcert.org", $title2 = "")
{
global $id, $PHP_SELF;
+ $PHP_SELF = &$_SERVER['PHP_SELF'];
$expand="";
$tmpid = $id;
if($PHP_SELF == "/wot.php")
@@ -35,46 +36,51 @@
switch($tmpid)
{
- case 1:
- case 2: $expand = " explode('emailacc');"; break;
- case 3:
- case 4:
- case 5:
- case 6: $expand = " explode('clicerts');"; break;
- case 7:
- case 8:
- case 9: $expand = " explode('domains');"; break;
- case 10:
- case 11:
- case 12:
- case 15: $expand = " explode('servercert');"; break;
- case 13:
- case 14:
- case 36:
- case 41:
+ case 1: // Add email address
+ case 2: $expand = " explode('emailacc');"; break; // View email addresses
+ case 3: // Add Client certificate
+ case 4: // Confirm Client Certificate Request
+ case 5: // View Client Certificates
+ case 6: $expand = " explode('clicerts');"; break; // Client Certificate page
+ case 7: // Add new domain
+ case 8: // Confirm Domain page
+ case 9: $expand = " explode('domains');"; break; // View Domains
+ case 10: // Add Server Certifiacte
+ case 11: // Confirm Server Certificate Rewust
+ case 12: // View Server Cerificate
+ case 15: $expand = " explode('servercert');"; break; // Server Certificate page
+ case 13: // ViewEdit
+ case 14: // Change password
+ case 36: // My Alert settings
+ case 41: // Language Settings
+ case 55: // Trainings
+ case 59: // Account History
case 507:
- case 508:
- case 513: $expand = " explode('mydetails');"; break;
- case 16:
- case 17:
- case 18:
- case 19: $expand = " explode('clientorg');"; break;
- case 20:
- case 21:
- case 22:
- case 23: $expand = " explode('serverorg');"; break;
- case 24:
- case 25:
- case 26:
- case 27:
- case 28:
- case 29:
- case 30:
+ case 508: // My Listing
+ case 510: // Old points calculation
+ case 515: // New points calculation
+ case 513: $expand = " explode('mydetails');"; break; // My Location
+ case 16: // Add Org Client Cert
+ case 17: // Confirm Org Client Certificate Request
+ case 18: // View Org Client Certificate
+ case 19: $expand = " explode('clientorg');"; break; // Org Cleint Cert page
+ case 20: // Add Org Server Cert
+ case 21: // Conform Org Server Cert Request
+ case 22: // View Org Server Certs
+ case 23: $expand = " explode('serverorg');"; break; // Org Server Certificate page
+ case 24: // Add new Organisation
+ case 25: // View Organisation List
+ case 26: // View Organisation Domains
+ case 27: // Edit Org Account
+ case 28: // View Add Org Domain
+ case 29: // Edit Org Domain
+ case 30: // Delete Org Domain
case 31:
- case 32:
- case 33:
- case 34:
- case 35: $expand = " explode('orgadmin');"; break;
+ case 32: // View Org Admin
+ case 33: // Add Org Admin
+ case 34: // Delete Org Admin
+ case 60: // View Organisation Account History
+ case 35: $expand = " explode('orgadmin');"; break; // View Org Admin Organisation List
case 42:
case 43:
case 44:
@@ -86,20 +92,19 @@
case 50:
case 54:
case 53: $expand = " explode('sysadmin');"; break;
- case 500:
+ case 500: // CAcert Web of Trust
case 501:
- case 502:
- case 503:
- case 504:
- case 505:
+ case 502: // Become an Assurer
+ case 503: // CAcert Web of Trust Roles
+ case 504: // TTP
+ case 505: // Assurer Some one
case 506:
case 509:
- case 510:
case 511:
- case 512: $expand = " explode('WoT');"; break;
+ case 512: $expand = " explode('WoT');"; break; // Find Assurer
case 1000:
case 1001:
- case 1002:
+ case 1002: // View GPG key
case 1003:
case 1004:
case 1005:
@@ -108,9 +113,9 @@
case 1008:
case 1009:
case 1010: $expand = " explode('gpg');"; break;
- case 1500:
- case 1501:
- case 1502:
+ case 1500: // Dipute
+ case 1501: // Dispute Email Request
+ case 1502: // ViewEdit
case 1503:
case 1504:
case 1505:
@@ -168,13 +173,15 @@ function hideall() {
<div id="pageNav">
<div class="relatedLinks">
<h3>CAcert.org</h3>
- <ul class="menu" id="home"><li><a href="index.php"><?=_("Go Home")?></a></li><li><a href="account.php?id=logout"><?=_("Logout")?></a></li></ul>
+ <ul class="menu" id="home"><li><a href="/index.php"><?=_("Go Home")?></a></li><li><a href="account.php?id=logout"><?=_("Logout")?></a></li></ul>
</div>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('mydetails')">+ <?=_("My Details")?></h3>
- <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><?
+ <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("View/Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="account.php?id=55"><?=_("My Trainings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><?
+/* to delete
if($_SESSION['profile']['id'] == 1 || $_SESSION['profile']['id'] == 5897)
echo "<li><a href='sqldump.php'>SQL Dump</a></li>";
+*/
?></ul>
</div>
<div class="relatedLinks">
@@ -209,7 +216,7 @@ function hideall() {
<ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul>
</div>
<? } ?>
-<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3>
<ul class="menu" id="orgadmin"><? if($_SESSION['profile']['orgadmin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul>
@@ -217,7 +224,7 @@ function hideall() {
<? } ?>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('WoT')">+ <?=_("CAcert Web of Trust")?></h3>
- <ul class="menu" id="WoT"><li><a href="wot.php?id=0"><?=_("About")?></a></li><li><a href="wot.php?id=12"><?=_("Find an Assurer")?></a></li><li><a href="wot.php?id=3"><?=_("Rules")?></a></li><li><? if($_SESSION['profile']['assurer'] != 1) { ?><a href="wot.php?id=2"><?=_("Becoming an Assurer")?></a><? } else { ?><a href="wot.php?id=5"><?=_("Assure Someone")?></a><? } ?></li><li><a href="wot.php?id=4"><?=_("Trusted ThirdParties")?></a></li><? if($_SESSION['profile']['points'] >= 500) { ?><li><a href="wot.php?id=11"><div style="white-space:nowrap"><?=_("Organisation Assurance")?></div></a></li><? } ?><li><a href="account.php?id=55"><?=_("Training")?></a></li></ul>
+ <ul class="menu" id="WoT"><li><a href="wot.php?id=0"><?=_("About")?></a></li><li><a href="wot.php?id=12"><?=_("Find an Assurer")?></a></li><li><a href="wot.php?id=3"><?=_("Rules")?></a></li><li><? if($_SESSION['profile']['assurer'] != 1) { ?><a href="wot.php?id=2"><?=_("Becoming an Assurer")?></a><? } else { ?><a href="wot.php?id=5"><?=_("Assure Someone")?></a><? } ?></li><li><a href="wot.php?id=4"><?=_("Trusted ThirdParties")?></a></li><? if($_SESSION['profile']['points'] >= 500) { ?><li><a href="wot.php?id=11"><div style="white-space:nowrap"><?=_("Organisation Assurance")?></div></a></li><? } ?></ul>
</div>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('WoTForms')">+ <?=_("CAP Forms")?></h3><?
@@ -262,6 +269,7 @@ function hideall() {
<ul class="menu" id="advertising"><li><a href="advertising.php?id=1"><?=_("New Ad")?></a></li><li><a href="advertising.php?id=0"><?=_("View Ads")?></a></li></ul>
</div>
<? } ?>
+ <? include("about_menu.php"); ?>
</div>
<div id="content">
<div class="story">
@@ -277,11 +285,10 @@ function hideall() {
?>
</div>
</div>
- <div id="siteInfo"><a href="account.php?id=37"><?=_("About Us")?></a> | <a href="account.php?id=38"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
- <a href="account.php?id=39"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a>
+ <div id="siteInfo"><a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="account.php?id=38"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
+ <a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a>
| &copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
-</div>
-</body>
+</div>
+</body>
</html><?
}
-?>
diff --git a/includes/general.php b/includes/general.php
index 80b16a0..735f357 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -15,13 +15,16 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+
+ require_once(dirname(__FILE__)."/lib/general.php");
+
session_name("cacert");
session_start();
- session_register("_config");
- session_register("profile");
- session_register("signup");
- session_register("lostpw");
+// session_register("_config");
+// session_register("profile");
+// session_register("signup");
+// session_register("lostpw");
// if($_SESSION['profile']['id'] > 0)
// session_regenerate_id();
@@ -38,6 +41,8 @@
$_SESSION['_config']['filepath'] = "/www";
require_once($_SESSION['_config']['filepath']."/includes/mysql.php");
+ require_once($_SESSION['_config']['filepath'].'/includes/lib/account.php');
+ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
if(array_key_exists('HTTP_HOST',$_SERVER) &&
$_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] &&
@@ -52,7 +57,7 @@
exit;
}
- if(array_key_exists('HTTP_HOST',$_SERVER) &&
+ if(array_key_exists('HTTP_HOST',$_SERVER) &&
($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] ||
$_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify']))
{
@@ -69,129 +74,15 @@
}
}
- $lang = "";
- if(array_key_exists("lang",$_REQUEST))
- $lang=mysql_escape_string(substr(trim($_REQUEST['lang']), 0, 5));
- if($lang != "")
- $_SESSION['_config']['language'] = $lang;
-
- //if($_SESSION['profile']['id'] == 1 && 1 == 2)
- // echo $_SESSION['_config']['language'];
-
- $_SESSION['_config']['translations'] = array(
- "ar_JO" => "&#1575;&#1604;&#1593;&#1585;&#1576;&#1610;&#1577;",
- "bg_BG" => "&#1041;&#1098;&#1083;&#1075;&#1072;&#1088;&#1089;&#1082;&#1080;",
- "cs_CZ" => "&#268;e&scaron;tina",
- "da_DK" => "Dansk",
- "de_DE" => "Deutsch",
- "el_GR" => "&Epsilon;&lambda;&lambda;&eta;&nu;&iota;&kappa;&#940;",
- "en_AU" => "English",
- "eo_EO" => "Esperanto",
- "es_ES" => "Espa&#xf1;ol",
- "fa_IR" => "Farsi",
- "fi_FI" => "Suomi",
- "fr_FR" => "Fran&#xe7;ais",
- "he_IL" => "&#1506;&#1489;&#1512;&#1497;&#1514;",
- "hr_HR" => "Hrvatski",
- "hu_HU" => "Magyar",
- "is_IS" => "&Iacute;slenska",
- "it_IT" => "Italiano",
- "ja_JP" => "&#26085;&#26412;&#35486;",
- "ka_GE" => "Georgian",
- "nl_NL" => "Nederlands",
- "pl_PL" => "Polski",
- "pt_PT" => "Portugu&#xea;s",
- "pt_BR" => "Portugu&#xea;s Brasileiro",
- "ru_RU" => "&#x420;&#x443;&#x441;&#x441;&#x43a;&#x438;&#x439;",
- "ro_RO" => "Rom&acirc;n&#259;",
- "sv_SE" => "Svenska",
- "tr_TR" => "T&#xfc;rk&#xe7;e",
- "zh_CN" => "&#x4e2d;&#x6587;(&#x7b80;&#x4f53;)");
-
- $value=array();
-
- if(!(array_key_exists('language',$_SESSION['_config']) && $_SESSION['_config']['language'] != ""))
- {
- $bits = explode(",", strtolower(str_replace(" ", "", mysql_real_escape_string(array_key_exists('HTTP_ACCEPT_LANGUAGE',$_SERVER)?$_SERVER['HTTP_ACCEPT_LANGUAGE']:""))));
- foreach($bits as $lang)
- {
- $b = explode(";", $lang);
- if(count($b)>1 && substr($b[1], 0, 2) == "q=")
- $c = floatval(substr($b[1], 2));
- else
- $c = 1;
- $value["$c"] = trim($b[0]);
- }
-
- krsort($value);
-
- reset($value);
-
- foreach($value as $key => $val)
- {
- $val = substr(escapeshellarg($val), 1, -1);
- $short = substr($val, 0, 2);
- if($val == "en" || $short == "en")
- {
- $_SESSION['_config']['language'] = "en";
- break;
- }
- if(file_exists($_SESSION['_config']['filepath']."/locale/$val/LC_MESSAGES/messages.mo"))
- {
- $_SESSION['_config']['language'] = $val;
- break;
- }
- if(file_exists($_SESSION['_config']['filepath']."/locale/$short/LC_MESSAGES/messages.mo"))
- {
- $_SESSION['_config']['language'] = $short;
- break;
- }
- }
- }
- if(!array_key_exists('_config',$_SESSION) || !array_key_exists('language',$_SESSION['_config']) || strlen($_SESSION['_config']['language']) != 5)
- {
- $lang = array_key_exists('language',$_SESSION['_config'])?$_SESSION['_config']['language']:"";
- $_SESSION['_config']['language'] = "en_AU";
- foreach($_SESSION['_config']['translations'] as $key => $val)
- {
- if(substr($lang, 0, 2) == substr($key, 0, 2))
- {
- $_SESSION['_config']['language'] = $val;
- break;
- }
- }
- }
-
- $_SESSION['_config']['recode'] = "html..latin-1";
- if($_SESSION['_config']['language'] == "zh_CN")
- {
- $_SESSION['_config']['recode'] = "html..gb2312";
- } else if($_SESSION['_config']['language'] == "pl_PL" || $_SESSION['_config']['language'] == "hu_HU") {
- $_SESSION['_config']['recode'] = "html..ISO-8859-2";
- } else if($_SESSION['_config']['language'] == "ja_JP") {
- $_SESSION['_config']['recode'] = "html..SHIFT-JIS";
- } else if($_SESSION['_config']['language'] == "ru_RU") {
- $_SESSION['_config']['recode'] = "html..ISO-8859-5";
- } else if($_SESSION['_config']['language'] == "lt_LT") {
- $_SESSION['_config']['recode'] = "html..ISO-8859-13";
- }
-
- putenv("LANG=".$_SESSION['_config']['language']);
- setlocale(LC_ALL, $_SESSION['_config']['language']);
- $domain = 'messages';
- bindtextdomain($domain, $_SESSION['_config']['filepath']."/locale");
- textdomain($domain);
+ L10n::detect_language();
+ L10n::init_gettext();
- //if($_SESSION['profile']['id'] == -1)
- // echo $_SESSION['_config']['language']." - ".$_SESSION['_config']['filepath']."/locale";
-
-
- if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0)
+ if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0)
{
- $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'"));
+ $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
if($locked['locked'] == 0)
{
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
@@ -248,8 +139,7 @@
}
}
- function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
- {
+ function checkpwlight($pwd) {
$points = 0;
if(strlen($pwd) > 15)
@@ -280,6 +170,18 @@
//echo "Points due to length and charset: $points<br/>";
+ // check for historical password proposal
+ if ($pwd === "Fr3d Sm|7h") {
+ return 0;
+ }
+
+ return $points;
+ }
+
+ function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
+ {
+ $points = checkpwlight($pwd);
+
if(@strstr(strtolower($pwd), strtolower($email)))
$points--;
@@ -316,7 +218,8 @@
//echo "Points due to name matches: $points<br/>";
- $do = `grep '$pwd' /usr/share/dict/american-english`;
+ $shellpwd = escapeshellarg($pwd);
+ $do = shell_exec("grep -F -- $shellpwd /usr/share/dict/american-english");
if($do)
$points--;
@@ -329,7 +232,7 @@
{
$bits = explode(": ", $_SESSION['_config']['subject'], 2);
$bits = str_replace(", ", "|", str_replace("/", "|", array_key_exists('1',$bits)?$bits['1']:""));
- $bits = explode("|", $bits);
+ $bits = explode("|", $bits);
$_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0;
$_SESSION['_config']['OU'] = "";
@@ -384,7 +287,7 @@
$dom = $bits[$i];
$_SESSION['_config']['row'] = "";
$dom = mysql_real_escape_string($dom);
- $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
+ $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -395,8 +298,14 @@
}
}
- if($cnok == 0)
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) {
+ $cnok = 0;
+ }
+
+ if($cnok == 0) {
$_SESSION['_config']['rejected'][] = $CN;
+ continue;
+ }
if($_SESSION['_config']['row'] != "")
$rows[] = $CN;
@@ -436,7 +345,7 @@
$dom = $bits[$i];
$_SESSION['_config']['altrow'] = "";
$dom = mysql_real_escape_string($dom);
- $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
+ $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -447,8 +356,14 @@
}
}
- if($altok == 0)
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $alt)) {
+ $altok = 0;
+ }
+
+ if($altok == 0) {
$_SESSION['_config']['rejected'][] = $alt;
+ continue;
+ }
if($_SESSION['_config']['altrow'] != "")
$altrows[] = $subalt;
@@ -475,7 +390,7 @@
$_SESSION['_config']['row'] = "";
$dom = mysql_real_escape_string($dom);
$query = "select *, `orginfo`.`id` as `id` from `orginfo`,`orgdomains`,`org` where
- `org`.`memid`='".$_SESSION['profile']['id']."' and
+ `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
@@ -488,6 +403,10 @@
}
}
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) {
+ continue;
+ }
+
if($_SESSION['_config']['row'] != "")
$rows[] = $CN;
}
@@ -523,7 +442,7 @@
$_SESSION['_config']['altrow'] = "";
$dom = mysql_real_escape_string($dom);
$query = "select * from `orginfo`,`orgdomains`,`org` where
- `org`.`memid`='".$_SESSION['profile']['id']."' and
+ `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orginfo`.`id` and
`orgdomains`.`orgid`=`orginfo`.`id` and
`orgdomains`.`domain`='$dom'";
@@ -536,6 +455,10 @@
}
}
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $alt)) {
+ continue;
+ }
+
if($_SESSION['_config']['altrow'] != "")
$altrows[] = $subalt;
}
@@ -555,7 +478,7 @@
$dom = $bits[$i];
$dom = mysql_real_escape_string($dom);
$query = "select * from `org`,`orgdomains`,`orginfo`
- where `org`.`memid`='".$_SESSION['profile']['id']."'
+ where `org`.`memid`='".intval($_SESSION['profile']['id'])."'
and `orgdomains`.`orgid`=`org`.`orgid`
and `orginfo`.`id`=`org`.`orgid`
and `orgdomains`.`domain`='$dom'";
@@ -574,12 +497,12 @@
if($id <= 0)
$id = $_SESSION['profile']['id'];
- $query = "select sum(`points`) as `points` from `notary` where `to`='$id' group by `to`";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='$id' and `deleted` = 0 group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
$dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-18));
- $query = "select * from `users` where `id`='".$_SESSION['profile']['id']."' and `dob` < '$dob'";
+ $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `dob` < '$dob'";
if(mysql_num_rows(mysql_query($query)) < 1)
{
if($points >= 100)
@@ -588,10 +511,6 @@
return(0);
}
- if($points >= 300)
- return(200);
- if($points >= 200)
- return(150);
if($points >= 150)
return(35);
if($points >= 140)
@@ -607,7 +526,7 @@
return(0);
}
- function hex2bin($data)
+ function gpg_hex2bin($data)
{
while(strstr($data, "\\x"))
{
@@ -620,14 +539,6 @@
return(utf8_decode($data));
}
- function screenshot($img)
- {
- if(file_exists("../screenshots/".$_SESSION['_config']['language']."/$img"))
- return("/screenshots/".$_SESSION['_config']['language']."/$img");
- else
- return("/screenshots/en/$img");
- }
-
function signmail($to, $subject, $message, $from, $replyto = "")
{
if($replyto == "")
@@ -636,7 +547,8 @@
$fp = fopen($tmpfname, "w");
fputs($fp, $message);
fclose($fp);
- $do = `/usr/bin/gpg --homedir /home/gpg --clearsign "$tmpfname"|/usr/sbin/sendmail "$to"`;
+ $to_esc = escapeshellarg($to);
+ $do = shell_exec("/usr/bin/gpg --homedir /home/gpg --clearsign \"$tmpfname\"|/usr/sbin/sendmail ".$to_esc);
@unlink($tmpfname);
}
@@ -645,47 +557,117 @@
$myemail = mysql_real_escape_string($email);
if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
{
- list($username,$domain)=split('@',$email);
- $dom = escapeshellarg($domain);
- $line = trim(`dig +short MX $dom 2>&1`);
-#echo $email."-$dom-$line-\n";
-#echo `dig +short mx heise.de 2>&1`."-<br>\n";
-
- $list = explode("\n", $line);
- foreach($list as $row)
- list($pri, $mxhosts[]) = explode(" ", substr(trim($row), 0, -1));
- $mxhosts[] = $domain;
-#print_r($mxhosts); die;
+ list($username,$domain)=explode('@',$email,2);
+ $mxhostrr = array();
+ $mxweight = array();
+ if( !getmxrr($domain, $mxhostrr, $mxweight) ) {
+ $mxhostrr = array($domain);
+ $mxweight = array(0);
+ } else if ( empty($mxhostrr) ) {
+ $mxhostrr = array($domain);
+ $mxweight = array(0);
+ }
+
+ $mxhostprio = array();
+ for($i = 0; $i < count($mxhostrr); $i++) {
+ $mx_host = trim($mxhostrr[$i], '.');
+ $mx_prio = $mxweight[$i];
+ if(empty($mxhostprio[$mx_prio])) {
+ $mxhostprio[$mx_prio] = array();
+ }
+ $mxhostprio[$mx_prio][] = $mx_host;
+ }
+
+ array_walk($mxhostprio, function(&$mx) { shuffle($mx); } );
+ ksort($mxhostprio);
+
+ $mxhosts = array();
+ foreach($mxhostprio as $mx_prio => $mxhostnames) {
+ foreach($mxhostnames as $mx_host) {
+ $mxhosts[] = $mx_host;
+ }
+ }
+
foreach($mxhosts as $key => $domain)
{
- $fp = @fsockopen($domain,25,$errno,$errstr,5);
+ $fp_opt = array(
+ 'ssl' => array(
+ 'verify_peer' => false, // Opportunistic Encryption
+ 'verify_peer_name' => false, // Opportunistic Encryption
+ )
+ );
+ $fp_ctx = stream_context_create($fp_opt);
+ $fp = @stream_socket_client("tcp://$domain:25",$errno,$errstr,5,STREAM_CLIENT_CONNECT,$fp_ctx);
if($fp)
{
-
- $line = fgets($fp, 4096);
- while(substr($line, 0, 4) == "220-")
- $line = fgets($fp, 4096);
- if(substr($line, 0, 3) != "220")
+ stream_set_blocking($fp, true);
+
+ $has_starttls = false;
+
+ do {
+ $line = fgets($fp, 4096);
+ } while(substr($line, 0, 4) == "220-");
+ if(substr($line, 0, 3) != "220") {
+ fclose($fp);
+ continue;
+ }
+
+ fputs($fp, "EHLO www.cacert.org\r\n");
+ do {
+ $line = fgets($fp, 4096);
+ $has_starttls |= substr(trim($line),4) == "STARTTLS";
+ } while(substr($line, 0, 4) == "250-");
+ if(substr($line, 0, 3) != "250") {
+ fclose($fp);
continue;
- fputs($fp, "HELO hlin.cacert.org\r\n");
- $line = fgets($fp, 4096);
- while(substr($line, 0, 3) == "220")
+ }
+
+ if($has_starttls) {
+ fputs($fp, "STARTTLS\r\n");
+ do {
+ $line = fgets($fp, 4096);
+ } while(substr($line, 0, 4) == "220-");
+ if(substr($line, 0, 3) != "220") {
+ fclose($fp);
+ continue;
+ }
+
+ stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
+
+ fputs($fp, "EHLO www.cacert.org\r\n");
+ do {
+ $line = fgets($fp, 4096);
+ } while(substr($line, 0, 4) == "250-");
+ if(substr($line, 0, 3) != "250") {
+ fclose($fp);
+ continue;
+ }
+ }
+
+ fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
+ do {
$line = fgets($fp, 4096);
- if(substr($line, 0, 3) != "250")
+ } while(substr($line, 0, 4) == "250-");
+ if(substr($line, 0, 3) != "250") {
+ fclose($fp);
continue;
- fputs($fp, "MAIL FROM: <returns@cacert.org>\r\n");
- $line = fgets($fp, 4096);
+ }
- if(substr($line, 0, 3) != "250")
+ fputs($fp, "RCPT TO:<$email>\r\n");
+ do {
+ $line = fgets($fp, 4096);
+ } while(substr($line, 0, 4) == "250-");
+ if(substr($line, 0, 3) != "250") {
+ fclose($fp);
continue;
- fputs($fp, "RCPT TO: <$email>\r\n");
- $line = trim(fgets($fp, 4096));
+ }
+
fputs($fp, "QUIT\r\n");
fclose($fp);
$line = mysql_real_escape_string(trim(strip_tags($line)));
$query = "insert into `pinglog` set `when`=NOW(), `email`='$myemail', `result`='$line'";
- if(is_array($_SESSION['profile'])) $query.=", `uid`='".$_SESSION['profile']['id']."'";
+ if(is_array($_SESSION['profile'])) $query.=", `uid`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
if(substr($line, 0, 3) != "250")
@@ -695,7 +677,7 @@
}
}
}
- $query = "insert into `pinglog` set `when`=NOW(), `uid`='".$_SESSION['profile']['id']."',
+ $query = "insert into `pinglog` set `when`=NOW(), `uid`='".intval($_SESSION['profile']['id'])."',
`email`='$myemail', `result`='Failed to make a connection to the mail server'";
mysql_query($query);
return _("Failed to make a connection to the mail server");
@@ -766,9 +748,9 @@
return $ticket;
}
- function sanitizeHTML($input)
+ function sanitizeHTML($input)
{
- return htmlentities(strip_tags($input), ENT_QUOTES);
+ return htmlentities(strip_tags($input), ENT_QUOTES, 'ISO-8859-1');
//In case of problems, please use the following line again:
//return htmlentities(strip_tags(utf8_decode($input)), ENT_QUOTES);
//return htmlspecialchars(strip_tags($input));
@@ -826,6 +808,10 @@
$newcsr = str_replace("\n\n","\n",$newcsr);
return(preg_replace("/[^A-Za-z0-9\n\r\-\:\=\+\/ ]/","",$newcsr));
}
+ function clean_gpgcsr($CSR)
+ {
+ return(preg_replace("/[^A-Za-z0-9\n\r\-\:\=\+\/ ]/","",trim($CSR)));
+ }
function sanitizeFilename($text)
{
@@ -833,50 +819,7 @@
return($text);
}
- function fix_assurer_flag($userID)
- {
- // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)?
- $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID).
- '\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'.
- ' AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100'); // Challenge has been passed and non-expired points >= 100
-
- // Reset flag if requirements are not met
- $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE `u`.`id` = \''.(int)intval($userID).
- '\' AND (NOT EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'.
- ' OR (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `n`.`expire` < now()) < 100)');
- }
-
- // returns 0 if $userID is an Assurer
- // Otherwise :
- // Bit 0 is always set
- // Bit 1 is set if 100 Assurance Points are not reached
- // Bit 2 is set if Assurer Test is missing
- // Bit 3 is set if the user is not allowed to be an Assurer (assurer_blocked > 0)
- function get_assurer_status($userID)
- {
- $Result = 0;
- $query = mysql_query('SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '.
- ' WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = \''.(int)intval($userID).'\'');
- if(mysql_num_rows($query) < 1)
- {
- $Result |= 5;
- }
-
- $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now()');
- $row = mysql_fetch_assoc($query);
- if ($row['points'] < 100) {
- $Result |= 3;
- }
-
- $query = mysql_query('SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\'');
- $row = mysql_fetch_assoc($query);
- if ($row['assurer_blocked'] > 0) {
- $Result |= 9;
- }
-
- return $Result;
- }
-
+
// returns text message to be shown to the user given the result of is_no_assurer
function no_assurer_text($Status)
{
@@ -916,10 +859,13 @@
if($newlayout)
{
$name="../$type/$kind/".intval($id/1000)."/$kind-".intval($id).".$type";
- mkdir("../csr/$kind",0777);
- mkdir("../crt/$kind",0777);
- mkdir("../csr/$kind/".intval($id/1000));
- mkdir("../crt/$kind/".intval($id/1000));
+ if (!is_dir("../csr")) { mkdir("../csr",0777); }
+ if (!is_dir("../crt")) { mkdir("../crt",0777); }
+
+ if (!is_dir("../csr/$kind")) { mkdir("../csr/$kind",0777); }
+ if (!is_dir("../crt/$kind")) { mkdir("../crt/$kind",0777); }
+ if (!is_dir("../csr/$kind/".intval($id/1000))) { mkdir("../csr/$kind/".intval($id/1000)); }
+ if (!is_dir("../crt/$kind/".intval($id/1000))) { mkdir("../crt/$kind/".intval($id/1000)); }
}
return $name;
}
@@ -942,4 +888,5 @@
return $res;
}
+
?>
diff --git a/includes/general_stuff.php b/includes/general_stuff.php
index 48d469d..10c4e0a 100644
--- a/includes/general_stuff.php
+++ b/includes/general_stuff.php
@@ -16,6 +16,8 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
+
if(!function_exists("showheader"))
{
function showbodycontent($title = "CAcert.org", $title2 = "")
@@ -36,7 +38,7 @@ google_color_text = "000000";
google_color_border = "FFFFFF";
//-->
</script>
-<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script><? } else {
+<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script><? } else {
?><h2><?=_("Free digital certificates!")?></h2><? } ?></div>
</div>
<div id="pageNav">
@@ -45,22 +47,22 @@ google_color_border = "FFFFFF";
<? if(array_key_exists('mconn',$_SESSION) && $_SESSION['mconn']) { ?>
<a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=1"><?=_("Join")?></a>
<? } ?>
- <a href="/policy/CAcertCommunityAgreement.php"><?=_("Community Agreement")?></a>
- <a href="index.php?id=3"><?=_("Root Certificate")?></a>
+ <a href="/policy/CAcertCommunityAgreement.html"><?=_("Community Agreement")?></a>
+ <a href="/index.php?id=3"><?=_("Root Certificate")?></a>
</div>
<? if(array_key_exists('mconn',$_SESSION) && $_SESSION['mconn']) { ?>
<div class="relatedLinks">
<h3 class="pointer"><?=_("My Account")?></h3>
- <a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4"><?=_("Password Login")?></a>
+ <a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4"><?=_("Password Login")?></a>
<a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=5"><?=_("Lost Password")?></a>
- <a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4&amp;noauto=1"><?=_("Net Cafe Login")?></a>
+ <a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4&amp;noauto=1"><?=_("Net Cafe Login")?></a>
<a href="https://<?=$_SESSION['_config']['securehostname']?>/index.php?id=4"><?=_("Certificate Login")?></a>
</div>
<? } ?>
<? include("about_menu.php"); ?>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('trans')">+ <?=_("Translations")?></h3>
- <ul class="menu" id="trans"><? foreach($_SESSION['_config']['translations'] as $key => $val) { ?><li><a href="<?=$_SERVER['SCRIPT_NAME']?>?id=<?=intval(array_key_exists('id',$_REQUEST)?$_REQUEST['id']:0)?>&amp;lang=<?=$key?>"><?=$val?></a></li><? } ?></ul>
+ <ul class="menu" id="trans"><? foreach(L10n::$translations as $key => $val) { ?><li><a href="<?=$_SERVER['SCRIPT_NAME']?>?id=<?=intval(array_key_exists('id',$_REQUEST)?$_REQUEST['id']:0)?>&amp;lang=<?=$key?>"><?=$val?></a></li><? } ?></ul>
</div>
<? if(array_key_exists('mconn',$_SESSION) && $_SESSION['mconn']) { ?>
<div class="relatedLinks">
@@ -131,20 +133,12 @@ if(!function_exists("showfooter"))
</div>
<? include("sponsorinfo.php") ?>
<div id="siteInfo">
-<? if(!array_key_exists('HTTPS',$_SERVER) || !$_SERVER["HTTPS"]) { ?><!--ONESTAT SCRIPTCODE START-->
-<script type="text/javascript" src="onestat.js"></script>
-<noscript>
-<a href="http://www.onestat.com/asp/login.asp?sid=164863">
-<img src="http://stat.onestat.com/asp/stat.asp?tagver=1&amp;sid=164863&amp;js=no&amp;" alt="this site tracked by onestat.com" />
-</a>
-</noscript>
-<!--ONESTAT SCRIPTCODE END--><? } ?>
- <a href="index.php?id=12"><?=_("About Us")?></a> | <a href="index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
- <a href="index.php?id=10"><?=_("Privacy Policy")?></a> |
- <a href="index.php?id=51"><?=_("Mission Statement")?></a> | <a href="index.php?id=11"><?=_("Contact Us")?></a> |
+ <a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
+ <a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> |
+ <a href="/index.php?id=51"><?=_("Mission Statement")?></a> | <a href="/index.php?id=11"><?=_("Contact Us")?></a> |
&copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
-</div>
-</body>
+</div>
+</body>
</html><?
}
}
diff --git a/includes/keygen.php b/includes/keygen.php
new file mode 100644
index 0000000..15dee8a
--- /dev/null
+++ b/includes/keygen.php
@@ -0,0 +1,128 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
+
+ <noscript>
+ <p><?=_('You have to enable JavaScript to generate certificates in the browser.')?></p>
+ <p><?=_('If you don\'t want to do that for any reason, you can use '.
+ 'manually created certificate requests instead.')?></p>
+ </noscript>
+
+ <div id="noActiveX" style="color:red">
+ <p><?=_('Could not initialize ActiveX object required for certificate generation.')?></p>
+ <p><?=_('You have to enable ActiveX for this to work. On Windows Vista, Windows 7 and '.
+ 'later versions you have to add this website to the list of trusted sites '.
+ 'in the internet settings.')?></p>
+ <p><?php
+ printf(_('Go to "Extras -> Internet Options -> Security -> Trusted '.
+ 'Websites", click on "Custom Level", set "ActiveX control '.
+ 'elements that are not marked as safe initialized on start in '.
+ 'scripts" to "Confirm" and click "OK". Now click "Sites", add '.
+ '"%s" and "%s" to your list of trusted sites and make the '.
+ 'changes come into effect by clicking "Close" and "OK".'),
+ 'https://'.$_SESSION['_config']['normalhostname'],
+ 'https://'.$_SESSION['_config']['securehostname'])?>
+ </p>
+ </div>
+
+ <form method="post" style="display:none" action="account.php"
+ id="CertReqForm">
+ <input type="hidden" name="oldid" value="<?=intval($id)?>" />
+ <input type="hidden" id="CSR" name="CSR" />
+ <input type="hidden" name="keytype" value="MS" />
+
+ <p><?=_('Security level')?>:
+ <select id="SecurityLevel">
+ <option value="high" selected="selected"><?=_('High')?></option>
+ <option value="medium"><?=_('Medium')?></option>
+ <option value="custom"><?=_('Custom')?>&hellip;</option>
+ </select>
+ </p>
+
+ <fieldset id="customSettings" style="display:none">
+ <legend><?=_('Custom Parameters')?></legend>
+
+ <p><?=_('Cryptography Provider')?>:
+ <select id="CspProvider"></select>
+ </p>
+ <p><?=_('Algorithm')?>: <select id="algorithm"></select></p>
+ <p><?=_('Keysize')?>:
+ <input id="keySize" type="number" />
+ <?=_('Minimum Size')?>: <span id="keySizeMin"></span>,
+ <?=_('Maximum Size')?>: <span id="keySizeMax"></span>,
+ <?php
+ // TRANSLATORS: this specifies the step between two valid key
+ // sizes. E.g. if the step is 512 and the minimum is 1024 and
+ // the maximum is 2048, then only 1024, 1536 and 2048 bits may
+ // be specified as key size.
+ echo _('Step')?>: <span id="keySizeStep"></span></p>
+ <p style="color:red"><?php
+ printf(_('Please note that RSA key sizes smaller than %d bit '.
+ 'will not be accepted by CAcert.'),
+ 2048)?>
+ </p>
+ </fieldset>
+
+ <p><input type="submit" id="GenReq" name="GenReq" value="<?=_('Create Certificate')?>" /></p>
+ <p id="generatingKeyNotice" style="display:none">
+ <?=_('Generating your key. Please wait')?>&hellip;</p>
+ </form>
+
+ <!-- Error messages used in the JavaScript. Defined here so they can be
+ translated without passing the JavaScript code through PHP -->
+ <p id="createRequestErrorChooseAlgorithm" style="display:none">
+ <?=_('Could not generate certificate request. Probably you need to '.
+ 'choose a different algorithm.')?>
+ </p>
+ <p id="createRequestErrorConfirmDialogue" style="display:none">
+ <?=_('Could not generate certificate request. Please confirm the '.
+ 'dialogue if you are asked if you want to generate the key.')?>
+ </p>
+ <p id="createRequestErrorConnectDevice" style="display:none">
+ <?=_('Could not generate certificate request. Please make sure the '.
+ 'cryptography device (e.g. the smartcard) is connected.')?>
+ </p>
+ <p id="createRequestError" style="display:none">
+ <?=_('Could not generate certificate request.')?>
+ </p>
+ <p id="invalidKeySizeError" style="display:none">
+ <?=_('You have specified an invalid key size')?>
+ </p>
+ <p id="unsupportedPlatformError" style="display:none">
+ <?=_('Could not initialize the cryptographic module for your '.
+ 'platform. Currently we support Microsoft Windows XP, Vista '.
+ 'and 7. If you\'re using one of these platforms and see this '.
+ 'error message anyway you might have to enable ActiveX as '.
+ 'described in the red explanation text and accept loading of '.
+ 'the module.')?>
+ </p>
+
+ <script type="text/javascript" src="keygenIE.js"></script>
+
+<? } else { ?>
+ <p>
+ <form method="post" action="account.php">
+ <input type="hidden" name="keytype" value="NS">
+ <?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
+
+ <input type="submit" name="submit" value="<?=_("Generate key pair within browser")?>">
+ <input type="hidden" name="oldid" value="<?=intval($id)?>">
+ </form>
+ </p>
+<? }
diff --git a/includes/lib/account.php b/includes/lib/account.php
new file mode 100644
index 0000000..dd8afd3
--- /dev/null
+++ b/includes/lib/account.php
@@ -0,0 +1,150 @@
+<?php
+/*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+/**
+ * Function to recalculate the cached Assurer status
+ *
+ * @param int $userID
+ * if the user ID is not given the flag will be recalculated for all users
+ *
+ * @return bool
+ * false if there was an error on fixing the flag. This does NOT return the
+ * new value of the flag
+ */
+function fix_assurer_flag($userID = NULL)
+{
+ // Update Assurer-Flag on users table if 100 points and CATS passed.
+ //
+ // We may have some performance issues here if no userID is given
+ // there are ~150k assurances and ~220k users currently
+ // but the exists-clause on cats_passed should be a good filter
+ $sql = '
+ UPDATE `users` AS `u` SET `assurer` = 1
+ WHERE '.(
+ ($userID === NULL) ?
+ '`u`.`assurer` = 0' :
+ '`u`.`id` = \''.intval($userID).'\''
+ ).'
+ AND EXISTS(
+ SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv`
+ WHERE `cp`.`variant_id` = `cv`.`id`
+ AND `cv`.`type_id` = 1
+ AND `cp`.`user_id` = `u`.`id`
+ )
+ AND (
+ SELECT SUM(`points`) FROM `notary` AS `n`
+ WHERE `n`.`to` = `u`.`id`
+ AND (`n`.`expire` > now()
+ OR `n`.`expire` IS NULL)
+ AND `n`.`deleted` = 0
+ ) >= 100';
+
+ $query = mysql_query($sql);
+ if (!$query) {
+ return false;
+ }
+ // Challenge has been passed and non-expired points >= 100
+
+ // Reset flag if requirements are not met
+ //
+ // Also a bit performance critical but assurer flag is only set on
+ // ~5k accounts
+ $sql = '
+ UPDATE `users` AS `u` SET `assurer` = 0
+ WHERE '.(
+ ($userID === NULL) ?
+ '`u`.`assurer` <> 0' :
+ '`u`.`id` = \''.intval($userID).'\''
+ ).'
+ AND (
+ NOT EXISTS(
+ SELECT 1 FROM `cats_passed` AS `cp`,
+ `cats_variant` AS `cv`
+ WHERE `cp`.`variant_id` = `cv`.`id`
+ AND `cv`.`type_id` = 1
+ AND `cp`.`user_id` = `u`.`id`
+ )
+ OR (
+ SELECT SUM(`points`) FROM `notary` AS `n`
+ WHERE `n`.`to` = `u`.`id`
+ AND (
+ `n`.`expire` > now()
+ OR `n`.`expire` IS NULL
+ )
+ AND `n`.`deleted` = 0
+ ) < 100
+ )';
+
+ $query = mysql_query($sql);
+ if (!$query) {
+ return false;
+ }
+
+ return true;
+}
+
+/**
+ * Supported hash algorithms for signing certificates
+ */
+class HashAlgorithms {
+ /**
+ * Default hash algorithm identifier for signing
+ * @var string
+ */
+ public static $default = 'sha256';
+
+ /**
+ * Get display strings for the supported hash algorithms
+ * @return array(string=>array('name'=>string, 'info'=>string))
+ * - [$hash_identifier]['name'] = Name that should be displayed in UI
+ * - [$hash_identifier]['info'] = Additional information that can help
+ * with the selection of a suitable algorithm
+ */
+ public static function getInfo() {
+ return array(
+ 'sha256' => array(
+ 'name' => 'SHA-256',
+ 'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),
+ ),
+ 'sha384' => array(
+ 'name' => 'SHA-384',
+ 'info' => '',
+ ),
+ 'sha512' => array(
+ 'name' => 'SHA-512',
+ 'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),
+ ),
+ );
+ }
+
+ /**
+ * Check if the input is a supported hash algorithm identifier otherwise
+ * return the identifier of the default hash algorithm
+ *
+ * @param string $hash_identifier
+ * @return string The cleaned identifier
+ */
+ public static function clean($hash_identifier) {
+ if (array_key_exists($hash_identifier, self::getInfo() )) {
+ return $hash_identifier;
+ } else {
+ return self::$default;
+ }
+ }
+}
diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php
new file mode 100644
index 0000000..dd4f3a5
--- /dev/null
+++ b/includes/lib/check_weak_key.php
@@ -0,0 +1,389 @@
+<?php /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+// failWithId()
+require_once 'general.php';
+
+
+/**
+* Checks whether the given CSR contains a vulnerable key
+*
+* @param $csr string
+* The CSR to be checked
+* @param $encoding string [optional]
+* The encoding the CSR is in (for the "-inform" parameter of OpenSSL,
+* currently only "PEM" (default) or "DER" allowed)
+* @return string containing the reason if the key is considered weak,
+* empty string otherwise
+*/
+function checkWeakKeyCSR($csr, $encoding = "PEM")
+{
+ $encoding = escapeshellarg($encoding);
+ $status = runCommand("openssl req -inform $encoding -text -noout",
+ $csr, $csrText);
+ if ($status === true) {
+ return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
+ }
+
+ if ($status !== 0 || $csrText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit ".
+ "the back button and try again.");
+ }
+
+ return checkWeakKeyText($csrText);
+}
+
+/**
+ * Checks whether the given X509 certificate contains a vulnerable key
+ *
+ * @param $cert string
+ * The X509 certificate to be checked
+ * @param $encoding string [optional]
+ * The encoding the certificate is in (for the "-inform" parameter of
+ * OpenSSL, currently only "PEM" (default), "DER" or "NET" allowed)
+ * @return string containing the reason if the key is considered weak,
+ * empty string otherwise
+ */
+function checkWeakKeyX509($cert, $encoding = "PEM")
+{
+ $encoding = escapeshellarg($encoding);
+ $status = runCommand("openssl x509 -inform $encoding -text -noout",
+ $cert, $certText);
+ if ($status === true) {
+ return failWithId("checkWeakKeyX509(): Failed to start OpenSSL");
+ }
+
+ if ($status !== 0 || $certText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit ".
+ "the back button and try again.");
+ }
+
+ return checkWeakKeyText($certText);
+}
+
+/**
+ * Checks whether the given SPKAC contains a vulnerable key
+ *
+ * @param $spkac string
+ * The SPKAC to be checked
+ * @param $spkacname string [optional]
+ * The name of the variable that contains the SPKAC. The default is
+ * "SPKAC"
+ * @return string containing the reason if the key is considered weak,
+ * empty string otherwise
+ */
+function checkWeakKeySPKAC($spkac, $spkacname = "SPKAC")
+{
+ $spkacname = escapeshellarg($spkacname);
+ $status = runCommand("openssl spkac -spkac $spkacname", $spkac, $spkacText);
+ if ($status === true) {
+ return failWithId("checkWeakKeySPKAC(): Failed to start OpenSSL");
+ }
+
+ if ($status !== 0 || $spkacText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit the ".
+ "back button and try again.");
+ }
+
+ return checkWeakKeyText($spkacText);
+}
+
+/**
+ * Checks whether the given text representation of a CSR or a SPKAC contains
+ * a weak key
+ *
+ * @param $text string
+ * The text representation of a key as output by the
+ * "openssl <foo> -text -noout" commands
+ * @return string containing the reason if the key is considered weak,
+ * empty string otherwise
+ */
+function checkWeakKeyText($text)
+{
+ /* Which public key algorithm? */
+ if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text,
+ $algorithm))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't extract the ".
+ "public key algorithm used.\nData:\n$text");
+ } else {
+ $algorithm = $algorithm[1];
+ }
+
+
+ if ($algorithm === "rsaEncryption")
+ {
+ if (!preg_match('/^\s*Public-Key: \((\d+) bit\)$/m', $text, $keysize))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
+ "key size.\nData:\n$text");
+ } else {
+ $keysize = intval($keysize[1]);
+ }
+
+ if ($keysize < 2048)
+ {
+ return sprintf(_("The keys that you use are very small ".
+ "and therefore insecure. Please generate stronger ".
+ "keys. More information about this issue can be ".
+ "found in %sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
+ "</a>");
+ }
+
+ $debianVuln = checkDebianVulnerability($text, $keysize);
+ if ($debianVuln === true)
+ {
+ return sprintf(_("The keys you use have very likely been ".
+ "generated with a vulnerable version of OpenSSL which ".
+ "was distributed by debian. Please generate new keys. ".
+ "More information about this issue can be found in ".
+ "%sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#DebianVulnerability'>",
+ "</a>");
+ } elseif ($debianVuln === false) {
+ // not vulnerable => do nothing
+ } else {
+ return failWithId("checkWeakKeyText(): Something went wrong in".
+ "checkDebianVulnerability().\nKeysize: $keysize\n".
+ "Data:\n$text");
+ }
+
+ if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text,
+ $exponent))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
+ "exponent.\nData:\n$text");
+ } else {
+ $exponent = $exponent[1]; // exponent might be very big =>
+ //handle as string using bc*()
+
+ if (bccomp($exponent, "65537") < 0)
+ {
+ return sprintf(_("The keys you use might be insecure. ".
+ "Although there is currently no known attack for ".
+ "reasonable encryption schemes, we're being ".
+ "cautious and don't allow certificates for such ".
+ "keys. Please generate stronger keys. More ".
+ "information about this issue can be found in ".
+ "%sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>",
+ "</a>");
+ } elseif (!(bccomp($exponent, "65537") >= 0 &&
+ (bccomp($exponent, "100000") === -1 ||
+ // speed things up if way smaller than 2^256
+ bccomp($exponent, bcpow("2", "256")) === -1) )) {
+ // 65537 <= exponent < 2^256 recommended by NIST
+ // not critical but log so we have some statistics about
+ // affected users
+ trigger_error("checkWeakKeyText(): Certificate for ".
+ "unsuitable exponent '$exponent' requested",
+ E_USER_NOTICE);
+ }
+ }
+
+ // No weakness found
+ return "";
+ } // End RSA
+
+/*
+//Fails to work due to outdated OpenSSL 0.9.8o
+//For this to work OpenSSL 1.0.1f or newer is required
+//which is currently unavailable on the systems
+//If DSA2048 or longer is used the CSR hangs pending on the signer.
+ if ($algorithm === "dsaEncryption")
+ {
+ if (!preg_match('/^\s*Public Key Algorithm:\s+dsaEncryption\s+pub:\s+([0-9a-fA-F:\s]+)\s+P:\s+([0-9a-fA-F:\s]+)\s+Q:\s+([0-9a-fA-F:\s]+)\s+G:\s+([0-9a-fA-F:\s]+)\s+$/sm', $text, $keydetail))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't parse the DSA ".
+ "key size.\nData:\n$text");
+ }
+
+ $key_pub = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[1]), "ABCDEF", "abcdef");
+ $key_P = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[2]), "ABCDEF", "abcdef");
+ $key_Q = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[3]), "ABCDEF", "abcdef");
+ $key_G = strtr(preg_replace("/[^0-9a-fA-F]/", "", $keydetail[4]), "ABCDEF", "abcdef");
+
+ //Verify the numbers provided by the client
+ $num_pub = @gmp_init($key_pub, 16);
+ $num_P = @gmp_init($key_P, 16);
+ $num_Q = @gmp_init($key_Q, 16);
+ $num_G = @gmp_init($key_G, 16);
+
+ $bit_P = ltrim(gmp_strval($num_P, 2), "0");
+ $keysize = strlen($bit_P);
+
+ if ($keysize < 2048) {
+ return sprintf(_("The keys that you use are very small ".
+ "and therefore insecure. Please generate stronger ".
+ "keys. More information about this issue can be ".
+ "found in %sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
+ "</a>");
+ }
+
+ //Following checks based on description of key generation in Wikipedia
+ //These checks do not ensure a strong key, but at least check for enough sanity in the key material
+ // cf. https://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Key_generation
+
+ //Check that P is prime
+ if(!gmp_testprime($num_P)) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to have a non-prime public modulus.\nData:\n$text");
+ }
+
+ //Check that Q is prime
+ if(!gmp_testprime($num_Q)) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to have a non-prime Q-value.\nData:\n$text");
+ }
+
+ //Check if P-1 is diviseable by Q
+ if(0 !== gmp_cmp("1", gmp_mod($num_P, $num_Q))) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to have P mod Q === 1 (i.e. P-1 is not diviseable by Q).\nData:\n$text");
+ }
+
+ //Check the numbers are all less than the public modulus P
+ if(0 <= gmp_cmp($num_Q, $num_P) || 0 <= gmp_cmp($num_G, $num_P) || 0 <= gmp_cmp($num_pub, $num_P)) {
+ return failWithId("checkWeakKeyText(): The supplied DSA ".
+ "key does seem to be normalized to have Q < P, G < P and pub < P.\nData:\n$text");
+ }
+
+ // No weakness found
+ return "";
+ } // End DSA
+*/
+
+
+ return _("The keys you supplied use an unrecognized algorithm. ".
+ "For security reasons these keys can not be signed by CAcert.");
+}
+
+/**
+ * Reimplement the functionality of the openssl-vulnkey tool
+ *
+ * @param $text string
+ * The text representation of a key as output by the
+ * "openssl <foo> -text -noout" commands
+ * @param $keysize int [optional]
+ * If the key size is already known it can be provided so it doesn't
+ * have to be parsed again. This also skips the check whether the key
+ * is an RSA key => use wisely
+ * @return TRUE if key is vulnerable, FALSE otherwise, NULL in case of error
+ */
+function checkDebianVulnerability($text, $keysize = 0)
+{
+ $keysize = intval($keysize);
+
+ if ($keysize === 0)
+ {
+ /* Which public key algorithm? */
+ if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text,
+ $algorithm))
+ {
+ trigger_error("checkDebianVulnerability(): Couldn't extract ".
+ "the public key algorithm used.\nData:\n$text",
+ E_USER_WARNING);
+ return null;
+ } else {
+ $algorithm = $algorithm[1];
+ }
+
+ if ($algorithm !== "rsaEncryption") return false;
+
+ /* Extract public key size */
+ if (!preg_match('/^\s*Public-Key: \((\d+) bit\)$/m', $text,
+ $keysize))
+ {
+ trigger_error("checkDebianVulnerability(): Couldn't parse the ".
+ "RSA key size.\nData:\n$text", E_USER_WARNING);
+ return null;
+ } else {
+ $keysize = intval($keysize[1]);
+ }
+ }
+
+ // $keysize has been made sure to contain an int
+ $blacklist = "/usr/share/openssl-blacklist/blacklist.RSA-$keysize";
+ if (!(is_file($blacklist) && is_readable($blacklist)))
+ {
+ if (in_array($keysize, array(512, 1024, 2048, 4096)))
+ {
+ trigger_error("checkDebianVulnerability(): Blacklist for ".
+ "$keysize bit keys not accessible. Expected at ".
+ "$blacklist", E_USER_ERROR);
+ return null;
+ }
+
+ trigger_error("checkDebianVulnerability(): $blacklist is not ".
+ "readable. Unsupported key size?", E_USER_WARNING);
+ return false;
+ }
+
+
+ /* Extract RSA modulus */
+ if (!preg_match('/^\s*Modulus:\n'.
+ '((?:\s*[0-9a-f][0-9a-f]:(?:\n)?)+[0-9a-f][0-9a-f])$/m',
+ $text, $modulus))
+ {
+ trigger_error("checkDebianVulnerability(): Couldn't extract the ".
+ "RSA modulus.\nData:\n$text", E_USER_WARNING);
+ return null;
+ } else {
+ $modulus = $modulus[1];
+ // strip whitespace and colon leftovers
+ $modulus = str_replace(array(" ", "\t", "\n", ":"), "", $modulus);
+
+ // when using "openssl xxx -text" first byte was 00 in all my test
+ // cases but 00 not present in the "openssl xxx -modulus" output
+ if ($modulus[0] === "0" && $modulus[1] === "0")
+ {
+ $modulus = substr($modulus, 2);
+ } else {
+ trigger_error("checkDebianVulnerability(): First byte is not ".
+ "zero", E_USER_NOTICE);
+ }
+
+ $modulus = strtoupper($modulus);
+ }
+
+
+ /* calculate checksum and look it up in the blacklist */
+ $checksum = substr(sha1("Modulus=$modulus\n"), 20);
+
+ // $checksum and $blacklist should be safe, but just to make sure
+ $checksum = escapeshellarg($checksum);
+ $blacklist = escapeshellarg($blacklist);
+ $debianVuln = runCommand("grep $checksum $blacklist");
+ if ($debianVuln === 0) // grep returned something => it is on the list
+ {
+ return true;
+ } elseif ($debianVuln === 1) {
+ // grep returned nothing
+ return false;
+ } else {
+ trigger_error("checkDebianVulnerability(): Something went wrong ".
+ "when looking up the key with checksum $checksum in the ".
+ "blacklist $blacklist", E_USER_ERROR);
+ return null;
+ }
+
+ // Should not get here
+ return null;
+}
diff --git a/includes/lib/general.php b/includes/lib/general.php
new file mode 100644
index 0000000..127c6b7
--- /dev/null
+++ b/includes/lib/general.php
@@ -0,0 +1,162 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+/**
+ * Checks if the user may log in and retrieve the user id
+ *
+ * Usually called with $_SERVER['SSL_CLIENT_M_SERIAL'] and
+ * $_SERVER['SSL_CLIENT_I_DN_CN']
+ *
+ * @param $serial string
+ * usually $_SERVER['SSL_CLIENT_M_SERIAL']
+ * @param $issuer_cn string
+ * usually $_SERVER['SSL_CLIENT_I_DN_CN']
+ * @return int
+ * the user id, -1 in case of error
+ */
+function get_user_id_from_cert($serial, $issuer_cn)
+{
+ $query = "select `memid` from `emailcerts` where
+ `serial`='".mysql_escape_string($serial)."' and
+ `rootcert`= (select `id` from `root_certs` where
+ `Cert_Text`='".mysql_escape_string($issuer_cn)."') and
+ `revoked`=0 and disablelogin=0 and
+ UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ $row = mysql_fetch_assoc($res);
+ return intval($row['memid']);
+ }
+
+ return -1;
+}
+
+/**
+ * Produces a log entry with the error message with log level E_USER_WARN
+ * and a random ID an returns a message that can be displayed to the user
+ * including the generated ID
+ *
+ * @param $errormessage string
+ * The error message that should be logged
+ * @return string containing the generated ID that can be displayed to the
+ * user
+ */
+function failWithId($errormessage) {
+ $errorId = rand();
+ trigger_error("$errormessage. ID: $errorId", E_USER_WARNING);
+ return sprintf(_("Something went wrong when processing your request. ".
+ "Please contact %s for help and provide them with the ".
+ "following ID: %d"),
+ "<a href='mailto:support@cacert.org?subject=System%20Error%20-%20".
+ "ID%3A%20$errorId'>support@cacert.org</a>",
+ $errorId);
+}
+
+
+/**
+ * Runs a command on the shell and return it's exit code and output
+ *
+ * @param string $command
+ * The command to run. Make sure that you escapeshellarg() any non-constant
+ * parts as this is executed on a shell!
+ * @param string|bool $input
+ * The input that is passed to the command via STDIN, if true the real
+ * STDIN is passed through
+ * @param string|bool $output
+ * The output the command wrote to STDOUT (this is passed as reference),
+ * if true the output will be written to the real STDOUT. Output is ignored
+ * by default
+ * @param string|bool $errors
+ * The output the command wrote to STDERR (this is passed as reference),
+ * if true (default) the output will be written to the real STDERR
+ *
+ * @return int|bool
+ * The exit code of the command, true if the execution of the command
+ * failed (true because then
+ * <code>if (runCommand('echo "foo"')) handle_error();</code> will work)
+ */
+function runCommand($command, $input = "", &$output = null, &$errors = true) {
+ $descriptorspec = array();
+
+ if ($input !== true) {
+ $descriptorspec[0] = array("pipe", "r"); // STDIN for child
+ }
+
+ if ($output !== true) {
+ $descriptorspec[1] = array("pipe", "w"); // STDOUT for child
+ }
+
+ if ($errors !== true) {
+ $descriptorspec[2] = array("pipe", "w"); // STDERR for child
+ }
+
+ $proc = proc_open($command, $descriptorspec, $pipes);
+
+ if (is_resource($proc))
+ {
+ if ($input !== true) {
+ fwrite($pipes[0], $input);
+ fclose($pipes[0]);
+ }
+
+ if ($output !== true) {
+ $output = stream_get_contents($pipes[1]);
+ }
+
+ if ($errors !== true) {
+ $errors = stream_get_contents($pipes[2]);
+ }
+
+ return proc_close($proc);
+
+ } else {
+ return true;
+ }
+}
+
+ // returns 0 if $userID is an Assurer
+ // Otherwise :
+ // Bit 0 is always set
+ // Bit 1 is set if 100 Assurance Points are not reached
+ // Bit 2 is set if Assurer Test is missing
+ // Bit 3 is set if the user is not allowed to be an Assurer (assurer_blocked > 0)
+ function get_assurer_status($userID)
+ {
+ $Result = 0;
+ $query = mysql_query('SELECT * FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` '.
+ ' WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = \''.(int)intval($userID).'\'');
+ if(mysql_num_rows($query) < 1)
+ {
+ $Result |= 5;
+ }
+
+ $query = mysql_query('SELECT SUM(`points`) AS `points` FROM `notary` AS `n` WHERE `n`.`to` = \''.(int)intval($userID).'\' AND `n`.`expire` < now() and `deleted` = 0');
+ $row = mysql_fetch_assoc($query);
+ if ($row['points'] < 100) {
+ $Result |= 3;
+ }
+
+ $query = mysql_query('SELECT `assurer_blocked` FROM `users` WHERE `id` = \''.(int)intval($userID).'\'');
+ $row = mysql_fetch_assoc($query);
+ if ($row['assurer_blocked'] > 0) {
+ $Result |= 9;
+ }
+
+ return $Result;
+ }
diff --git a/includes/lib/l10n.php b/includes/lib/l10n.php
new file mode 100644
index 0000000..4859946
--- /dev/null
+++ b/includes/lib/l10n.php
@@ -0,0 +1,375 @@
+<?php /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+/**
+ * This class provides some functions for language handling
+ */
+class L10n {
+ /**
+ * These are tranlations we currently support.
+ *
+ * If another translation is added, it doesn't suffice to have gettext set
+ * up, you also need to add it here, because it acts as a white list.
+ *
+ * @var array("ISO-language code" => "native name of the language")
+ */
+ public static $translations = array(
+ "ar" => "&#1575;&#1604;&#1593;&#1585;&#1576;&#1610;&#1577;",
+ "bg" => "&#1041;&#1098;&#1083;&#1075;&#1072;&#1088;&#1089;&#1082;&#1080;",
+ "cs" => "&#268;e&scaron;tina",
+ "da" => "Dansk",
+ "de" => "Deutsch",
+ "el" => "&Epsilon;&lambda;&lambda;&eta;&nu;&iota;&kappa;&#940;",
+ "en" => "English",
+ "es" => "Espa&#xf1;ol",
+ "fi" => "Suomi",
+ "fr" => "Fran&#xe7;ais",
+ "hu" => "Magyar",
+ "it" => "Italiano",
+ "ja" => "&#26085;&#26412;&#35486;",
+ "lv" => "Latvie&scaron;u",
+ "nl" => "Nederlands",
+ "pl" => "Polski",
+ "pt" => "Portugu&#xea;s",
+ "pt-br" => "Portugu&#xea;s Brasileiro",
+ "ru" => "&#x420;&#x443;&#x441;&#x441;&#x43a;&#x438;&#x439;",
+ "sv" => "Svenska",
+ "tr" => "T&#xfc;rk&#xe7;e",
+ "zh-cn" => "&#x4e2d;&#x6587;(&#x7b80;&#x4f53;)",
+ "zh-tw" => "&#x4e2d;&#x6587;(&#33274;&#28771;)",
+ );
+
+ /**
+ * setlocale needs a language + region code for whatever reason so here's
+ * the mapping from a translation code to locales with the region that
+ * seemed the most common for this language
+ *
+ * You probably never need this. Use {@link set_translation()} to change the
+ * language instead of manually calling setlocale().
+ *
+ * @var array(string => string)
+ */
+ private static $locales = array(
+ "ar" => "ar_JO",
+ "bg" => "bg_BG",
+ "cs" => "cs_CZ",
+ "da" => "da_DK",
+ "de" => "de_DE",
+ "el" => "el_GR",
+ "en" => "en_US",
+ "es" => "es_ES",
+ "fa" => "fa_IR",
+ "fi" => "fi_FI",
+ "fr" => "fr_FR",
+ "he" => "he_IL",
+ "hr" => "hr_HR",
+ "hu" => "hu_HU",
+ "id" => "id_ID",
+ "is" => "is_IS",
+ "it" => "it_IT",
+ "ja" => "ja_JP",
+ "ka" => "ka_GE",
+ "ko" => "ko_KR",
+ "lv" => "lv_LV",
+ "nb" => "nb_NO",
+ "nl" => "nl_NL",
+ "pl" => "pl_PL",
+ "pt" => "pt_PT",
+ "pt-br" => "pt_BR",
+ "ro" => "ro_RO",
+ "ru" => "ru_RU",
+ "sl" => "sl_SI",
+ "sv" => "sv_SE",
+ "th" => "th_TH",
+ "tr" => "tr_TR",
+ "uk" => "uk_UA",
+ "zh-cn" => "zh_CN",
+ "zh-tw" => "zh_TW",
+ );
+
+ /**
+ * Auto-detects the language that should be used and sets it. Only works for
+ * HTTP, not in a command line script.
+ *
+ * Priority:
+ * <ol>
+ * <li>explicit parameter "lang" passed in HTTP (e.g. via GET)</li>
+ * <li>existing setting in the session (stick to the setting we had before)
+ * </li>
+ * <li>auto-detect via the HTTP Accept-Language header sent by the user
+ * agent</li>
+ * </ol>
+ */
+ public static function detect_language() {
+ if ( (self::get_translation() != "")
+ // already set in the session?
+ &&
+ !(array_key_exists("lang", $_REQUEST) &&
+ trim($_REQUEST["lang"]) != "")
+ // explicit parameter?
+ )
+ {
+ if ( self::set_translation(self::get_translation()) ) {
+ return;
+ }
+ }
+
+
+ $languages = array();
+
+ // parse Accept-Language header
+ if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER)) {
+ $bits = explode(",", strtolower(
+ str_replace(" ", "", $_SERVER['HTTP_ACCEPT_LANGUAGE'])
+ ));
+ foreach($bits as $lang)
+ {
+ $b = explode(";", $lang);
+ if(count($b)>1 && substr($b[1], 0, 2) == "q=")
+ $c = floatval(substr($b[1], 2));
+ else
+ $c = 1;
+
+ if ($c != 0)
+ {
+ $languages[trim($b[0])] = $c;
+ }
+ }
+ }
+
+ // check if there is an explicit language given as parameter
+ if(array_key_exists("lang",$_REQUEST) && trim($_REQUEST["lang"]) != "")
+ {
+ // higher priority than those values in the header
+ $languages[strtolower(trim($_REQUEST["lang"]))] = 2.0;
+ }
+
+ arsort($languages, SORT_NUMERIC);
+
+ // this is used to be compatible with browsers like internet
+ // explorer which only provide the language code including the
+ // region not without. Also handles the fallback to English (qvalues
+ // may only have three digits after the .)
+ $fallbacks = array("en" => 0.0005);
+
+ foreach($languages as $lang => $qvalue)
+ {
+ // ignore any non-conforming values (that's why we don't need to
+ // mysql_real_escape() or escapeshellarg(), but take care of
+ // the '*')
+ // spec: ( ( 1*8ALPHA *( "-" 1*8ALPHA ) ) | "*" )
+ if ( preg_match('/^(?:([a-zA-Z]{1,8})(?:-[a-zA-Z]{1,8})*|\*)$/',
+ $lang, $matches) !== 1 ) {
+ continue;
+ }
+ $lang_prefix = $matches[1]; // usually two-letter language code
+ $fallbacks[$lang_prefix] = $qvalue;
+
+ $chosen_translation = "";
+ if ($lang === '*') {
+ // According to the standard '*' matches anything but any
+ // language explicitly specified. So in theory if there
+ // was an explicit mention of "en" with a lower priority
+ // this would be incorrect, but that's too much trouble.
+ $chosen_translation = "en";
+ } else {
+ $lang_length = strlen($lang);
+ foreach (self::$translations as $translation => $ignore)
+ {
+ // May match exactly or on every '-'
+ if ( $translation === $lang ||
+ substr($translation, 0, $lang_length + 1)
+ === $lang.'-'
+ )
+ {
+ $chosen_translation = $translation;
+ break;
+ }
+ }
+ }
+
+ if ($chosen_translation !== "")
+ {
+ if (self::set_translation($chosen_translation)) {
+ return;
+ }
+ }
+ }
+
+ // No translation found yet => try the prefixes
+ arsort($fallbacks, SORT_NUMERIC);
+ foreach ($fallbacks as $lang => $qvalue) {
+ if (self::set_translation($lang)) {
+ return;
+ }
+ }
+
+ // should not get here, as the fallback of "en" is provided and that
+ // should always work => log an error
+ trigger_error("L10n::detect_language(): could not set language",
+ E_USER_WARNING);
+ }
+
+ /**
+ * Normalise the translation code (e.g. from the old codes to the new)
+ *
+ * @return string
+ * a translation code or the empty string if it can't be normalised
+ */
+ public static function normalise_translation($translation_code) {
+ // check $translation_code against whitelist
+ if (array_key_exists($translation_code, self::$translations) ) {
+ return $translation_code;
+ }
+
+ // maybe it's a locale as previously used in the system? e.g. en_AU
+ if (preg_match('/^([a-z][a-z])_([A-Z][A-Z])$/', $translation_code, $matches) !== 1) {
+ return '';
+ }
+
+ $lang_code = $matches[1];
+ $region_code = strtolower($matches[2]);
+
+ if (array_key_exists("${lang_code}-${region_code}", self::$translations)) {
+ return "${lang_code}-${region_code}";
+ }
+
+ if (array_key_exists($lang_code, self::$translations)) {
+ return $lang_code;
+ }
+
+ return '';
+ }
+
+ /**
+ * Get the set translation
+ *
+ * @return string
+ * a translation code or the empty string if not set
+ */
+ public static function get_translation() {
+ if (array_key_exists('language', $_SESSION['_config'])) {
+ return $_SESSION['_config']['language'];
+ } else {
+ return "";
+ }
+ }
+
+ /**
+ * Set the translation to use.
+ *
+ * @param string $translation_code
+ * the translation code as specified in the keys of {@link $translations}
+ *
+ * @return bool
+ * <ul>
+ * <li>true if the translation has been set successfully</li>
+ * <li>false if the $translation_code was not contained in the white
+ * list or could not be set for other reasons (e.g. setlocale()
+ * failed because the locale has not been set up on the system -
+ * details will be logged)</li>
+ * </ul>
+ */
+ public static function set_translation($translation_code) {
+ $translation_code = self::normalise_translation($translation_code);
+ if (empty($translation_code)) {
+ return false;
+ }
+
+ // map translation to locale
+ if ( !array_key_exists($translation_code, self::$locales) ) {
+ // weird. maybe you added a translation but haven't added a
+ // translation to locale mapping in self::locales?
+ trigger_error("L10n::set_translation(): could not map the ".
+ "translation $translation_code to a locale", E_USER_WARNING);
+ return false;
+ }
+ $locale = self::$locales[$translation_code];
+
+ // set up locale
+ if ( !putenv("LANG=$locale") ) {
+ trigger_error("L10n::set_translation(): could not set the ".
+ "environment variable LANG to $locale", E_USER_WARNING);
+ return false;
+ }
+ if ( !setlocale(LC_ALL, $locale) ) {
+ trigger_error("L10n::set_translation(): could not setlocale() ".
+ "LC_ALL to $locale", E_USER_WARNING);
+ return false;
+ }
+
+
+ // only set if we're running in a server not in a script
+ if (isset($_SESSION)) {
+ // save the setting
+ $_SESSION['_config']['language'] = $translation_code;
+
+
+ // Set up the recode settings needed e.g. in PDF creation
+ $_SESSION['_config']['recode'] = "html..latin-1";
+
+ if($translation_code === "zh-cn" || $translation_code === "zh-tw")
+ {
+ $_SESSION['_config']['recode'] = "html..gb2312";
+
+ } else if($translation_code === "pl" || $translation_code === "hu") {
+ $_SESSION['_config']['recode'] = "html..ISO-8859-2";
+
+ } else if($translation_code === "ja") {
+ $_SESSION['_config']['recode'] = "html..SHIFT-JIS";
+
+ } else if($translation_code === "ru") {
+ $_SESSION['_config']['recode'] = "html..ISO-8859-5";
+
+ } else if($translation_code == "lt") { // legacy, keep for reference
+ $_SESSION['_config']['recode'] = "html..ISO-8859-13";
+
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Sets up the text domain used by gettext
+ *
+ * @param string $domain
+ * the gettext domain that should be used, defaults to "messages"
+ */
+ public static function init_gettext($domain = 'messages') {
+ bindtextdomain($domain, $_SESSION['_config']['filepath'].'/locale');
+ textdomain($domain);
+ }
+
+ public static function set_recipient_language($accountid) {
+ //returns the language of a recipient to make sure that the language is correct
+ //use together with
+ $query = "select `language` from `users` where `id`='".intval($accountid)."'";
+ $res = mysql_query($query);
+ if (mysql_num_rows($res)>=0) {
+ $row = mysql_fetch_assoc($res);
+ if (NULL==$row['language'] || $row['language']=='') {
+ self::set_translation('en');
+ } else {
+ self::set_translation($row['language']);
+ }
+ } else {
+ self::set_translation('en');
+ }
+ }
+}
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 355527f..c14f8c2 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -16,52 +16,62 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+ include_once("../includes/lib/general.php");
+ require_once("../includes/lib/l10n.php");
+ include_once("../includes/mysql.php");
+ require_once('../includes/notary.inc.php');
+
+ if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
+ $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
+ }
+ if(!isset($_SESSION['profile']['id']) || !isset($_SESSION['profile']['loggedin'])) {
+ $_SESSION['profile']['id'] = 0;
+ $_SESSION['profile']['loggedin'] = 0;
+ }
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
{
$uid = $_SESSION['profile']['id'];
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
+ $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($uid)."'"));
if($_SESSION['profile']['locked'] == 0)
$_SESSION['profile']['loggedin'] = 1;
else
unset($_SESSION['profile']);
}
-
+
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
{
- $query = "select * from `emailcerts` where `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and `revoked`=0 and disablelogin=0 and
- UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
- $res = mysql_query($query);
+ $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
+ $_SERVER['SSL_CLIENT_I_DN_CN']);
- if(mysql_num_rows($res) > 0)
+ if($user_id >= 0)
{
- $row = mysql_fetch_assoc($res);
-
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['memid']."'"));
+ $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
+ "select * from `users` where `id`='".intval($user_id)."'"));
if($_SESSION['profile']['locked'] == 0)
$_SESSION['profile']['loggedin'] = 1;
else
@@ -69,60 +79,42 @@
} else {
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
- unset($_SESSION['_config']['oldlocation']);
-
- foreach($_GET as $key => $val)
- {
- if($_SESSION['_config']['oldlocation'])
- $_SESSION['_config']['oldlocation'] .= "&";
-
- $key = str_replace(array("\n", "\r"), '', $key);
- $val = str_replace(array("\n", "\r"), '', $val);
- $_SESSION['_config']['oldlocation'] .= "$key=$val";
- }
- $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
-
- header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4");
+ $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+ header("Location: https://{$_SESSION['_config']['securehostname']}/index.php?id=4");
exit;
}
}
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
{
- header("location: https://".$_SESSION['_config']['normalhostname']);
+ header("Location: https://{$_SESSION['_config']['normalhostname']}");
exit;
}
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
{
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
if($_SESSION['profile']['language'] == "")
{
- $query = "update `users` set `language`='".$_SESSION['_config']['language']."'
- where `id`='".$_SESSION['profile']['id']."'";
+ $query = "update `users` set `language`='".L10n::get_translation()."'
+ where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
} else {
- $_SESSION['_config']['language'] = $_SESSION['profile']['language'];
-
- putenv("LANG=".$_SESSION['_config']['language']);
- setlocale(LC_ALL, $_SESSION['_config']['language']);
-
- $domain = 'messages';
- bindtextdomain("$domain", $_SESSION['_config']['filepath']."/locale");
- textdomain("$domain");
+ L10n::set_translation($_SESSION['profile']['language']);
+ L10n::init_gettext();
}
}
@@ -131,35 +123,30 @@
$normalhost=$_SESSION['_config']['normalhostname'];
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
- unset($_SESSION);
- header("location: https://".$normalhost."/index.php");
+ header("Location: https://{$normalhost}/index.php");
exit;
}
if($_SESSION['profile']['loggedin'] < 1)
{
- unset($_SESSION['_config']['oldlocation']);
-
- foreach($_REQUEST as $key => $val)
- {
- if($_SESSION['_config']['oldlocation'])
- $_SESSION['_config']['oldlocation'] .= "&";
+ $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+ header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
+ exit;
+ }
- $key = str_replace(array("\n", "\r"), '', $key);
- $val = str_replace(array("\n", "\r"), '', $val);
- $_SESSION['_config']['oldlocation'] .= "$key=$val";
+ if (!isset($_SESSION['profile']['ccaagreement']) || !$_SESSION['profile']['ccaagreement']) {
+ $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
+ if (!$_SESSION['profile']['ccaagreement']) {
+ $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+ header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=52");
+ exit;
}
- $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
- $hostname=$_SERVER['HTTP_HOST'];
- $hostname = str_replace(array("\n", "\r"), '', $hostname);
- header("location: https://".$hostname."/index.php?id=4");
- exit;
}
?>
diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample
index 88ddcb2..77be95f 100644
--- a/includes/mysql.php.sample
+++ b/includes/mysql.php.sample
@@ -26,9 +26,9 @@
$_SESSION['_config']['securehostname'] = "secure.cacert.org";
$_SESSION['_config']['tverify'] = "tverify.cacert.org";
- function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $fromname = "", $errorsto = "returns@cacert.org", $extra="")
+ function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $fromname = "", $errorsto = "returns@cacert.org", $use_utf8 = true)
{
- $lines = explode('\n', $message);
+ $lines = explode("\n", $message);
$message = "";
foreach($lines as $line)
{
@@ -49,22 +49,23 @@
$smtp = fsockopen("localhost", 25);
if(!$smtp)
{
- echo("Could not connect to mailserver at localhost:25\n");
- return;
+ echo("Could not connect to mailserver at localhost:25\n");
+ return;
}
$InputBuffer = fgets($smtp, 1024);
- fputs($smtp, "HELO hlin.cacert.org\r\n");
+ fputs($smtp, "HELO www.cacert.org\r\n");
$InputBuffer = fgets($smtp, 1024);
- fputs($smtp, "MAIL FROM: <returns@cacert.org>\r\n");
+ fputs($smtp, "MAIL FROM:<returns@cacert.org>\r\n");
$InputBuffer = fgets($smtp, 1024);
$bits = explode(",", $to);
foreach($bits as $user)
- fputs($smtp, "RCPT TO: <".trim($user).">\r\n");
+ fputs($smtp, "RCPT TO:<".trim($user).">\r\n");
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "DATA\r\n");
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "X-Mailer: CAcert.org Website\r\n");
- fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n");
+ if (array_key_exists("REMOTE_ADDR", $_SERVER))
+ fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n");
fputs($smtp, "Sender: $errorsto\r\n");
fputs($smtp, "Errors-To: $errorsto\r\n");
if($replyto != "")
@@ -82,19 +83,31 @@
fputs($smtp, "Subject: $subject\r\n");
}
fputs($smtp, "Mime-Version: 1.0\r\n");
- if($extra == "")
+ if($use_utf8)
{
fputs($smtp, "Content-Type: text/plain; charset=\"utf-8\"\r\n");
- fputs($smtp, "Content-Transfer-Encoding: 8bit\r\n");
- } else {
+ }
+ else
+ {
fputs($smtp, "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n");
- fputs($smtp, "Content-Transfer-Encoding: quoted-printable\r\n");
- fputs($smtp, "Content-Disposition: inline\r\n");
}
+ fputs($smtp, "Content-Transfer-Encoding: quoted-printable\r\n");
+ fputs($smtp, "Content-Disposition: inline\r\n");
+
// fputs($smtp, "Content-Transfer-Encoding: BASE64\r\n");
fputs($smtp, "\r\n");
// fputs($smtp, chunk_split(base64_encode(recode("html..utf-8", $message)))."\r\n.\r\n");
- fputs($smtp, recode("html..utf-8", $message)."\r\n.\r\n");
+ $encoded_lines = explode( "\n", str_replace("\r", "", $message) );
+ array_walk( $encoded_lines,
+ function (&$a) {
+ $a = quoted_printable_encode(recode("html..utf-8", $a));
+ });
+ $encoded_message = implode("\n", $encoded_lines);
+
+ $encoded_message = str_replace("\r.", "\r=2E", $encoded_message);
+ $encoded_message = str_replace("\n.", "\n=2E", $encoded_message);
+ fputs($smtp, $encoded_message);
+ fputs($smtp, "\r\n.\r\n");
fputs($smtp, "QUIT\n");
$InputBuffer = fgets($smtp, 1024);
fclose($smtp);
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
new file mode 100644
index 0000000..3b8e736
--- /dev/null
+++ b/includes/notary.inc.php
@@ -0,0 +1,2140 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+define('NULL_DATETIME', '0000-00-00 00:00:00');
+define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
+
+ function query_init ($query)
+ {
+ return mysql_query($query);
+ }
+
+ function query_getnextrow ($res)
+ {
+ $row1 = mysql_fetch_assoc($res);
+ return $row1;
+ }
+
+ function query_get_number_of_rows ($resultset)
+ {
+ return intval(mysql_num_rows($resultset));
+ }
+
+ function get_number_of_assurances ($userid)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' and `deleted` = 0");
+ $row = query_getnextrow($res);
+
+ return intval($row['list']);
+ }
+
+ function get_number_of_ttpassurances ($userid)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' and `deleted` = 0");
+ $row = query_getnextrow($res);
+
+ return intval($row['list']);
+ }
+
+ function get_number_of_assurees ($userid)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' and `deleted` = 0");
+ $row = query_getnextrow($res);
+
+ return intval($row['list']);
+ }
+
+ function get_top_assurer_position ($no_of_assurances)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting' and `deleted` = 0
+ GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
+ return intval(query_get_number_of_rows($res)+1);
+ }
+
+ function get_top_assuree_position ($no_of_assurees)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting' and `deleted` = 0
+ GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
+ return intval(query_get_number_of_rows($res)+1);
+ }
+
+ /**
+ * Get the list of assurances given by the user
+ * @param int $userid - id of the assurer
+ * @param int $log - if set to 1 also includes deleted assurances
+ * @return resource - a MySQL result set
+ */
+ function get_given_assurances($userid, $log=0)
+ {
+ $deleted='';
+ if ($log == 0) {
+ $deleted = ' and `deleted` = 0 ';
+ }
+ $res = query_init("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc");
+ return $res;
+ }
+
+ /**
+ * Get the list of assurances received by the user
+ * @param int $userid - id of the assuree
+ * @param int $log - if set to 1 also includes deleted assurances
+ * @return resource - a MySQL result set
+ */
+ function get_received_assurances($userid, $log=0)
+ {
+ $deleted='';
+ if ($log == 0) {
+ $deleted = ' and `deleted` = 0 ';
+ }
+ $res = query_init("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc ");
+ return $res;
+ }
+
+ function get_given_assurances_summary ($userid)
+ {
+ $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method");
+ return $res;
+ }
+
+ function get_received_assurances_summary ($userid)
+ {
+ $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method");
+ return $res;
+ }
+
+ function get_user ($userid)
+ {
+ $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
+ return mysql_fetch_assoc($res);
+ }
+
+ function get_cats_state ($userid)
+ {
+
+ $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
+ WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
+ return mysql_num_rows($res);
+ }
+
+
+ /**
+ * Calculate awarded points (corrects some issues like out of range points
+ * or points that were issued by means that have been deprecated)
+ *
+ * @param array $row - associative array containing the data from the
+ * `notary` table
+ * @return int - the awarded points for this assurance
+ */
+ function calc_awarded($row)
+ {
+ // Back in the old days there was no `awarded` column => is now zero,
+ // there the `points` column contained that data
+ $points = max(intval($row['awarded']), intval($row['points']));
+
+ // Set negative points to zero, yes there are such things in the database
+ $points = max($points, 0);
+
+ switch ($row['method'])
+ {
+ // These programmes have been revoked
+ case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
+ case 'CT Magazine - Germany': // revoke c't (only one test-entry)
+ case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
+ $points = 0;
+ break;
+
+ case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
+ if ($points <= 2) // maybe limit to 35/50 pts in the future?
+ $points = 0;
+ break;
+
+ // TTP assurances, limit to 35
+ case 'TTP-Assisted':
+ $points = min($points, 35);
+ break;
+
+ // TTP TOPUP, limit to 30
+ case 'TOPUP':
+ $points = min($points, 30);
+
+ // All these should be preserved for the time being
+ case 'Unknown': // to be revoked in the future? limit to max 50 pts?
+ case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
+ case '': // to be revoked in the future? limit to max 50 pts?
+ case 'Face to Face Meeting': // normal assurances (and superassurances?), limit to 35/50 pts in the future?
+ break;
+
+ default: // should never happen ... ;-)
+ $points = 0;
+ }
+
+ return $points;
+ }
+
+
+ /**
+ * Calculate the experience points from a given Assurance
+ * @param array $row - [inout] associative array containing the data from
+ * the `notary` table, the keys 'experience' and 'calc_awarded' will be
+ * added
+ * @param int $sum_points - [inout] the sum of already counted assurance
+ * points the assurer issued
+ * @param int $sum_experience - [inout] the sum of already counted
+ * experience points that were awarded to the assurer
+ */
+ function calc_experience(&$row, &$sum_points, &$sum_experience)
+ {
+ $row['calc_awarded'] = calc_awarded($row);
+
+ // Don't count revoked assurances even if we are displaying them
+ if ($row['deleted'] !== NULL_DATETIME) {
+ $row['experience'] = 0;
+ return;
+ }
+
+ $experience = 0;
+ if ($row['method'] == "Face to Face Meeting")
+ {
+ $experience = 2;
+ }
+ $sum_experience += $experience;
+ $row['experience'] = $experience;
+
+ $sum_points += $row['calc_awarded'];
+ }
+
+ /**
+ * Calculate the points received from a received Assurance
+ * @param array $row - [inout] associative array containing the data from
+ * the `notary` table, the keys 'experience' and 'calc_awarded' will be
+ * added
+ * @param int $sum_points - [inout] the sum of already counted assurance
+ * points the assuree received
+ * @param int $sum_experience - [inout] the sum of already counted
+ * experience points that were awarded to the assurer
+ */
+ function calc_assurances(&$row, &$sum_points, &$sum_experience)
+ {
+ $row['calc_awarded'] = calc_awarded($row);
+ $experience = 0;
+
+ // High point values mean that some of them are experience points
+ if ($row['calc_awarded'] > 100)
+ {
+ $experience = $row['calc_awarded'] - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
+ $row['calc_awarded'] = 100;
+ }
+
+ switch ($row['method'])
+ {
+ case 'Thawte Points Transfer':
+ case 'CT Magazine - Germany':
+ case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
+ $experience = 0;
+ $row['deleted'] = THAWTE_REVOCATION_DATETIME;
+ break;
+ }
+
+ // Don't count revoked assurances even if we are displaying them
+ if ($row['deleted'] !== NULL_DATETIME) {
+ $row['experience'] = 0;
+ return;
+ }
+
+ $sum_experience += $experience;
+ $row['experience'] = $experience;
+ $sum_points += $row['calc_awarded'];
+ }
+
+ /**
+ * Generate a link to the support engineer page for the user with the name
+ * of the user as link text
+ * @param array $user - associative array containing the data from the
+ * `user` table
+ * @return string
+ */
+ function show_user_link($user)
+ {
+ $name = trim($user['fname'].' '.$user['lname']);
+ $userid = intval($user['id']);
+
+ if($name == "")
+ {
+ if ($userid == 0) {
+ $name = _("System");
+ } else {
+ $name = _("Deleted account");
+ }
+ }
+ else
+ {
+ $name = "<a href='wot.php?id=9&amp;userid=".$userid."'>".sanitizeHTML($name)."</a>";
+ }
+
+ return $name;
+ }
+
+ /**
+ * Generate a link to the support engineer page for the user with the email
+ * address as link text
+ * @param array $user - associative array containing the data from the
+ * `user` table
+ * @return string
+ */
+ function show_email_link($user)
+ {
+ $email = trim($user['email']);
+ if($email != "") {
+ $email = "<a href='account.php?id=43&amp;userid=".intval($user['id'])."'>".sanitizeHTML($email)."</a>";
+ }
+ return $email;
+ }
+
+ function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
+ {
+ $num_of_assurances = get_number_of_assurances (intval($userid));
+ $rank_of_assurer = get_top_assurer_position($num_of_assurances);
+ }
+
+ function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
+ {
+ $num_of_assurees = get_number_of_assurees (intval($userid));
+ $rank_of_assuree = get_top_assuree_position($num_of_assurees);
+ }
+
+
+// ************* html table definitions ******************
+
+ function output_ranking($userid)
+ {
+ get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
+ get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
+
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="title"><?=_("Assurer Ranking")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
+ </tr>
+</table>
+<br/>
+<?
+ }
+
+ /**
+ * Render header for the assurance table (same for given/received)
+ * @param string $title - The title for the table
+ * @param int $support - set to 1 if the output is for the support interface
+ * @param int $log - if set to 1 also includes deleted assurances
+ */
+ function output_assurances_header($title, $support, $log)
+ {
+ if ($support == 1) {
+ $log = 1;
+ }
+
+ $colspan = 7;
+ if ($support == 1) {
+ $colspan += 2;
+ }
+ if ($log == 1) {
+ $colspan += 1;
+ }
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=$title?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("ID")?></strong></td>
+ <td class="DataTD"><strong><?=_("Date")?></strong></td>
+<?
+ if ($support == 1)
+ {
+?>
+ <td class="DataTD"><strong><?=_("When")?></strong></td>
+ <td class="DataTD"><strong><?=_("Email")?></strong></td>
+<?
+ }
+?>
+ <td class="DataTD"><strong><?=_("Who")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Location")?></strong></td>
+ <td class="DataTD"><strong><?=_("Method")?></strong></td>
+ <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
+<?
+ if ($log == 1)
+ {
+?>
+ <td class="DataTD"><strong><?=_("Revoked")?></strong></td>
+<?
+ }
+?>
+ </tr>
+<?
+ }
+
+ /**
+ * Render footer for the assurance table (same for given/received)
+ * @param string $points_txt - Description for sum of assurance points
+ * @param int $sumpoints - sum of assurance points
+ * @param string $experience_txt - Description for sum of experience points
+ * @param int $sumexperience - sum of experience points
+ * @param int $support - set to 1 if the output is for the support interface
+ * @param int $log - if set to 1 also includes deleted assurances
+ */
+ function output_assurances_footer(
+ $points_txt,
+ $sumpoints,
+ $experience_txt,
+ $sumexperience,
+ $support,
+ $log)
+ {
+?>
+ <tr>
+ <td colspan="<?=($support == 1) ? 5 : 3 ?>" class="DataTD"><strong><?=$points_txt?>:</strong></td>
+ <td class="DataTD"><?=intval($sumpoints)?></td>
+ <td class="DataTD">&nbsp;</td>
+ <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
+ <td class="DataTD"><?=intval($sumexperience)?></td>
+<?
+ if ($log == 1)
+ {
+?>
+ <td class="DataTD">&nbsp;</td>
+<?
+ }
+?>
+ </tr>
+</table>
+<br/>
+<?
+ }
+
+ /**
+ * Render an assurance for a view
+ * @param array $assurance - associative array containing the data from the `notary` table
+ * @param int $userid - Id of the user whichs given/received assurances are displayed
+ * @param array $other_user - associative array containing the other users data from the `users` table
+ * @param int $support - set to 1 if the output is for the support interface
+ * @param string $ticketno - ticket number currently set in the support interface
+ * @param int $log - if set to 1 also includes deleted assurances
+ */
+ function output_assurances_row(
+ $assurance,
+ $userid,
+ $other_user,
+ $support,
+ $ticketno,
+ $log)
+ {
+ $assuranceid = intval($assurance['id']);
+ $date = $assurance['date'];
+ $when = $assurance['when'];
+ $awarded = intval($assurance['calc_awarded']);
+ $points = intval($assurance['points']);
+ $location = $assurance['location'];
+ $method = $assurance['method'] ? _($assurance['method']) : '';
+ $experience = intval($assurance['experience']);
+ $revoked = $assurance['deleted'] !== NULL_DATETIME;
+
+ $email = show_email_link($other_user);
+ $name = show_user_link($other_user);
+
+ if ($support == 1) {
+ $log = 1;
+ }
+
+ $tdstyle="";
+ $emopen="";
+ $emclose="";
+
+ if ($awarded == $points)
+ {
+ if ($awarded == 0)
+ {
+ if ($when < "2006-09-01")
+ {
+ $tdstyle="style='background-color: #ffff80'";
+ $emopen="<em>";
+ $emclose="</em>";
+ }
+ }
+ }
+?>
+ <tr>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
+<?
+ if ($support == 1)
+ {
+?>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
+<?
+ }
+?>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$revoked ? sprintf("<strong style='color: red'>%s</strong>",_("Revoked")) : $awarded?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=sanitizeHTML($location)?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?$experience:'&nbsp;'?><?=$emclose?></td>
+<?
+ if ($log == 1)
+ {
+ if ($revoked == true)
+ {
+?>
+ <td class="DataTD" <?=$tdstyle?>><?=$assurance['deleted']?></td>
+<?
+ } elseif ($support == 1) {
+?>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
+<?
+ } else {
+?>
+ <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
+<?
+ }
+ }
+?>
+ </tr>
+<?
+ }
+
+ function output_summary_header()
+ {
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("Description")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Remark")?></strong></td>
+ </tr>
+<?
+ }
+
+ function output_summary_footer()
+ {
+?>
+</table>
+<br/>
+<?
+ }
+
+ function output_summary_row($title,$points,$points_countable,$remark)
+ {
+?>
+ <tr>
+ <td class="DataTD"><strong><?=$title?></strong></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD"><?=$points_countable?></td>
+ <td class="DataTD"><?=$remark?></td>
+ </tr>
+<?
+ }
+
+
+// ************* output given assurances ******************
+
+ /**
+ * Helper function to render assurances given by the user
+ * @param int $userid
+ * @param int& $sum_points - [out] sum of given points
+ * @param int& $sum_experience - [out] sum of experience points gained
+ * @param int $support - set to 1 if the output is for the support interface
+ * @param string $ticketno - the ticket number set in the support interface
+ * @param int $log - if set to 1 also includes deleted assurances
+ */
+ function output_given_assurances_content(
+ $userid,
+ &$sum_points,
+ &$sum_experience,
+ $support,
+ $ticketno,
+ $log)
+ {
+ $sum_points = 0;
+ $sumexperience = 0;
+ $res = get_given_assurances(intval($userid), $log);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $assuree = get_user(intval($row['to']));
+ calc_experience($row, $sum_points, $sum_experience);
+ output_assurances_row($row, $userid, $assuree, $support, $ticketno, $log);
+ }
+ }
+
+// ************* output received assurances ******************
+
+ /**
+ * Helper function to render assurances received by the user
+ * @param int $userid
+ * @param int& $sum_points - [out] sum of received points
+ * @param int& $sum_experience - [out] sum of experience points the assurers gained
+ * @param int $support - set to 1 if the output is for the support interface
+ * @param string $ticketno - the ticket number set in the support interface
+ * @param int $log - if set to 1 also includes deleted assurances
+ */
+ function output_received_assurances_content(
+ $userid,
+ &$sum_points,
+ &$sum_experience,
+ $support,
+ $ticketno,
+ $log)
+ {
+ $sum_points = 0;
+ $sumexperience = 0;
+ $res = get_received_assurances(intval($userid), $log);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $fromuser = get_user(intval($row['from']));
+ calc_assurances($row, $sum_points, $sum_experience);
+ output_assurances_row($row, $userid, $fromuser, $support, $ticketno, $log);
+ }
+ }
+
+// ************* output summary table ******************
+
+ function check_date_limit ($userid,$age)
+ {
+ $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
+ $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
+ return intval(query_get_number_of_rows($res));
+ }
+
+ function max_points($userid)
+ {
+ return output_summary_content ($userid,0);
+ }
+
+ function output_summary_content($userid,$display_output)
+ {
+ $sum_points = 0;
+ $sum_experience = 0;
+ $sum_experience_other = 0;
+ $max_points = 100;
+ $max_experience = 50;
+
+ $experience_limit_reached_txt = _("Limit reached");
+
+ if (check_date_limit($userid,18) != 1)
+ {
+ $max_experience = 10;
+ $experience_limit_reached_txt = _("Limit given by PoJAM reached");
+ }
+ if (check_date_limit($userid,14) != 1)
+ {
+ $max_experience = 0;
+ $experience_limit_reached_txt = _("Limit given by PoJAM reached");
+ }
+
+ $res = get_received_assurances_summary($userid);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $points = calc_awarded($row);
+
+ if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
+ {
+ $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
+ $points = $max_points;
+ }
+ $sum_points += $points*intval($row['number']);
+ }
+
+ $res = get_given_assurances_summary($userid);
+ while($row = mysql_fetch_assoc($res))
+ {
+ switch ($row['method'])
+ {
+ case 'Face to Face Meeting': // count Face to Face only
+ $sum_experience += 2*intval($row['number']);
+ break;
+ }
+
+ }
+
+ if ($sum_points > $max_points)
+ {
+ $sum_points_countable = $max_points;
+ $remark_points = _("Limit reached");
+ }
+ else
+ {
+ $sum_points_countable = $sum_points;
+ $remark_points = "&nbsp;";
+ }
+ if ($sum_experience > $max_experience)
+ {
+ $sum_experience_countable = $max_experience;
+ $remark_experience = $experience_limit_reached_txt;
+ }
+ else
+ {
+ $sum_experience_countable = $sum_experience;
+ $remark_experience = "&nbsp;";
+ }
+
+ if ($sum_experience_countable + $sum_experience_other > $max_experience)
+ {
+ $sum_experience_other_countable = $max_experience-$sum_experience_countable;
+ $remark_experience_other = $experience_limit_reached_txt;
+ }
+ else
+ {
+ $sum_experience_other_countable = $sum_experience_other;
+ $remark_experience_other = "&nbsp;";
+ }
+
+ if ($sum_points_countable < $max_points)
+ {
+ if ($sum_experience_countable != 0)
+ $remark_experience = _("Points on hold due to less assurance points");
+ $sum_experience_countable = 0;
+ if ($sum_experience_other_countable != 0)
+ $remark_experience_other = _("Points on hold due to less assurance points");
+ $sum_experience_other_countable = 0;
+ }
+
+ $issue_points = 0;
+ $cats_test_passed = get_cats_state ($userid);
+ if ($cats_test_passed == 0)
+ {
+ $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
+ if ($sum_points_countable < $max_points)
+ {
+ $issue_points_txt = "<strong style='color: red'>";
+ $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
+ $issue_points_txt .= "</strong>";
+ }
+ }
+ else
+ {
+ $experience_total = $sum_experience_countable+$sum_experience_other_countable;
+ $issue_points_txt = "";
+ if ($sum_points_countable == $max_points)
+ $issue_points = 10;
+ if ($experience_total >= 10)
+ $issue_points = 15;
+ if ($experience_total >= 20)
+ $issue_points = 20;
+ if ($experience_total >= 30)
+ $issue_points = 25;
+ if ($experience_total >= 40)
+ $issue_points = 30;
+ if ($experience_total >= 50)
+ $issue_points = 35;
+ if ($issue_points != 0)
+ $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
+ }
+ if ($display_output)
+ {
+ output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
+ output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
+ output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
+ output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
+ }
+ return $issue_points;
+ }
+
+ /**
+ * Render assurances given by the user
+ * @param int $userid
+ * @param int $support - set to 1 if the output is for the support interface
+ * @param string $ticketno - the ticket number set in the support interface
+ * @param int $log - if set to 1 also includes deleted assurances
+ */
+ function output_given_assurances($userid, $support=0, $ticketno='', $log=0)
+ {
+ output_assurances_header(
+ _("Assurance Points You Issued"),
+ $support,
+ $log);
+
+ output_given_assurances_content(
+ $userid,
+ $sum_points,
+ $sum_experience,
+ $support,
+ $ticketno,
+ $log);
+
+ output_assurances_footer(
+ _("Total Points Issued"),
+ $sum_points,
+ _("Total Experience Points"),
+ $sum_experience,
+ $support,
+ $log);
+ }
+
+ /**
+ * Render assurances received by the user
+ * @param int $userid
+ * @param int $support - set to 1 if the output is for the support interface
+ * @param string $ticketno - the ticket number set in the support interface
+ * @param int $log - if set to 1 also includes deleted assurances
+ */
+ function output_received_assurances($userid, $support=0, $ticketno='', $log=0)
+ {
+ output_assurances_header(
+ _("Assurance Points You Received"),
+ $support,
+ $log);
+
+ output_received_assurances_content(
+ $userid,
+ $sum_points,
+ $sum_experience,
+ $support,
+ $ticketno,
+ $log);
+
+ output_assurances_footer(
+ _("Total Points Received"),
+ $sum_points,
+ _("Total Experience Points"),
+ $sum_experience,
+ $support,
+ $log);
+ }
+
+ function output_summary($userid)
+ {
+ output_summary_header();
+ output_summary_content($userid,1);
+ output_summary_footer();
+ }
+
+ function output_end_of_page()
+ {
+?>
+ <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
+<?
+ }
+
+ //functions to do with recording user agreements
+ /**
+ * write_user_agreement()
+ * writes a new record to the table user_agreement
+ *
+ * @param mixed $memid
+ * @param mixed $document
+ * @param mixed $method
+ * @param mixed $comment
+ * @param integer $active
+ * @param integer $secmemid
+ * @return
+ */
+ function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
+ // write a new record to the table user_agreement
+ $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
+ ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
+ $res = mysql_query($query);
+ }
+
+ /**
+ * get_user_agreement_status()
+ * returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded
+ * @param mixed $memid
+ * @param string $type
+ * @return
+ */
+ function get_user_agreement_status($memid, $type="CCA"){
+ $query="SELECT u.`document` FROM `user_agreements` u
+ WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ;
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <=0){
+ return 0;
+ }else{
+ return 1;
+ }
+ }
+
+ /**
+ * Get the first user_agreement entry of the requested type
+ * @param int $memid
+ * @param string $type - the type of user agreement, by default all
+ * agreements are listed
+ * @param int $active - whether to get active or passive agreements:
+ * 0 := passive
+ * 1 := active
+ * null := both
+ * @return array(string=>mixed) - an associative array containing
+ * 'document', 'date', 'method', 'comment', 'active'
+ */
+ function get_first_user_agreement($memid, $type=null, $active=null){
+ $filter = '';
+ if (!is_null($type)) {
+ $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
+ }
+
+ if (!is_null($active)) {
+ $filter .= " AND u.`active` = ".intval($active);
+ }
+
+ $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
+ WHERE u.`memid`=".intval($memid)."
+ $filter
+ ORDER BY u.`date` LIMIT 1";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) >0){
+ $rec = mysql_fetch_assoc($res);
+ }else{
+ $rec=array();
+ }
+ return $rec;
+ }
+
+ /**
+ * Get the last user_agreement entry of the requested type
+ * @param int $memid
+ * @param string $type - the type of user agreement, by default all
+ * agreements are listed
+ * @param int $active - whether to get active or passive agreements:
+ * 0 := passive,
+ * 1 := active,
+ * null := both
+ * @return array(string=>mixed) - an associative array containing
+ * 'document', 'date', 'method', 'comment', 'active'
+ */
+ function get_last_user_agreement($memid, $type=null, $active=null){
+ $filter = '';
+ if (!is_null($type)) {
+ $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
+ }
+
+ if (!is_null($active)) {
+ $filter .= " AND u.`active` = ".intval($active);
+ }
+
+ $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
+ WHERE u.`memid`=".intval($memid)."
+ $filter
+ ORDER BY u.`date` DESC LIMIT 1";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) >0){
+ $rec = mysql_fetch_assoc($res);
+ }else{
+ $rec=array();
+ }
+ return $rec;
+ }
+
+/**
+ * Get the all user_agreement entries of the requested type
+ * @param int $memid
+ * @param string $type - the type of user agreement, by default all
+ * agreements are listed
+ * @param int $active - whether to get an active or passive agreements:
+ * 0 := passive,
+ * 1 := active,
+ * null := both
+ * @return resource - a mysql result set containing all agreements
+ */
+function get_user_agreements($memid, $type=null, $active=null){
+ $filter = '';
+ if (!is_null($type)) {
+ $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
+ }
+
+ if (!is_null($active)) {
+ $filter .= " AND u.`active` = ".intval($active);
+ }
+
+ $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
+ WHERE u.`memid`=".intval($memid)."
+ $filter
+ ORDER BY u.`date`";
+ return mysql_query($query);
+}
+
+ /**
+ * delete_user_agreement()
+ * deletes all entries for a given type from user_agreement of a given user, if type is not given all
+ * @param mixed $memid
+ * @param string $type
+ * @return
+ */
+ function delete_user_agreement($memid, $type=false){
+ if ($type === false) {
+ $filter = '';
+ } else {
+ $filter = " and `document` = '" . mysql_real_escape_string($type) . "'";
+ }
+ mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
+ }
+
+ // functions for 6.php (assure somebody)
+
+ function AssureHead($confirmation,$checkname)
+ {
+?>
+<form method="post" action="wot.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
+ <tr>
+ <td colspan="2" class="title"><?=$confirmation?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
+ </tr>
+<?
+ }
+
+ function AssureTextLine($field1,$field2)
+ {
+?>
+ <tr>
+ <td class="DataTD"><?=$field1.(empty($field1)?'':':')?></td>
+ <td class="DataTD"><?=$field2?></td>
+ </tr>
+<?
+ }
+
+ function AssureBoxLine($type,$text,$checked)
+ {
+?>
+ <tr>
+ <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
+ <td class="DataTD"><?=$text?></td>
+ </tr>
+<?
+ }
+
+ function AssureMethodLine($text,$methods,$remark)
+ {
+ if (count($methods) != 1) {
+?>
+ <tr>
+ <td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
+ <td class="DataTD">
+ <select name="method">
+<?
+ foreach($methods as $val) {
+?>
+ <option value="<?=$val?>"><?=$val?></option>
+<?
+ }
+?>
+ </select>
+ <br />
+ <?=$remark?>
+ </td>
+ </tr>
+<?
+ } else {
+?>
+ <input type="hidden" name="method" value="<?=$methods[0]?>" />
+<?
+ }
+ }
+
+ function AssureInboxLine($type,$field,$value,$description)
+ {
+?>
+ <tr>
+ <td class="DataTD"><?=$field.(empty($field)?'':':')?></td>
+ <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
+ </tr>
+<?
+ }
+
+ function AssureFoot($oldid,$confirm)
+ {
+?>
+ <tr>
+ <td class="DataTD" colspan="2">
+ <input type="submit" name="process" value="<?=$confirm?>" />
+ <input type="submit" name="cancel" value="<?=_("Cancel")?>" />
+ </td>
+ </tr>
+</table>
+<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
+<input type="hidden" name="oldid" value="<?=$oldid?>" />
+</form>
+<?
+ }
+
+ function account_email_delete($mailid){
+ //deletes an email entry from an acount
+ //revolkes all certifcates for that email address
+ //called from www/account.php if($process != "" && $oldid == 2)
+ //called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
+ //called from account_delete
+ $mailid = intval($mailid);
+ revoke_all_client_cert($mailid);
+ $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
+ mysql_query($query);
+ }
+
+ function account_domain_delete($domainid){
+ //deletes an domain entry from an acount
+ //revolkes all certifcates for that domain address
+ //called from www/account.php if($process != "" && $oldid == 9)
+ //called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
+ //called from account_delete
+ $domainid = intval($domainid);
+ revoke_all_server_cert($domainid);
+ mysql_query(
+ "update `domains`
+ set `deleted`=NOW()
+ where `id` = '$domainid'");
+ }
+
+ function account_delete($id, $arbno, $adminid){
+ //deletes an account following the deleted account routnie V3
+ // called from www/account.php if($oldid == 50 && $process != "")
+ //change password
+ $id = intval($id);
+ $arbno = mysql_real_escape_string($arbno);
+ $adminid = intval($adminid);
+ $pool = 'abcdefghijklmnopqrstuvwxyz';
+ $pool .= '0123456789!()§';
+ $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+ srand ((double)microtime()*1000000);
+ $password="";
+ for($index = 0; $index < 30; $index++)
+ {
+ $password .= substr($pool,(rand()%(strlen ($pool))), 1);
+ }
+ mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
+
+ //create new mail for arbitration number
+ $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
+ mysql_query($query);
+ $emailid = mysql_insert_id();
+
+ //set new mail as default
+ $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
+ mysql_query($query);
+
+ //delete all other email address
+ $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ account_email_delete($row['id']);
+ }
+
+ //delete all domains
+ $query = "select `id` from `domains` where `memid`='".$id."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ account_domain_delete($row['id']);
+ }
+
+ //clear alert settings
+ mysql_query(
+ "update `alerts` set
+ `general`='0',
+ `country`='0',
+ `regional`='0',
+ `radius`='0'
+ where `memid`='$id'");
+
+ //set default location
+ $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
+ mysql_query($query);
+
+ //clear listings
+ $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
+ mysql_query($query);
+
+ //set lanuage to default
+ //set default language
+ mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
+ //delete secondary langugaes
+ mysql_query("delete from `addlang` where `userid`='".$id."'");
+
+ //change secret questions
+ for($i=1;$i<=5;$i++){
+ $q="";
+ $a="";
+ for($index = 0; $index < 30; $index++)
+ {
+ $q .= substr($pool,(rand()%(strlen ($pool))), 1);
+ $a .= substr($pool,(rand()%(strlen ($pool))), 1);
+ }
+ $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
+ mysql_query($query);
+ }
+
+ //change personal information to arbitration number and DOB=1900-01-01
+ $query = "update `users` set `fname`='".$arbno."',
+ `mname`='".$arbno."',
+ `lname`='".$arbno."',
+ `suffix`='".$arbno."',
+ `dob`='1900-01-01'
+ where `id`='".$id."'";
+ mysql_query($query);
+
+ //clear all admin and board flags
+ mysql_query(
+ "update `users` set
+ `assurer`='0',
+ `assurer_blocked`='0',
+ `codesign`='0',
+ `orgadmin`='0',
+ `ttpadmin`='0',
+ `locadmin`='0',
+ `admin`='0',
+ `adadmin`='0',
+ `tverify`='0',
+ `board`='0'
+ where `id`='$id'");
+
+ //block account
+ mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
+ }
+
+
+ function check_email_exists($email){
+ // called from includes/account.php if($process != "" && $oldid == 1)
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $email = mysql_real_escape_string($email);
+ $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+ function check_gpg_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
+ }else{
+ $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+ function check_client_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
+ $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
+ }else{
+ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
+ $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query1);
+ $r1 = mysql_num_rows($res)>0;
+ $res = mysql_query($query2);
+ $r2 = mysql_num_rows($res)>0;
+ return !!($r1 || $r2);
+ }
+
+ function check_server_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query1 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `domaincerts`.`expire` > NOW()
+ and `domaincerts`.`revoked` < `domaincerts`.`created`";
+ $query2 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `revoked`>NOW()";
+ }else{
+ $query1 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `expire`>(NOW()-90*86400)
+ and `revoked`<`created`";
+ $query2 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `revoked`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query1);
+ $r1 = mysql_num_rows($res)>0;
+ $res = mysql_query($query2);
+ $r2 = mysql_num_rows($res)>0;
+ return !!($r1 || $r2);
+ }
+
+ function check_is_orgadmin($uid){
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+
+ // revokation of certificates
+ function revoke_all_client_cert($mailid){
+ //revokes all client certificates for an email address
+ $mailid = intval($mailid);
+ $query = "select `emailcerts`.`id`
+ from `emaillink`,`emailcerts` where
+ `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
+ group by `emailcerts`.`id`";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres)){
+ mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
+ }
+ }
+
+ function revoke_all_server_cert($domainid){
+ //revokes all server certs for an domain
+ $domainid = intval($domainid);
+ $query =
+ "select `domaincerts`.`id`
+ from `domaincerts`
+ where `domaincerts`.`domid` = '$domainid'
+ union distinct
+ select `domaincerts`.`id`
+ from `domaincerts`, `domlink`
+ where `domaincerts`.`id` = `domlink`.`certid`
+ and `domlink`.`domid` = '$domainid'";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ mysql_query(
+ "update `domaincerts`
+ set `revoked`='1970-01-01 10:00:01'
+ where `id` = '".$drow['id']."'
+ and `revoked` = 0");
+ }
+ }
+
+ function revoke_all_private_cert($uid){
+ //revokes all certificates linked to a personal accounts
+ //gpg revokation needs to be added to a later point
+ $uid=intval($uid);
+ $query = "select `id` from `email` where `memid`='".$uid."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ revoke_all_client_cert($row['id']);
+ }
+
+
+ $query = "select `id` from `domains` where `memid`='".$uid."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ revoke_all_server_cert($row['id']);
+ }
+ }
+
+ /**
+ * check_date_format()
+ * checks if the date is entered in the right date format YYYY-MM-DD and
+ * if the date is after the 1st January of the given year
+ *
+ * @param mixed $date
+ * @param integer $year
+ * @return
+ */
+ function check_date_format($date, $year=2000){
+ if (!strpos($date,'-')) {
+ return FALSE;
+ }
+ $arr=explode('-',$date);
+
+ if ((count($arr)!=3)) {
+ return FALSE;
+ }
+ if (intval($arr[0])<=$year) {
+ return FALSE;
+ }
+ if (intval($arr[1])>12 or intval($arr[1])<=0) {
+ return FALSE;
+ }
+ if (intval($arr[2])>31 or intval($arr[2])<=0) {
+ return FALSE;
+ }
+
+ return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
+
+ }
+
+ /**
+ * check_date_difference()
+ * returns false if the date is larger then today + time diffrence
+ *
+ * @param mixed $date
+ * @param integer $diff
+ * @return
+ */
+ function check_date_difference($date, $diff=1){
+ return (strtotime($date)<=time()+$diff*86400);
+ }
+
+/**
+ * Write some information to the adminlog
+ *
+ * @param int $uid - id of the user account
+ * @param int $adminid - id of the admin
+ * @param string $type - the operation that was performed on the user account
+ * @param string $info - the ticket / arbitration number or other information
+ * @return bool - true := success, false := error
+ */
+function write_se_log($uid, $adminid, $type, $info){
+ //records all support engineer actions changing a user account
+ $uid = intval($uid);
+ $adminid = intval($adminid);
+ $type = mysql_real_escape_string($type);
+ $info = mysql_real_escape_string($info);
+ $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values
+ (Now(), $uid, $adminid, '$type', '$info')";
+ return mysql_query($query);
+}
+
+/**
+ * Check if the entered information is a valid ticket or arbitration number
+ * @param string $ticketno
+ * @return bool
+ */
+function valid_ticket_number($ticketno){
+ //a arbitration case
+ //d dispute action
+ //s support case
+ //m board motion
+ $pattern='/[adsmADSM]\d{8}\.\d+/';
+ if (preg_match($pattern, $ticketno)) {
+ return true;
+ }
+ return false;
+}
+
+// function for handling account/43.php
+/**
+ * Get all data of an account given by the id from the `users` table
+ * @param int $userid - account id
+ * @param int $deleted - states if deleted data should be visible , default = 0 - not visible
+ * @return resource - a mysql result set
+ */
+function get_user_data($userid, $deleted=0){
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter .=' and `users`.`deleted`=0';
+ }
+ $query = "select * from `users` where `users`.`id`='$userid' ".$filter;
+ return mysql_query($query);
+}
+
+/**
+ * Get the alert settings for a user
+ * @param int $userid for the requested account
+ * @return array - associative array
+ */
+function get_alerts($userid){
+ return mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($userid)."'"));
+}
+
+/**
+ * Get all email addresses linked to the account
+ * @param int $userid
+ * @param string $exclude - if given the email address will be excluded
+ * @param int $deleted - states if deleted data should be visible, default = 0 - not visible
+ * @return resource - a mysql result set
+ */
+function get_email_addresses($userid, $exclude, $deleted=0){
+ //should be entered in account/2.php
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter .= ' and `deleted`=0';
+ }
+ if ($exclude) {
+ $filter .= " and `email`!='".mysql_real_escape_string($exclude)."'";
+ }
+ $query = "select * from `email` where `memid`='".$userid."' and `hash`='' ".$filter." order by `created`";
+ return mysql_query($query);
+}
+
+/**
+ * Get all domains linked to the account
+ * @param int $userid
+ * @param int $deleted - states if deleted data should be visible, default = 0 - not visible
+ * @return resource - a mysql result set
+ */
+function get_domains($userid, $deleted=0){
+ //should be entered in account/9.php
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter .= ' and `deleted`=0';
+ }
+ $query = "select * from `domains` where `memid`='".$userid."' and `hash`=''".$filter." order by `created`";
+ return mysql_query($query);
+}
+
+/**
+ * Get all training results for the account
+ * @param int $userid
+ * @return resource - a mysql result set
+ */
+function get_training_results($userid){
+ //should be entered in account/55.php
+ $userid = intval($userid);
+ $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
+ " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".$userid."'".
+ " ORDER BY `CP`.`pass_date`";
+ return mysql_query($query);
+}
+
+/**
+ * Get all SE log entries for the account
+ * @param int $userid
+ * @return resource - a mysql result set
+ */
+function get_se_log($userid){
+ $userid = intval($userid);
+ $query = "SELECT `adminlog`.`when`, `adminlog`.`type`, `adminlog`.`information`, `users`.`fname`, `users`.`lname`
+ FROM `adminlog`, `users`
+ WHERE `adminlog`.`adminid` = `users`.`id` and `adminlog`.`uid`=".$userid."
+ ORDER BY `adminlog`.`when`";
+ return mysql_query($query);
+}
+
+/**
+ * Get all client certificates linked to the account
+ * @param int $userid
+ * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
+ * @return resource - a mysql result set
+ */
+function get_client_certs($userid, $viewall=0){
+ //add to account/5.php
+ $userid = intval($userid);
+ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
+ `emailcerts`.`expire`,
+ `emailcerts`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ `emailcerts`.`id`,
+ `emailcerts`.`CN`,
+ `emailcerts`.`serial`,
+ `emailcerts`.`disablelogin`,
+ `emailcerts`.`description`
+ from `emailcerts`
+ where `emailcerts`.`memid`='".$userid."'";
+ if($viewall == 0)
+ {
+ $query .= " AND `emailcerts`.`revoked`=0 AND `emailcerts`.`renewed`=0";
+ $query .= " HAVING `timeleft` > 0";
+ }
+ $query .= " ORDER BY `emailcerts`.`modified` desc";
+ return mysql_query($query);
+}
+
+/**
+ * Get all server certs linked to the account
+ * @param int $userid
+ * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
+ * @return resource - a mysql result set
+ */
+function get_server_certs($userid, $viewall=0){
+ //add to account/12.php
+ $userid = intval($userid);
+ $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
+ `domaincerts`.`expire`,
+ `domaincerts`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`revoked`) as `revoked`,
+ `domaincerts`.`CN`,
+ `domaincerts`.`serial`,
+ `domaincerts`.`id`,
+ `domaincerts`.`description`
+ from `domaincerts`,`domains`
+ where `domains`.`memid`='".$userid."' and `domaincerts`.`domid`=`domains`.`id`";
+ if($viewall == 0)
+ {
+ $query .= " AND `domaincerts`.`revoked`=0 AND `domaincerts`.`renewed`=0";
+ $query .= " HAVING `timeleft` > 0";
+ }
+ $query .= " ORDER BY `domaincerts`.`modified` desc";
+ return mysql_query($query);
+}
+
+/**
+ * Get all gpg certs linked to the account
+ * @param int $userid
+ * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
+ * @return resource - a mysql result set
+ */
+function get_gpg_certs($userid, $viewall=0){
+ //add to gpg/2.php
+ $userid = intval($userid);
+ $query = $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
+ UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`expire`) as `expired`,
+ `expire`, `id`, `level`, `email`, `keyid`, `description`
+ from `gpg` where `memid`='".$userid."'";
+ if ($viewall == 0) {
+ $query .= " HAVING `timeleft` > 0";
+ }
+ $query .= " ORDER BY `issued` desc";
+ return mysql_query($query);
+}
+
+
+
+/**
+ * Show the table header to the email table for the admin log
+ */
+function output_log_email_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Email, primary bold") ?></td>
+ <td class="DataTD bold"><?= _("Created") ?></td>
+ <td class="DataTD bold"><?= _("Deleted") ?></td>
+ </tr>
+
+ <?
+}
+/**
+ * Show all email data for the admin log
+ * @param array $row - associative array containing the column data
+ * @param string $primary - if given the primary address is highlighted
+ */
+function output_log_email($row, $primary){
+ $style = '';
+ if ($row['deleted'] !== NULL_DATETIME) {
+ $style = ' deletedemailaddress';
+ } elseif ($primary == $row['email']) {
+ $style = ' primaryemailaddress';
+ }
+ ?>
+ <tr>
+ <td class="DataTD<?=$style?>"><?=$row['email']?></td>
+ <td class="DataTD<?=$style?>"><?=$row['created']?></td>
+ <td class="DataTD<?=$style?>"><?=$row['deleted']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * Show the table header to the domains table for the admin log
+ */
+function output_log_domains_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Domain") ?></td>
+ <td class="DataTD bold"><?= _("Created") ?></td>
+ <td class="DataTD bold"><?= _("Deleted") ?></td>
+ </tr>
+
+ <?
+}
+
+/**
+ * Show the domain data for the admin log
+ * @param array $row - associative array containing the column data
+ */
+function output_log_domains($row){
+ $italic='';
+ if ($row['deleted'] !== NULL_DATETIME) {
+ $italic=' italic';
+ }
+ ?>
+ <tr>
+ <td class="DataTD<?=$italic?>"><?=$row['domain']?></td>
+ <td class="DataTD<?=$italic?>"><?=$row['created']?></td>
+ <td class="DataTD<?=$italic?>"><?=$row['deleted']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * Show the table header to the user agreement table for the admin log
+ */
+function output_log_agreement_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Agreement") ?></td>
+ <td class="DataTD bold"><?= _("Date") ?></td>
+ <td class="DataTD bold"><?= _("Method") ?></td>
+ <td class="DataTD bold"><?= _("Active ") ?></td>
+ </tr>
+ <?
+}
+
+/**
+ * Show the agreement data for the admin log
+ * @param array $row - associative array containing the column data
+ */
+function output_log_agreement($row){
+ ?>
+ <tr>
+ <td class="DataTD" ><?=$row['document']?></td>
+ <td class="DataTD" ><?=$row['date']?></td>
+ <td class="DataTD" ><?=$row['method']?></td>
+ <td class="DataTD"><?= ($row['active']==0)? _('passive'):_('active')?></td>
+ </tr>
+ <?
+}
+
+/**
+ * Show the table header to the training table
+ */
+function output_log_training_header(){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Agreement") ?></td>
+ <td class="DataTD bold"><?= _("Test") ?></td>
+ <td class="DataTD bold"><?= _("Variant") ?></td>
+ </tr>
+ <?
+}
+
+/**
+ * Show the training data
+ * @param array $row - associative array containing the column data
+ */
+function output_log_training($row){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD"><?=$row['pass_date']?></td>
+ <td class="DataTD"><?=$row['type_text']?></td>
+ <td class="DataTD"><?=$row['test_text']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * Show the table header to the SE log table for the admin log
+ * @param int $support - if support = 1 more information is visible
+ */
+function output_log_se_header($support=0){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Date") ?></td>
+ <td class="DataTD bold"><?= _("Type") ?></td>
+ <?
+ if (1 == $support) {
+ ?>
+ <td class="DataTD bold"><?= _("Information") ?></td>
+ <td class="DataTD bold"><?= _("Admin") ?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <?
+}
+
+/**
+ * Show the SE log data for the admin log
+ * @param array $row - associative array containing the column data
+ * @param int $support - if support = 1 more information is visible
+ */
+function output_log_se($row, $support=0){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD"><?=$row['when']?></td>
+ <td class="DataTD"><?=$row['type']?></td>
+ <?
+ if (1 == $support) {
+ ?>
+ <td class="DataTD"><?=$row['information']?></td>
+ <td class="DataTD"><?=$row['fname'].' '.$row['lname']?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <?
+}
+
+/**
+ * Shows the table header to the client cert table
+ * @param int $support - if support = 1 some columns ar not visible
+ * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
+ */
+function output_client_cert_header($support=0, $readonly=true){
+ //should be added to account/5.php
+ ?>
+ <tr>
+ <?
+ if (!$readonly) {
+ ?>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <?
+ }
+ ?>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=_("Login")?></td>
+ <?
+ if (1 != $support) {
+ ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <?
+}
+
+/**
+ * Show the client cert data
+ * @param array $row - associative array containing the column data
+ * @param int $support - if support = 1 some columns are not visible
+ * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
+ */
+function output_client_cert($row, $support=0, $readonly=true){
+ //should be entered in account/5.php
+ $verified="";
+ if ($row['timeleft'] > 0) {
+ $verified = _("Valid");
+ } else {
+ $verified = _("Expired");
+ }
+
+ if ($row['expired'] == 0) {
+ $verified = _("Pending");
+ }
+
+ if ($row['revoked'] == 0) {
+ $row['revoke'] = _("Not Revoked");
+ } else {
+ $verified = _("Revoked");
+ }
+
+ ?>
+ <tr>
+ <?
+ if (!$readonly) {
+ if ($verified === _("Pending")) {
+ ?>
+ <td class="DataTD">
+ <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>">
+ </td>
+ <?
+
+ } elseif ($verified === _("Revoked")) {
+ ?>
+ <td class="DataTD">&nbsp;</td>
+ <?
+
+ } else {
+ ?>
+ <td class="DataTD">
+ <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>">
+ </td>
+ <?
+ }
+ }
+
+ ?>
+ <td class="DataTD"><?=$verified?></td>
+ <?
+
+ if ($verified === _("Pending")) {
+ ?>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?></td>
+ <?
+ } else {
+ ?>
+ <td class="DataTD">
+ <a href="account.php?id=6&amp;cert=<?=intval($row['id'])?>">
+ <?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?>
+ </a>
+ </td>
+ <?
+ }
+
+ ?>
+ <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expire']?></td>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?> <?=$readonly?'disabled="disabled"':''?>/>
+ <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" />
+ </td>
+ <?
+
+ if (1 != $support) {
+ ?>
+ <td class="DataTD">
+ <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
+ </td>
+ <?
+ if (!$readonly) {
+ ?>
+ <td class="DataTD">
+ <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
+ </td>
+ <?
+ }
+ }
+
+ ?>
+ </tr>
+ <?
+}
+
+/**
+ * Show the table header to the server cert table
+ * @param int $support - if support = 1 some columns ar not visible
+ * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
+ */
+function output_server_certs_header($support=0, $readonly=true){
+ //should be entered in account/12.php
+ ?>
+ <tr>
+ <?
+ if (!$readonly) {
+ ?>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <?
+ }
+ ?>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <?
+ if (1 != $support) {
+ ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <?
+}
+
+/**
+ * Show the server cert data
+ * @param array $row - associative array containing the column data
+ * @param int $support - if support = 1 some columns are not visible
+ * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
+ */
+function output_server_certs($row, $support=0, $readonly=true){
+ //should be entered in account/12.php
+ $verified="";
+ if ($row['timeleft'] > 0) {
+ $verified = _("Valid");
+ } else {
+ $verified = _("Expired");
+ }
+
+ if ($row['expired'] == 0) {
+ $verified = _("Pending");
+ }
+
+ if ($row['revoked'] == 0) {
+ $row['revoke'] = _("Not Revoked");
+ } else {
+ $verified = _("Revoked");
+ }
+
+ ?>
+ <tr>
+ <?
+ if (!$readonly) {
+ if ($verified === _("Pending")) {
+ ?>
+ <td class="DataTD">
+ <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/>
+ </td>
+ <?
+ } elseif($verified === _("Revoked")) {
+ ?>
+ <td class="DataTD">&nbsp;</td>
+ <?
+ } else {
+ ?>
+ <td class="DataTD">
+ <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/>
+ </td>
+ <?
+ }
+ }
+
+ ?>
+ <td class="DataTD"><?=$verified?></td>
+ <?
+
+ if ($verified === _("Pending")) {
+ ?>
+ <td class="DataTD"><?=htmlspecialchars($row['CN'])?></td>
+ <?
+ } else {
+ ?>
+ <td class="DataTD">
+ <a href="account.php?id=15&amp;cert=<?=intval($row['id'])?>">
+ <?=htmlspecialchars($row['CN'])?>
+ </a>
+ </td>
+ <?
+ }
+
+ ?>
+ <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expire']?></td>
+ <?
+
+ if (1 != $support) {
+ ?>
+ <td class="DataTD">
+ <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
+ </td>
+ <?
+ if (!$readonly) {
+ ?>
+ <td class="DataTD">
+ <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
+ </td>
+ <?
+ }
+ }
+
+ ?>
+ </tr>
+ <?
+}
+
+/**
+ * Show the table header to the gpg cert table
+ * @param int $support - if support = 1 some columns ar not visible
+ * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
+ */
+function output_gpg_certs_header($support=0, $readonly=true){
+ // $readonly is currently ignored but kept for consistency
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=_("Key ID")?></td>
+ <?
+ if (1 != $support) {
+ ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <?
+}
+
+/**
+ * Show the gpg cert data
+ * @param array $row - associative array containing the column data
+ * @param int $support - if support = 1 some columns are not visible
+ * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
+ */
+function output_gpg_certs($row, $support=0, $readonly=true){
+ //should be entered in account/55.php
+ $verified="";
+ if ($row['timeleft'] > 0) {
+ $verified = _("Valid");
+ } else {
+ $verified = _("Expired");
+ }
+
+ if ($row['expired'] == 0) {
+ $verified = _("Pending");
+ }
+
+ ?>
+ <tr>
+ <td class="DataTD"><?=$verified?></td>
+ <?
+
+ if($verified == _("Pending")) {
+ ?>
+ <td class="DataTD"><?=htmlspecialchars($row['email'])?></td>
+ <?
+ } else {
+ ?>
+ <td class="DataTD">
+ <a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>">
+ <?=htmlspecialchars($row['email'])?>
+ </a>
+ </td>
+ <?
+ }
+
+ ?>
+ <td class="DataTD"><?=$row['expire']?></td>
+ <?
+
+ if($verified == _("Pending")) {
+ ?>
+ <td class="DataTD"><?=htmlspecialchars($row['keyid'])?></td>
+ <?
+ } else {
+ ?>
+ <td class="DataTD">
+ <a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>">
+ <?=htmlspecialchars($row['keyid'])?>
+ </a>
+ </td>
+ <?
+ }
+
+ if (1 != $support) {
+ ?>
+ <td class="DataTD">
+ <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
+ </td>
+ <?
+ if (!$readonly) {
+ ?>
+ <td class="DataTD">
+ <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
+ </td>
+ <?
+ }
+ }
+
+ ?>
+ </tr>
+ <?
+}
diff --git a/includes/tverify_stuff.php b/includes/tverify_stuff.php
index 2053aaa..93f7c32 100644
--- a/includes/tverify_stuff.php
+++ b/includes/tverify_stuff.php
@@ -66,18 +66,10 @@ if(!function_exists("showfooter"))
</div>
</div>
<div id="siteInfo">
-<? if(!$_SERVER["HTTPS"]) { ?><!--ONESTAT SCRIPTCODE START-->
-<script type="text/javascript" src="onestat.js"></script>
-<noscript>
-<a href="http://www.onestat.com/asp/login.asp?sid=164863">
-<img src="http://stat.onestat.com/asp/stat.asp?tagver=1&amp;sid=164863&amp;js=no&amp;" alt="this site tracked by onestat.com" />
-</a>
-</noscript>
-<!--ONESTAT SCRIPTCODE END--><? } ?>
- <a href="index.php?id=12"><?=_("About Us")?></a> | <a href="index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
- <a href="index.php?id=10"><?=_("Privacy Policy")?></a> |
- <a href="index.php?id=51"><?=_("Mission Statement")?></a> | <a href="index.php?id=11"><?=_("Contact Us")?></a> |
- <a href="index.php?id=19"><?=_("Further Information")?></a> | &copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
+ <a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
+ <a href="/index.php?id=10"><?=_("Privacy Policy")?></a> |
+ <a href="/index.php?id=51"><?=_("Mission Statement")?></a> | <a href="/index.php?id=11"><?=_("Contact Us")?></a> |
+ <a href="/index.php?id=19"><?=_("Further Information")?></a> | &copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
</div>
</body>
</html><?
diff --git a/locale/.gitignore b/locale/.gitignore
new file mode 100644
index 0000000..ac93223
--- /dev/null
+++ b/locale/.gitignore
@@ -0,0 +1,6 @@
+# Language files are imported from translingo
+# => Ignore them
+# Use make if you need new ones
+*.po
+*.pot
+*.mo
diff --git a/locale/CVS/Entries b/locale/CVS/Entries
deleted file mode 100644
index ddd02b8..0000000
--- a/locale/CVS/Entries
+++ /dev/null
@@ -1,32 +0,0 @@
-D/fi_FI////
-D/pt_BR////
-/cv.c/1.1/Wed Feb 28 17:21:36 2007//
-/ar.po/1.42/Thu Jun 25 20:09:26 2009//
-/bg.po/1.52/Thu Jun 25 20:09:26 2009//
-/cs.po/1.40/Thu Jun 25 20:09:26 2009//
-/da.po/1.67/Thu Jun 25 20:09:26 2009//
-/de.po/1.79/Thu Jun 25 20:09:26 2009//
-/el.po/1.38/Thu Jun 25 20:09:26 2009//
-/es.po/1.69/Thu Jun 25 20:09:27 2009//
-/fa.po/1.1/Thu Jun 25 20:08:37 2009//
-/fi.po/1.44/Thu Jun 25 20:09:27 2009//
-/fr.po/1.71/Thu Jun 25 20:09:27 2009//
-/he.po/1.40/Thu Jun 25 20:09:27 2009//
-/hr.po/1.39/Thu Jun 25 20:09:27 2009//
-/hu.po/1.72/Thu Jun 25 20:09:27 2009//
-/is.po/1.39/Thu Jun 25 20:09:27 2009//
-/it.po/1.64/Thu Jun 25 20:09:27 2009//
-/ja.po/1.46/Thu Jun 25 20:09:27 2009//
-/ka.po/1.37/Thu Jun 25 20:09:27 2009//
-/ko.po/1.37/Thu Jun 25 20:09:28 2009//
-/make.php/1.4/Thu Jun 25 20:09:28 2009//
-/nb.po/1.37/Thu Jun 25 20:09:28 2009//
-/nl.po/1.67/Thu Jun 25 20:09:28 2009//
-/pl.po/1.44/Thu Jun 25 20:09:28 2009//
-/pt.po/1.64/Thu Jun 25 20:09:29 2009//
-/ro.po/1.41/Thu Jun 25 20:09:29 2009//
-/ru.po/1.50/Thu Jun 25 20:09:29 2009//
-/sv.po/1.59/Thu Jun 25 20:09:29 2009//
-/tl.po/1.38/Thu Jun 25 20:09:29 2009//
-/tr.po/1.50/Thu Jun 25 20:09:29 2009//
-/zh.po/1.53/Thu Jun 25 20:09:29 2009//
diff --git a/locale/CVS/Repository b/locale/CVS/Repository
deleted file mode 100644
index 51363b9..0000000
--- a/locale/CVS/Repository
+++ /dev/null
@@ -1 +0,0 @@
-cacert/locale
diff --git a/locale/CVS/Root b/locale/CVS/Root
deleted file mode 100644
index a363882..0000000
--- a/locale/CVS/Root
+++ /dev/null
@@ -1 +0,0 @@
-/var/lib/cvs
diff --git a/locale/Makefile b/locale/Makefile
new file mode 100644
index 0000000..b831719
--- /dev/null
+++ b/locale/Makefile
@@ -0,0 +1,184 @@
+#
+# This Makefile will download the translations from our translation server (if
+# they don't exist yet) and compile them. Try target help for more information
+#
+
+################################################################################
+### Download ###
+################################################################################
+
+DOWNLOAD_SERVER := translations.cacert.org
+PO_URL_TEMPLATE := http://$(DOWNLOAD_SERVER)/export/cacert/%/messages.po
+
+# Only use languages that have 10% or more of translated strings
+AUTO_LANGS := \
+en \
+de \
+nl \
+pt_BR \
+fr \
+sv \
+it \
+es \
+hu \
+fi \
+ja \
+bg \
+pt \
+da \
+pl \
+zh_CN \
+ru \
+lv \
+cs \
+zh_TW \
+el \
+tr \
+ar \
+
+LANGS := \
+ar \
+bg \
+cs \
+da \
+de \
+el \
+en \
+es \
+fa \
+fi \
+fr \
+he \
+hr \
+hu \
+id \
+is \
+it \
+ja \
+ka \
+ko \
+lv \
+nb \
+nl \
+pl \
+pt \
+pt_BR \
+ro \
+ru \
+sl \
+sv \
+th \
+tr \
+uk \
+zh_CN \
+zh_TW \
+
+
+PO_FILE_TEMPLATE := %/messages.po
+MO_FILE_TEMPLATE := %/LC_MESSAGES/messages.mo
+
+
+# target: all - Build locales downloading po files
+.PHONY: all
+all: $(AUTO_LANGS)
+
+
+# target: help - Display callable targets
+.PHONY: help
+help:
+ @egrep "^# target:" [Mm]akefile
+
+
+# target: clean - remove the build directories
+RM := rm -rf
+.PHONY: clean
+clean:
+ -$(RM) $(LANGS:%=%/)
+
+
+# target: <lang> - build this particular language
+.PHONY: $(LANGS)
+$(LANGS): %: $(MO_FILE_TEMPLATE)
+
+
+$(LANGS:%=$(MO_FILE_TEMPLATE)): $(MO_FILE_TEMPLATE): $(PO_FILE_TEMPLATE)
+ mkdir -p $(@D)
+#filter obsolete translations
+ grep --invert-match '^#~ ' $< | \
+ msgfmt --check --output-file $@ -
+
+
+.PHONY: $(LANGS:%=$(PO_FILE_TEMPLATE))
+$(LANGS:%=$(PO_FILE_TEMPLATE)):
+ mkdir -p $(@D)
+ wget --output-document - '$(@:$(PO_FILE_TEMPLATE)=$(PO_URL_TEMPLATE))' | \
+ php -f escape_special_chars.php \
+ > $@
+
+
+
+
+################################################################################
+### Upload ###
+################################################################################
+
+UPLOAD_SERVER := $(DOWNLOAD_SERVER)
+SSH_USER := critical
+SSH_OPTIONS :=
+SCP_OPTIONS := $(SSH_OPTIONS)
+
+FILE_OWNER := pootle
+
+POT_UPLOAD_PATH := /var/www/Pootle/po/cacert/templates/messages.pot
+MANAGE_PY := /var/www/Pootle/manage.py
+
+VERSION := Production
+DESCRITPION := LibreSSL - CAcert web application (localisation files)
+COPYRIGHT_YEAR := 2004-$(shell date +\%Y)
+PACKAGE := LibreSSL
+
+GETTEXT_FILE_PATTERN := \
+../CommModule/client.pl \
+../includes/*.php \
+../includes/*/*.php \
+../pages/*/*.php \
+../scripts/*.php \
+../www/*.php \
+../www/[a-z]*/*.php \
+# ../tverify/*.php \
+# ../tverify/*/*.php \
+
+GETTEXT_FILES := $(wildcard $(GETTEXT_FILE_PATTERN))
+
+# target: template - create the gettext template file, if you want to upload it
+# target: onto the translation server you can directly use the
+# target: target "upload"
+.PHONY: template
+template: messages.pot
+
+# target: template.clean - remove anything that was created during the build of
+# target: the template file
+.PHONY: template.clean
+template.clean:
+ -$(RM) messages.pot
+
+
+# target: upload - upload the template to the translation server
+.PHONY: upload
+upload: messages.pot
+ scp $(SCP_OPTIONS) messages.pot $(SSH_USER)@$(UPLOAD_SERVER):$(POT_UPLOAD_PATH)
+ ssh $(SSH_OPTIONS) $(SSH_USER)@$(UPLOAD_SERVER) "sudo -u $(FILE_OWNER) pootle-update cacert"
+
+# target: upload.clean - remove anything that was created during the upload
+.PHONY: upload.clean
+upload.clean: template.clean
+
+messages.pot: $(GETTEXT_FILES)
+ xgettext --output - --sort-by-file --copyright-holder "CAcert Inc." \
+ --package-name "CAcert" --package-version "$(VERSION)" \
+ --msgid-bugs-address "translations-admin@cacert.org" \
+ --add-comments=TRANSLATORS $^ | \
+ # replace place holders in the lines before the first msgid\
+ sed '1,/^msgid/ { s/SOME DESCRIPTIVE TITLE/$(DESCRITPION)/; s/YEAR/$(COPYRIGHT_YEAR)/; s/PACKAGE/$(PACKAGE)/ }' \
+ > $@
+
diff --git a/locale/ar.po b/locale/ar.po
deleted file mode 100644
index 6ee50e6..0000000
--- a/locale/ar.po
+++ /dev/null
@@ -1,5195 +0,0 @@
-# translation of messages.po to ar_SY.po
-# This file is distributed under the same license as the PACKAGE package.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
-
-msgid ""
-msgstr ""
-"Project-Id-Version: de\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-01-09 08:25:26+0000\n"
-"PO-Revision-Date: 2009-12-26 19:01:22+0000\n"
-"Last-Translator: Someone <someone@someisp.com>\n"
-"Language-Team: <de@li.org>\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: http://www.TransLingo.org\n"
-
-#: www/account/43.php:43 www/account/49.php:43
-#, php-format
-msgid "%s rows displayed."
-msgstr "&#1578;&#1605; &#1573;&#1592;&#1607;&#1575;&#1585; %s &#1587;&#1591;&#1585;"
-
-#: www/account/43.php:71
-#, php-format
-msgid "%s's Account Details"
-msgstr "&#1578;&#1601;&#1575;&#1589;&#1610;&#1604; &#1575;&#1604;&#1581;&#1587;&#1575;&#1576; %s"
-
-#: www/account/32.php:21
-#, php-format
-msgid "%s's Administrators"
-msgstr "&#1605;&#1583;&#1585;&#1575;&#1569; %s"
-
-#: www/account/26.php:21
-#, php-format
-msgid "%s's Domains"
-msgstr "&#1606;&#1591;&#1575;&#1602;&#1575;&#1578; %s"
-
-#: includes/account.php:1388
-#, php-format
-msgid "'%s' has just been successfully added as an organisation to the database."
-msgstr "&#1578;&#1605;&#1578; &#1573;&#1590;&#1575;&#1601;&#1577; '%s' &#1603;&#1605;&#1606;&#1592;&#1605;&#1577; (&#1605;&#1572;&#1587;&#1587;&#1577;) &#1573;&#1604;&#1609; &#1602;&#1608;&#1575;&#1607;&#1583; &#1575;&#1604;&#1576;&#1610;&#1575;&#1606;&#1575;&#1578;"
-
-#: includes/account.php:1444
-#, php-format
-msgid "'%s' has just been successfully added to the database."
-msgstr "&#1578;&#1605;&#1578; &#1573;&#1590;&#1575;&#1601;&#1577; '%s&quot; &#1573;&#1604;&#1609; &#1602;&#1608;&#1575;&#1593;&#1583; &#1575;&#1604;&#1576;&#1610;&#1575;&#1606;&#1575;&#1578;"
-
-#: includes/account.php:1503
-#, php-format
-msgid "'%s' has just been successfully deleted from the database."
-msgstr "&#1578;&#1605; &#1581;&#1584;&#1601; '%s' &#1605;&#1606; &#1602;&#1608;&#1575;&#1593;&#1583; &#1575;&#1604;&#1576;&#1610;&#1575;&#1606;&#1575;&#1578;"
-
-#: includes/account.php:1416 includes/account.php:1491
-#, php-format
-msgid "'%s' has just been successfully updated in the database."
-msgstr "&#1578;&#1605; &#1578;&#1581;&#1583;&#1610;&#1579; '%s' &#1601;&#1610; &#1602;&#1608;&#1575;&#1593;&#1583; &#1575;&#1604;&#1576;&#1610;&#1575;&#1606;&#1575;&#1578;"
-
-#: www/help/3.php:64
-msgid "...then click 'Next'."
-msgstr "... &#1579;&#1605; &#1573;&#1590;&#1594;&#1591; '&#1575;&#1604;&#1578;&#1575;&#1604;&#1610;'"
-
-#: www/wot/3.php:42
-msgid "A CAcert Assurer who knowingly, or reasonably ought to have known, assures an applicant contrary to this policy may be held liable."
-msgstr "A CAcert Assurer who knowingly, or reasonably ought to have known, assures an applicant contrary to this policy may be held liable.&#13;&#13;&#1573;&#1606; &#1575;&#1604;&#1605;&#1589;&#1575;&#1583;&#1602; &#1605;&#1606; CAcert &#1575;&#1604;&#1584;&#1610; &#1610;&#1593;&#1604;&#1605; &#1571;&#1608; &#1605;&#1606; &#1575;&#1604;&#1605;&#1601;&#1585;&#1608;&#1590; &#1571;&#1606; &#1610;&#1593;&#1604;&#1605; &#1610;&#1605;&#1582;&#1575;&#1604;&#1601;&#1578;&#1607; &#1604;&#1607;&#1584;&#1607; &#1575;&#1604;&#1587;&#1610;&#1575;&#1587;&#1577; &#1593;&#1606;&#1583; &#1575;&#1604;&#1605;&#1589;&#1575;&#1583;&#1602;&#1577; &#1593;&#1604;&#1609; &#1580;&#1607;&#1577; &#1605;&#1575; &#1587;&#1610;&#1578;&#1593;&#1585;&#1590; &#1604;&#1604;&#1605;&#1587;&#1575;&#1574;&#1604;&#1577;"
-
-#: www/wot/4.php:17
-msgid "A trusted 3rd party is simply someone in your country that is responsible for witnessing signatures and ID documents. This role is covered by many different titles such as public notary, justice of the peace and so on. Other people are allowed to be authoritative in this area as well, such as bank managers, accountants and lawyers."
-msgstr "&#1575;&#1604;&#1580;&#1607;&#1577; &#1575;&#1604;&#1605;&#1608;&#1579;&#1608;&#1602;&#1577; &#1575;&#1604;&#1579;&#1575;&#1604;&#1579;&#1577; &#1607;&#1610; &#1573;&#1581;&#1583;&#1609; &#1575;&#1604;&#1580;&#1607;&#1575;&#1578; &#1575;&#1604;&#1605;&#1587;&#1572;&#1608;&#1604;&#1577; &#1601;&#1610; &#1576;&#1604;&#1583;&#1603; &#1593;&#1606; &#1578;&#1589;&#1583;&#1610;&#1602; &#1575;&#1604;&#1578;&#1608;&#1575;&#1602;&#1610;&#1593; &#1608;&#1575;&#1604;&#1608;&#1579;&#1575;&#1574;&#1602;. &#1608;&#1610;&#1591;&#1604;&#1602; &#1593;&#1604;&#1609; &#1607;&#1584;&#1607; &#1575;&#1604;&#1580;&#1607;&#1575;&#1578; &#1578;&#1587;&#1605;&#1610;&#1575;&#1578; &#1593;&#1583;&#1610;&#1583;&#1577; &#1605;&#1579;&#1604;: &#1575;&#1604;&#1603;&#1575;&#1578;&#1576; &#1576;&#1575;&#1604;&#1593;&#1583;&#1604; &#1548; &#1583;&#1610;&#1608;&#1575;&#1606; &#1575;&#1604;&#1605;&#1581;&#1575;&#1603;&#1605; &#1575;&#1604;&#1605;&#1583;&#1606;&#1610;&#1577; &#1548; &#1575;&#1604;&#1582;. &#1603;&#1605;&#1575; &#1610;&#1587;&#1578;&#1591;&#1610;&#1593; &#1575;&#1604;&#1576;&#1593;&#1590; &#1571;&#1606; &#1610;&#1602;&#1608;&#1605; &#1576;&#1607;&#1584;&#1607; &#1575;&#1604;&#1605;&#1607;&#1605;&#1577; &#1571;&#1581;&#1610;&#1575;&#1606;&#1575;&#1611; &#1605;&#1579;&#1604; &#1605;&#1583;&#1585;&#1575;&#1569; &#1575;&#1604;&#1605;&#1589;&#1575;&#1585;&#1601; &#1548; &#1575;&#1604;&#1605;&#1581;&#1575;&#1587;&#1576;&#1608;&#1606; &#1575;&#1604;&#1602;&#1575;&#1606;&#1608;&#1606;&#1610;&#1608;&#1606; &#1608;&#1575;&#1604;&#1605;&#1581;&#1575;&#1605;&#1608;&#1606;."
-
-#: www/account/38.php:21 www/index/13.php:21
-msgid "ANY amount will be appreciated - the more funding CAcert receives, the sooner it can achieve the goals of the community."
-msgstr "&#1573;&#1606; &#1571;&#1610; &#1605;&#1576;&#1604;&#1594; &#1605;&#1607;&#1605;&#1575; &#1610;&#1603;&#1606; &#1587;&#1610;&#1587;&#1575;&#1593;&#1583;&#1606;&#1575; - &#1603;&#1604;&#1605;&#1575; &#1586;&#1575;&#1583;&#1578; &#1575;&#1604;&#1605;&#1587;&#1575;&#1607;&#1605;&#1577; &#1603;&#1604;&#1605;&#1575; &#1571;&#1587;&#1585;&#1593;&#1606;&#1575; &#1601;&#1610; &#1608;&#1589;&#1608;&#1604; &#1605;&#1580;&#1605;&#1608;&#1593;&#1578;&#1606;&#1575; &#1573;&#1604;&#1609; &#1575;&#1604;&#1571;&#1607;&#1583;&#1575;&#1601; &#1575;&#1604;&#1605;&#1585;&#1580;&#1608;&#1577;."
-
-#: includes/account_stuff.php:182
-msgid "About"
-msgstr "&#1581;&#1608;&#1604;"
-
-#: www/account/37.php:15 www/index/12.php:15
-msgid "About CAcert.org"
-msgstr "&#1581;&#1608;&#1604; CAcert.org"
-
-#: includes/account_stuff.php:209 includes/general_stuff.php:108
-msgid "About Us"
-msgstr "&#1604;&#1605;&#1581;&#1577; &#1593;&#1606;&#1575;"
-
-#: includes/account_stuff.php:150 includes/account_stuff.php:158
-#: www/account/1.php:26 www/account/16.php:21 www/account/26.php:21
-#: www/account/28.php:29 www/account/3.php:30 www/account/32.php:21
-#: www/account/33.php:47 www/account/7.php:27
-msgid "Add"
-msgstr "&#1571;&#1590;&#1601;"
-
-#: www/account/7.php:19
-msgid "Add Domain"
-msgstr "&#1571;&#1590;&#1601; &#1606;&#1591;&#1575;&#1602;"
-
-#: www/account/1.php:18
-msgid "Add Email"
-msgstr "&#1571;&#1590;&#1601; &#1576;&#1585;&#1610;&#1583; &#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;"
-
-#: www/account/16.php:22 www/account/2.php:24 www/account/3.php:31
-#: www/account/9.php:23
-msgid "Address"
-msgstr "&#1593;&#1606;&#1608;&#1575;&#1606;"
-
-#: www/account/32.php:24
-msgid "Administrator"
-msgstr "&#1605;&#1583;&#1610;&#1585; &#1575;&#1604;&#1606;&#1592;&#1575;&#1605;"
-
-#: www/account/25.php:22 www/account/25.php:39 www/account/35.php:21
-#: www/account/35.php:35
-msgid "Admins"
-msgstr "&#1605;&#1583;&#1585;&#1575;&#1569; &#1575;&#1604;&#1606;&#1592;&#1575;&#1605;"
-
-#: www/wot/3.php:28
-msgid "After the meeting, visit the CAcert Web site's make an Assurance page and:"
-msgstr "&#1576;&#1593;&#1583; &#1575;&#1604;&#1575;&#1580;&#1578;&#1605;&#1575;&#1593; &#1575;&#1604;&#1585;&#1580;&#1575;&#1569; &#1586;&#1610;&#1575;&#1585;&#1577; CAcert &#1608;&#1575;&#1604;&#1602;&#1610;&#1575;&#1605; &#1576;&#1573;&#1606;&#1588;&#1575;&#1569; &#1589;&#1601;&#1581;&#1577; &#1575;&#1604;&#1605;&#1589;&#1575;&#1583;&#1602;&#1577; &#1608;:"
-
-#: www/help/3.php:44
-msgid "After your certificate has been emailed to you, follow this process to install the certificate."
-msgstr "&#1576;&#1593;&#1583; &#1575;&#1585;&#1587;&#1575;&#1604; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577; &#1593;&#1604;&#1609; &#1593;&#1606;&#1608;&#1575;&#1606; &#1576;&#1585;&#1610;&#1583;&#1603; &#1575;&#1604;&#1575;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1548; &#1610;&#1585;&#1580;&#1609; &#1575;&#1578;&#1576;&#1575;&#1593; &#1575;&#1604;&#1593;&#1605;&#1604;&#1610;&#1577; &#1575;&#1604;&#1578;&#1575;&#1604;&#1610;&#1577; &#1604;&#1578;&#1585;&#1603;&#1610;&#1576; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577;."
-
-#: www/account/39.php:32 www/index/10.php:32
-msgid "Aggregated tracking information"
-msgstr "&#1605;&#1593;&#1604;&#1608;&#1605;&#1575;&#1578; &#1575;&#1604;&#1578;&#1578;&#1576;&#1593; &#1575;&#1604;&#1578;&#1610; &#1578;&#1576;&#1579;"
-
-#: www/account/36.php:21 www/index/1.php:110
-msgid "Alert me if"
-msgstr "&#1575;&#1604;&#1578;&#1581;&#1584;&#1610;&#1585; &#1601;&#1610; &#1581;&#1575;&#1604;"
-
-#: www/index.php:332
-msgid "All fields are mandatory."
-msgstr "&#1603;&#1575;&#1601;&#1577; &#1575;&#1604;&#1581;&#1602;&#1608;&#1604; &#1590;&#1585;&#1608;&#1585;&#1610;&#1577;"
-
-#: www/account/43.php:157
-msgid "Alternate Verified Email Addresses"
-msgstr "&#1593;&#1606;&#1608;&#1575;&#1606; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1575;&#1604;&#1576;&#1583;&#1610;&#1604; &#1575;&#1604;&#1605;&#1583;&#1602;&#1602;"
-
-#: www/help/7.php:9
-msgid "Alternatively as things progress we can add more layers of security with say 4 webservers talking to 2 intermediate servers, talking to the root store, and acting in a token ring fashion, anything happening out of sequence, and the server directly upstream shuts itself down, which if that were in place and there were multiple paths, any down time in this fashion would fall over to the servers not compromised, anyways just some food for thought."
-msgstr "&#1576;&#1583;&#1604;&#1575; &#1593;&#1606; &#1584;&#1604;&#1603; &#1608;&#1581;&#1587;&#1576; &#1578;&#1602;&#1583;&#1605; &#1575;&#1604;&#1571;&#1605;&#1608;&#1585; &#1610;&#1605;&#1603;&#1606; &#1605;&#1587;&#1578;&#1608;&#1610;&#1575;&#1578; &#1571;&#1603;&#1579;&#1585; &#1605;&#1606; &#1575;&#1604;&#1571;&#1605;&#1606; &#1605;&#1579;&#1604; 4 &#1605;&#1582;&#1583;&#1605;&#1575;&#1578; &#1608;&#1576; &#1575;&#1604;&#1578;&#1610; &#1578;&#1578;&#1582;&#1575;&#1591;&#1576; &#1605;&#1593; &#1605;&#1582;&#1583;&#1605;&#1610;&#1606; &#1605;&#1578;&#1608;&#1587;&#1591;&#1610;&#1606;&#1575;&#1604;&#1604;&#1584;&#1575;&#1606; &#1610;&#1578;&#1582;&#1575;&#1591;&#1576;&#1575;&#1606; &#1605;&#1593; &#1575;&#1604;&#1580;&#1584;&#1585;&#1548; &#1608;&#1610;&#1578;&#1589;&#1585;&#1617;&#1601; &#1608;&#1601;&#1602; &#1581;&#1604;&#1602;&#1577; &#1578;&#1585;&#1575;&#1587;&#1604; &#1608;&#1601;&#1610; &#1581;&#1575;&#1604; &#1581;&#1583;&#1608;&#1579; &#1571;&#1610;&#1617; &#1588;&#1574; &#1582;&#1575;&#1585;&#1580; &#1607;&#1584;&#1607; &#1575;&#1604;&#1587;&#1604;&#1587;&#1604;&#1577; &#1610;&#1594;&#1604;&#1602; &#1575;&#1604;&#1605;&#1582;&#1583;&#1605; &#1606;&#1601;&#1587;&#1607; &#1601;&#1610; &#1608;&#1580;&#1607; &#1575;&#1604;&#1591;&#1604;&#1576;&#1575;&#1578; &#1575;&#1604;&#1578;&#1610; &#1608;&#1589;&#1604;&#1578; &#1608;&#1591;&#1576;&#1602;&#1578; &#1571;&#1608; &#1575;&#1604;&#1578;&#1610; &#1570;&#1578;&#1610;&#1577; &#1593;&#1606; &#1593;&#1583;&#1577; &#1591;&#1585;&#1602; &#1548; &#1608;&#1575;&#1604;&#1578;&#1608;&#1602;&#1601; &#1582;&#1604;&#1575;&#1604; &#1575;&#1587;&#1578;&#1582;&#1583;&#1575;&#1605; &#1607;&#1584;&#1607; &#1575;&#1604;&#1591;&#1585;&#1610;&#1602;&#1577; &#1604;&#1606; &#1610;&#1572;&#1579;&#1585; &#1593;&#1604;&#1609; &#1575;&#1604;&#1605;&#1582;&#1583;&#1605;&#1575;&#1578; &#1608;&#1610;&#1580;&#1593;&#1604; &#1605;&#1606; &#1575;&#1604;&#1589;&#1593;&#1576; &#1575;&#1582;&#1578;&#1585;&#1575;&#1602;&#1607;&#1605; &#1608;&#1593;&#1604;&#1609; &#1571;&#1610; &#1581;&#1575;&#1604; &#1607;&#1584;&#1575; &#1601;&#1602;&#1591; &#1603;&#1601;&#1603;&#1585;&#1577; &#1601;&#1602;&#1591;."
-
-#: www/account/40.php:52 www/index/11.php:52
-msgid "Alternatively you can get in contact with us via the following methods:"
-msgstr "&#1603;&#1576;&#1583;&#1610;&#1604; &#1610;&#1605;&#1603;&#1606; &#1575;&#1604;&#1575;&#1578;&#1589;&#1575;&#1604; &#1576;&#1606;&#1575; &#1576;&#1575;&#1578;&#1576;&#1575;&#1593; &#1573;&#1581;&#1583;&#1609; &#1575;&#1604;&#1591;&#1585;&#1602; &#1575;&#1604;&#1578;&#1575;&#1604;&#1610;&#1577;:"
-
-#: www/help/2.php:49
-msgid "And they are making mistakes"
-msgstr "&#1608;&#1607;&#1605; &#1610;&#1602;&#1608;&#1605;&#1608;&#1606; &#1576;&#1575;&#1585;&#1578;&#1603;&#1575;&#1576; &#1571;&#1582;&#1591;&#1575;&#1569;"
-
-#: www/help/3.php:70
-msgid "And you're done!"
-msgstr "&#1578;&#1605; &#1575;&#1604;&#1593;&#1605;&#1604; &#1576;&#1606;&#1580;&#1575;&#1581;!"
-
-#: www/account/16.php:39
-msgid "Another Email"
-msgstr "&#1576;&#1585;&#1610;&#1583; &#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1570;&#1582;&#1585;"
-
-#: includes/account.php:404
-msgid "Any valid certificates will be revoked as well"
-msgstr "&#1587;&#1610;&#1578;&#1605; &#1573;&#1576;&#1591;&#1575;&#1604; &#1571;&#1610; &#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1608;&#1604;&#1608; &#1603;&#1575;&#1606;&#1578; &#1589;&#1581;&#1610;&#1581;&#1577;"
-
-#: www/help/7.php:5
-msgid "Apart from the boot stuff, all data resides on an encrypted partition on the root store server and only manual intervention in the boot up process by entering the password will start it again."
-msgstr "&#1576;&#1594;&#1590; &#1575;&#1604;&#1606;&#1592;&#1585; &#1593;&#1606; &#1571;&#1605;&#1608;&#1585;&#1575;&#1604;&#1573;&#1602;&#1604;&#1575;&#1593;&#1548; &#1603;&#1604;&#1617; &#1575;&#1604;&#1576;&#1610;&#1575;&#1606;&#1575;&#1578; &#1605;&#1608;&#1580;&#1608;&#1583;&#1577; &#1593;&#1604;&#1609; &#1602;&#1587;&#1605; &#1605;&#1588;&#1601;&#1617;&#1585; &#1593;&#1604;&#1609; &#1575;&#1604;&#1605;&#1582;&#1583;&#1605; &#1575;&#1604;&#1580;&#1584;&#1585; &#1575;&#1604;&#1581;&#1575;&#1601;&#1592; &#1604;&#1604;&#1576;&#1610;&#1575;&#1606;&#1575;&#1578; &#1608;&#1587;&#1610;&#1578;&#1605; &#1578;&#1588;&#1594;&#1610;&#1604; &#1575;&#1604;&#1605;&#1582;&#1583;&#1605; &#1601;&#1602;&#1591; &#1576;&#1575;&#1604;&#1578;&#1583;&#1582;&#1617;&#1604; &#1575;&#1604;&#1610;&#1583;&#1608;&#1610; &#1601;&#1610; &#1593;&#1605;&#1604;&#1610;&#1577; &#1575;&#1604;&#1573;&#1602;&#1604;&#1575;&#1593; &#1608;&#1576;&#1575;&#1587;&#1578;&#1582;&#1583;&#1575;&#1605; &#1603;&#1604;&#1605;&#1577; &#1605;&#1585;&#1608;&#1585;."
-
-#: www/index/17.php:61
-msgid "Can't start the CEnroll control:"
-msgstr "&#1604;&#1575; &#1610;&#1605;&#1603;&#1606; &#1576;&#1583;&#1569; &#1575;&#1604;&#1578;&#1581;&#1603;&#1605; &#1576;&#1600; CEnroll:"
-
-#: www/account/30.php:31
-#, php-format
-msgid "Are you really sure you want to remove %s and all certificates issued under this domain?"
-msgstr "&#1607;&#1604; &#1571;&#1606;&#1578; &#1605;&#1578;&#1571;&#1603;&#1583; &#1581;&#1602;&#1575;&#1611; &#1605;&#1606; &#1581;&#1584;&#1601; %s &#1605;&#1593; &#1603;&#1575;&#1601;&#1577; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1578;&#1610; &#1571;&#1589;&#1583;&#1585;&#1578; &#1578;&#1581;&#1578; &#1607;&#1584;&#1575; &#1575;&#1604;&#1606;&#1591;&#1575;&#1602;&#1567;"
-
-#: www/account/31.php:27
-#, php-format
-msgid "Are you really sure you want to remove %s and all certificates issued under this organisation?"
-msgstr "&#1607;&#1604; &#1571;&#1606;&#1578; &#1605;&#1578;&#1571;&#1603;&#1583; &#1581;&#1602;&#1575;&#1611; &#1605;&#1606; &#1581;&#1584;&#1601; %s &#1605;&#1593; &#1603;&#1575;&#1601;&#1577; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1578;&#1610; &#1571;&#1589;&#1583;&#1585;&#1578; &#1578;&#1581;&#1578; &#1607;&#1584;&#1575; &#1575;&#1604;&#1605;&#1572;&#1587;&#1587;&#1577;&#1567;"
-
-#: www/account/34.php:31
-#, php-format
-msgid "Are you really sure you want to remove %s from administering this organisation?"
-msgstr "&#1607;&#1604; &#1571;&#1606;&#1578; &#1605;&#1578;&#1571;&#1603;&#1583; &#1581;&#1602;&#1575;&#1611; &#1605;&#1606; &#1581;&#1584;&#1601; %s &#1605;&#1606; &#1573;&#1583;&#1575;&#1585;&#1577; &#1607;&#1584;&#1607; &#1575;&#1604;&#1605;&#1572;&#1587;&#1587;&#1577;&#1567;"
-
-#: www/help/2.php:22
-msgid "As anyone who has received an email containing a virus from a strange address knows, emails can be easily spoofed. The identity of the sender is very easy to forge via email. Thus a great advantage is that digital signing provides a means of ensuring that an email is really from the person you think it is. If everyone digitally signed their emails, it would be much easier to know whether an email is legitimate and unchanged and to the great relief of many, spamming would be much easier to control, and viruses that forge the sender's address would be obvious and therefore easier to control."
-msgstr "&#1571;&#1610; &#1588;&#1582;&#1589; &#1605;&#1605;&#1606; &#1575;&#1587;&#1578;&#1604;&#1605; &#1585;&#1587;&#1575;&#1604;&#1577; &#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;&#1577; &#1578;&#1581;&#1608;&#1610; &#1601;&#1610;&#1585;&#1608;&#1587;&#1575;&#1611; &#1605;&#1606; &#1605;&#1585;&#1587;&#1604; &#1584;&#1608; &#1593;&#1606;&#1608;&#1575;&#1606; &#1594;&#1585;&#1610;&#1576; &#1571;&#1606;&#1607; &#1605;&#1606; &#1575;&#1604;&#1587;&#1607;&#1604; &#1575;&#1604;&#1578;&#1604;&#1575;&#1593;&#1576; &#1576;&#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;. &#1573;&#1606; &#1578;&#1581;&#1583;&#1610;&#1583; &#1571;&#1610; &#1593;&#1606;&#1608;&#1575;&#1606; &#1576;&#1585;&#1610;&#1583;&#1610; &#1603;&#1605;&#1585;&#1587;&#1604; &#1576;&#1575;&#1587;&#1605; &#1605;&#1582;&#1578;&#1604;&#1601; &#1607;&#1608; &#1593;&#1605;&#1604;&#1610;&#1577; &#1576;&#1587;&#1610;&#1591;&#1577; &#1576;&#1575;&#1587;&#1578;&#1582;&#1583;&#1575;&#1605; &#1593;&#1606;&#1608;&#1575;&#1606;&#1607; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583;&#1610; &#1601;&#1602;&#1591;. &#1604;&#1607;&#1584;&#1575; &#1601;&#1573;&#1606; &#1575;&#1604;&#1578;&#1608;&#1602;&#1610;&#1593; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1605;&#1607;&#1605; &#1580;&#1583;&#1575;&#1611; &#1604;&#1604;&#1578;&#1571;&#1603;&#1583; &#1605;&#1606; &#1571;&#1606; &#1575;&#1604;&#1605;&#1585;&#1587;&#1604; &#1607;&#1608; &#1601;&#1593;&#1604;&#1575;&#1611; &#1575;&#1604;&#1588;&#1582;&#1589; &#1575;&#1604;&#1584;&#1610; &#1578;&#1578;&#1608;&#1602;&#1593;&#1608;&#1606;&#1607;. &#1601;&#1610; &#1581;&#1575;&#1604; &#1571;&#1606; &#1603;&#1604; &#1588;&#1582;&#1589; &#1602;&#1575;&#1605; &#1576;&#1578;&#1608;&#1602;&#1610;&#1593; &#1576;&#1585;&#1610;&#1583;&#1607; &#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;&#1575;&#1611; &#1587;&#1610;&#1603;&#1608;&#1606; &#1605;&#1606; &#1575;&#1604;&#1587;&#1607;&#1604; &#1580;&#1583;&#1575;&#1611; &#1578;&#1581;&#1583;&#1610;&#1583; &#1601;&#1610;&#1605;&#1575; &#1573;&#1584;&#1575; &#1603;&#1575;&#1606; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1605;&#1582;&#1575;&#1604;&#1601;&#1575;&#1611; &#1604;&#1604;&#1571;&#1593;&#1585;&#1575;&#1601; &#1571;&#1608; &#1606;&#1575;&#1601;&#1604;&#1575;&#1611; &#1608;&#1587;&#1578;&#1603;&#1608;&#1606; &#1575;&#1604;&#1587;&#1610;&#1591;&#1585;&#1577; &#1593;&#1604;&#1609; &#1575;&#1604;&#1571;&#1605;&#1585; &#1576;&#1587;&#1610;&#1591;&#1577; &#1580;&#1583;&#1575;&#1611; &#1603;&#1605;&#1575; &#1587;&#1610;&#1578;&#1605; &#1605;&#1606;&#1593; &#1575;&#1604;&#1601;&#1610;&#1585;&#1608;&#1587;&#1575;&#1578; &#1575;&#1604;&#1578;&#1610; &#1578;&#1578;&#1604;&#1575;&#1593;&#1576; &#1576;&#1575;&#1604;&#1593;&#1606;&#1575;&#1608;&#1610;&#1606; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583;&#1610;&#1577; &#1605;&#1606; &#1575;&#1604;&#1575;&#1606;&#1578;&#1588;&#1575;&#1585;."
-
-#: www/wot/6.php:24
-msgid "Assurance Confirmation"
-msgstr "&#1578;&#1571;&#1603;&#1610;&#1583; &#1575;&#1604;&#1578;&#1581;&#1602;&#1602;"
-
-#: www/account/43.php:146 www/wot/3.php:44
-msgid "Assurance Points"
-msgstr "&#1606;&#1602;&#1575;&#1591; &#1575;&#1604;&#1578;&#1581;&#1602;&#1602;"
-
-#: www/account/43.php:225 www/wot/10.php:52
-msgid "Assurance Points You Issued"
-msgstr "&#1606;&#1602;&#1575;&#1591; &#1575;&#1604;&#1578;&#1581;&#1602;&#1602; &#1575;&#1604;&#1578;&#1610; &#1571;&#1606;&#1588;&#1571;&#1578;&#1607;&#1575;"
-
-#: www/stats.php:51
-msgid "Assurances Made"
-msgstr "&#1589;&#1606;&#1593; &#1575;&#1604;&#1578;&#1571;&#1605;&#1610;&#1606;&#1575;&#1578;"
-
-#: includes/account_stuff.php:182 www/wot/5.php:19
-msgid "Assure Someone"
-msgstr "&#1605;&#1589;&#1575;&#1583;&#1602;&#1577; &#1593;&#1604;&#1609; &#1571;&#1581;&#1583; &#1605;&#1575;"
-
-#: www/index/0.php:60
-msgid "Assured client certificates"
-msgstr "&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1586;&#1576;&#1608;&#1606; &#1575;&#1604;&#1605;&#1589;&#1583;&#1602;&#1577;"
-
-#: www/index/0.php:90
-msgid "Assured server certificates"
-msgstr "&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1605;&#1582;&#1583;&#1605; &#1575;&#1604;&#1605;&#1589;&#1583;&#1602;&#1577;"
-
-#: pages/index/0.php:25
-msgid "For CAcert Community Members"
-msgstr ""
-
-#: www/index/51.php:28
-msgid "Based on OpenSSL, PHP, a little bit of C and MySQL, we were able to build not only a free certificate authority that could verify your email address or domain, but actually build in a highly effective trust model. Our model goes further than that used by some commercial CAs to prove your identity."
-msgstr "&#1575;&#1587;&#1578;&#1606;&#1575;&#1583;&#1575;&#1611; &#1593;&#1604;&#1609; OpenSSL&#1548; PHP&#1548; &#1608; &#1575;&#1604;&#1602;&#1604;&#1610;&#1604; &#1605;&#1606; C &#1608;MySQL&#1548; &#1610;&#1605;&#1603;&#1606; &#1576;&#1606;&#1575;&#1569; &#1604;&#1610;&#1587; &#1601;&#1602;&#1591; &#1607;&#1610;&#1574;&#1577; &#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1605;&#1580;&#1617;&#1575;&#1606;&#1610;&#1577; &#1575;&#1604;&#1578;&#1610; &#1610;&#1605;&#1603;&#1606;&#1607;&#1575; &#1578;&#1571;&#1603;&#1610;&#1583; &#1593;&#1606;&#1608;&#1575;&#1606; &#1576;&#1585;&#1610;&#1583;&#1603; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1571;&#1608; &#1606;&#1591;&#1575;&#1602;&#1603;&#1548; &#1576;&#1604; &#1606;&#1605;&#1608;&#1584;&#1580; &#1604;&#1604;&#1579;&#1602;&#1577; &#1601;&#1593;&#1617;&#1575;&#1604; &#1580;&#1583;&#1575;. &#1608;&#1607;&#1584;&#1575; &#1575;&#1604;&#1606;&#1605;&#1608;&#1584;&#1580; &#1587;&#1610;&#1584;&#1607;&#1576; &#1571;&#1576;&#1593;&#1583; &#1605;&#1606; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1578;&#1580;&#1575;&#1585;&#1610;&#1577; &#1575;&#1604;&#1605;&#1587;&#1578;&#1582;&#1583;&#1605;&#1577; &#1605;&#1606; &#1602;&#1576;&#1604; &#1575;&#1604;&#1576;&#1593;&#1590; &#1604;&#1573;&#1579;&#1576;&#1575;&#1578; &#1607;&#1608;&#1610;&#1578;&#1603;."
-
-#: www/index/0.php:110
-msgid "Become a member of the CAcert Association"
-msgstr "&#1575;&#1606;&#1590;&#1605; &#1573;&#1604;&#1609; &#1571;&#1593;&#1590;&#1575;&#1569; &#1607;&#1610;&#1574;&#1577; CAcert"
-
-#: www/index/0.php:100
-msgid "Become an assurer in CAcert Web of Trust"
-msgstr "&#1575;&#1606;&#1590;&#1605; &#1573;&#1604;&#1609; &#1575;&#1604;&#1605;&#1589;&#1575;&#1583;&#1602;&#1610;&#1606; &#1601;&#1610; CAcert &#1588;&#1576;&#1603;&#1577; &#1575;&#1604;&#1579;&#1602;&#1577;"
-
-#: includes/account_stuff.php:182
-msgid "Becoming an Assurer"
-msgstr "&#1575;&#1604;&#1575;&#1606;&#1590;&#1605;&#1575;&#1605; &#1573;&#1604;&#1609; &#1575;&#1604;&#1605;&#1589;&#1575;&#1583;&#1602;&#1610;&#1606;"
-
-#: pages/account/10.php:34
-msgid "Paste your CSR(Certificate Signing Request) below..."
-msgstr ""
-
-#: www/account/0.php:24
-msgid "Before you can start issuing certificates for your website, irc server, smtp server, pop3, imap etc you will need to add domains to your account under the domain menu. You can also remove domains from here as well. Once you've added a domain you are free then to go into the Server Certificate section and start pasting CSR into the website and have the website return you a valid certificate for up to 2 years if you have 50 trust points, or 6 months for no trust points."
-msgstr "&#1602;&#1576;&#1604; &#1571;&#1606; &#1578;&#1587;&#1578;&#1591;&#1610;&#1593; &#1575;&#1604;&#1576;&#1583;&#1569;&#1576;&#1573;&#1589;&#1583;&#1575;&#1585; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1604;&#1605;&#1608;&#1602;&#1593;&#1603; &#1548; &#1582;&#1575;&#1583;&#1605; &#1575;&#1604;&#1583;&#1585;&#1583;&#1588;&#1577; IRC, &#1605;&#1582;&#1583;&#1605;&#1575;&#1578; smtp&#1548; POP3, imap &#1575;&#1604;&#1582; &#1587;&#1608;&#1601; &#1578;&#1581;&#1578;&#1575;&#1580; &#1604;&#1573;&#1590;&#1575;&#1601;&#1577; &#1575;&#1604;&#1606;&#1591;&#1575;&#1602;&#1575;&#1578; &#1573;&#1604;&#1609; &#1581;&#1587;&#1575;&#1576;&#1603; &#1578;&#1581;&#1578; &#1602;&#1575;&#1574;&#1605;&#1577; &#1575;&#1604;&#1606;&#1591;&#1575;&#1602;&#1575;&#1578; &#1603;&#1605;&#1575; &#1578;&#1587;&#1578;&#1591;&#1610;&#1593; &#1573;&#1586;&#1575;&#1604;&#1578;&#1607;&#1575;. &#1576;&#1593;&#1583; &#1573;&#1590;&#1575;&#1601;&#1577; &#1606;&#1591;&#1575;&#1602; &#1610;&#1605;&#1603;&#1606;&#1603; &#1571;&#1606; &#1578;&#1606;&#1578;&#1602;&#1604; &#1573;&#1604;&#1609; &#1602;&#1587;&#1605; &#1588;&#1607;&#1575;&#1583;&#1577; &#1575;&#1604;&#1605;&#1582;&#1583;&#1605; &#1608;&#1573;&#1583;&#1582;&#1575;&#1604; (&#1604;&#1589;&#1602;) &#1588;&#1607;&#1575;&#1583;&#1577; &#1575;&#1604;&#1605;&#1582;&#1583;&#1605; CSR &#1590;&#1605;&#1606; &#1575;&#1604;&#1605;&#1608;&#1602;&#1593; &#1608;&#1587;&#1608;&#1601; &#1610;&#1585;&#1581;&#1593; &#1575;&#1604;&#1605;&#1608;&#1602;&#1593; &#1588;&#1607;&#1575;&#1583;&#1577; &#1589;&#1581;&#1610;&#1581;&#1577; &#1604;&#1605;&#1583;&#1577; &#1571;&#1602;&#1589;&#1575;&#1607;&#1575; &#1587;&#1606;&#1578;&#1575;&#1606; &#1573;&#1584;&#1575; &#1604;&#1583;&#1610;&#1603; 50 &#1606;&#1602;&#1591;&#1577; &#1579;&#1602;&#1577;&#1548; &#1571;&#1608; 6 &#1588;&#1607;&#1608;&#1585; &#1573;&#1584;&#1575; &#1603;&#1606;&#1578; &#1604;&#1575; &#1578;&#1605;&#1604;&#1603; &#1571;&#1610; &#1606;&#1602;&#1575;&#1591;."
-
-#: www/account/15.php:32 www/account/23.php:32
-msgid "Below is your Server Certificate"
-msgstr "&#1588;&#1607;&#1575;&#1583;&#1577; &#1605;&#1582;&#1583;&#1603; &#1601;&#1610; &#1575;&#1604;&#1571;&#1587;&#1601;&#1604;"
-
-#: www/index/0.php:53 www/index/0.php:63 www/index/0.php:73 www/index/0.php:83
-#: www/index/0.php:93 www/index/0.php:103 www/index/0.php:113
-msgid "Benefits"
-msgstr "&#1601;&#1608;&#1575;&#1574;&#1583;"
-
-#: includes/account.php:49 includes/account.php:389 www/index.php:316
-#: www/wot.php:222 www/wot.php:234 scripts/removedead.php:59
-msgid "Best regards"
-msgstr "&#1571;&#1580;&#1605;&#1604; &#1575;&#1604;&#1578;&#1581;&#1610;&#1575;&#1578;"
-
-#: www/help/3.php:60
-msgid "Browse to the location you saved the .cer file to in step 1"
-msgstr "&#1573;&#1584;&#1607;&#1576; &#1573;&#1604;&#1609; &#1605;&#1608;&#1602;&#1593; &#1575;&#1604;&#1605;&#1604;&#1601; cer &#1601;&#1610; &#1575;&#1604;&#1582;&#1591;&#1608;&#1577; &#1585;&#1602;&#1605; 1&#13;"
-
-#: www/help/2.php:25
-msgid "But perhaps, fundamentally, the most important reason for digital signing is awareness and privacy. It creates awareness of the (lack of) security of the Internet, and the tools that we can arm ourselves with to ensure our personal security. And in sensitising people to digital signatures, we become aware of the possibility of privacy and encryption."
-msgstr "&#1604;&#1603;&#1606; &#1585;&#1576;&#1605;&#1575;&#1548; &#1601;&#1610; &#1575;&#1604;&#1571;&#1587;&#1575;&#1587;&#1548; &#1575;&#1604;&#1587;&#1576;&#1576; &#1575;&#1604;&#1571;&#1603;&#1579;&#1585; &#1571;&#1607;&#1605;&#1610;&#1577; &#1604;&#1604;&#1578;&#1608;&#1602;&#1610;&#1593; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610; &#1607;&#1608; &#1575;&#1604;&#1581;&#1584;&#1585; &#1608;&#1575;&#1604;&#1582;&#1589;&#1608;&#1589;&#1610;&#1577;. &#1608;&#1607;&#1608; &#1610;&#1586;&#1610;&#1583; &#1605;&#1606; &#1575;&#1604;&#1581;&#1584;&#1585; (&#1606;&#1608;&#1593;&#1575;&#1611; &#1605;&#1575;) &#1601;&#1610; &#1575;&#1604;&#1606;&#1608;&#1575;&#1581;&#1610;&#1577; &#1575;&#1604;&#1571;&#1605;&#1606;&#1610;&#1577; &#1601;&#1610; &#1575;&#1604;&#1573;&#1606;&#1578;&#1585;&#1606;&#1578;&#1548; &#1576;&#1575;&#1604;&#1573;&#1590;&#1575;&#1601;&#1577; &#1573;&#1604;&#1609; &#1575;&#1604;&#1571;&#1583;&#1608;&#1575;&#1578; &#1575;&#1604;&#1578;&#1610; &#1606;&#1587;&#1604;&#1617;&#1581; &#1571;&#1606;&#1601;&#1587;&#1606;&#1575; &#1576;&#1607;&#1575; &#1604;&#1590;&#1605;&#1575;&#1606; &#1571;&#1605;&#1606;&#1606;&#1575; &#1575;&#1604;&#1588;&#1582;&#1589;&#1610;. &#1608;&#1605;&#1593; &#1581;&#1587;&#1575;&#1587;&#1610;&#1577; &#1575;&#1604;&#1606;&#1575;&#1587; &#1573;&#1604;&#1609; &#1575;&#1604;&#1578;&#1608;&#1575;&#1602;&#1610;&#1593; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610;&#1577;&#1548; &#1571;&#1589;&#1576;&#1581;&#1606;&#1575; &#1606;&#1583;&#1585;&#1603; &#1573;&#1605;&#1603;&#1575;&#1606;&#1610;&#1575;&#1578; &#1575;&#1604;&#1582;&#1589;&#1608;&#1589;&#1610;&#1577; &#1608;&#1575;&#1604;&#1578;&#1588;&#1601;&#1610;&#1585;."
-
-#: www/help/2.php:7 www/help/2.php:35
-msgid "But, er, is this really proof of your email identity?"
-msgstr "&#1604;&#1603;&#1606; , &#1607;&#1604; &#1607;&#1584;&#1575; &#1581;&#1602;&#1575; &#1576;&#1585;&#1607;&#1575;&#1606; &#1607;&#1608;&#1610;&#1577; &#1576;&#1585;&#1610;&#1583;&#1603; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;&#1567;"
-
-#: www/help/2.php:48
-msgid "But, with all this money, and all this responsibility, they must be taking a lot of care to ensure the Certificate Authorities do their jobs well, and keep doing their jobs well, right? Well right?!"
-msgstr "&#1604;&#1603;&#1606;&#1548; &#1576;&#1603;&#1604;&#1617; &#1607;&#1584;&#1575; &#1575;&#1604;&#1605;&#1575;&#1604;&#1548; &#1608;&#1603;&#1604;&#1617; &#1607;&#1584;&#1607; &#1575;&#1604;&#1605;&#1587;&#1572;&#1608;&#1604;&#1610;&#1577;&#1548; &#1610;&#1580;&#1576; &#1571;&#1606; &#1610;&#1603;&#1608;&#1606; &#1575;&#1607;&#1578;&#1605;&#1575;&#1605; &#1603;&#1576;&#1610;&#1585; &#1604;&#1590;&#1605;&#1575;&#1606; &#1571;&#1606; &#1575;&#1604;&#1605;&#1582;&#1608;&#1604;&#1610;&#1606; &#1576;&#1573;&#1589;&#1583;&#1575;&#1585; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577; &#1610;&#1602;&#1608;&#1605;&#1608;&#1606; &#1576;&#1608;&#1575;&#1580;&#1576;&#1607;&#1605; &#1593;&#1604;&#1609; &#1571;&#1603;&#1605;&#1604; &#1608;&#1580;&#1607; &#1548; &#1603;&#1605;&#1575; &#1571;&#1606;&#1607;&#1605; &#1587;&#1610;&#1587;&#1578;&#1605;&#1585;&#1608;&#1606; &#1576;&#1575;&#1604;&#1602;&#1610;&#1575;&#1605; &#1576;&#1608;&#1575;&#1580;&#1576;&#1607;&#1605; &#1576;&#1588;&#1603;&#1604; &#1589;&#1581;&#1610;&#1581; &#1548; &#1601;&#1607;&#1604; &#1607;&#1584;&#1575; &#1589;&#1581;&#1610;&#1581;&#1567; !"
-
-#: www/account/10.php:15 www/account/20.php:15 www/account/3.php:15
-msgid "CAcert Certficate Acceptable Use Policy"
-msgstr "&#1587;&#1610;&#1575;&#1587;&#1577; &#1573;&#1587;&#1578;&#1593;&#1605;&#1575;&#1604; &#1588;&#1607;&#1575;&#1583;&#1577; Cacert &#1575;&#1604;&#1605;&#1593;&#1578;&#1605;&#1583;&#1577;"
-
-#: www/account/38.php:19 www/index/13.php:19
-msgid "CAcert Inc. is a non-profit association which is legally able to accept donations. CAcert adheres to strict guidelines about how this money can to be used. If you'd like to make a donation, you can do so via"
-msgstr "&#1573;&#1606; Cacert Inc. &#1580;&#1605;&#1593;&#1610;&#1577; &#1604;&#1575;&#1585;&#1576;&#1581;&#1610;&#1577; &#1602;&#1575;&#1576;&#1604;&#1577; &#1593;&#1604;&#1609; &#1602;&#1576;&#1608;&#1604; &#1575;&#1604;&#1578;&#1576;&#1585;&#1617;&#1593;&#1575;&#1578;. &#1608;&#1578;&#1604;&#1578;&#1586;&#1605; Cacert &#1576;&#1575;&#1604;&#1578;&#1593;&#1604;&#1610;&#1605;&#1575;&#1578; &#1575;&#1604;&#1589;&#1575;&#1585;&#1605;&#1577; &#1581;&#1608;&#1604; &#1591;&#1585;&#1610;&#1602;&#1577; &#1575;&#1587;&#1578;&#1582;&#1583;&#1575;&#1605; &#1607;&#1584;&#1607; &#1575;&#1604;&#1571;&#1605;&#1608;&#1575;&#1604;. &#1608;&#1601;&#1610; &#1581;&#1575;&#1604; &#1575;&#1604;&#1585;&#1594;&#1576;&#1577; &#1576;&#1575;&#1604;&#1578;&#1576;&#1585;&#1593; &#1601;&#1610;&#1605;&#1603;&#1606; &#1575;&#1604;&#1602;&#1610;&#1575;&#1605; &#1576;&#1584;&#1604;&#1603; &#1593;&#1606; &#1591;&#1585;&#1610;&#1602;"
-
-#: www/account/10.php:20 www/account/20.php:20 www/account/3.php:20
-msgid "CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at"
-msgstr "&#1573;&#1606; Cacert Inc. &#1604;&#1582;&#1583;&#1605;&#1575;&#1578; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610;&#1577; &#1604;&#1604;&#1593;&#1575;&#1605;&#1617;&#1577; &#1578;&#1578;&#1576;&#1593; CPS &#1603;&#1605;&#1585;&#1575;&#1602;&#1576; &#1605;&#1606; &#1608;&#1602;&#1578; &#1604;&#1570;&#1582;&#1585; &#1608;&#1607;&#1584;&#1575; &#1605;&#1578;&#1590;&#1605;&#1606; &#1603;&#1605;&#1585;&#1580;&#1593; &#1590;&#1605;&#1606; &#1575;&#1604;&#1575;&#1578;&#1601;&#1575;&#1602;&#1610;&#1577;. &#1587;&#1610;&#1587;&#1578;&#1582;&#1583;&#1605; &#1575;&#1604;&#1605;&#1588;&#1578;&#1585;&#1603; &#1588;&#1607;&#1575;&#1583;&#1577; &#1575;&#1604;&#1605;&#1582;&#1583;&#1605; SSL &#1576;&#1605;&#1608;&#1580;&#1576; &#1575;&#1604;&#1600; CPS &#1604;&#1600; Cacert Inc &#1608;&#1602;&#1583; &#1578;&#1605; &#1606;&#1588;&#1585; &#1575;&#1604;&#1608;&#1579;&#1575;&#1574;&#1602; &#1575;&#1604;&#1605;&#1578;&#1593;&#1604;&#1602;&#1577; &#1576;&#1607;&#1584;&#1575; &#1601;&#1610;"
-
-#: www/index/51.php:25
-msgid "CAcert Inc., as a community-based project, is not driven by profits - it is driven by the community's desire for privacy and security."
-msgstr "&#1573;&#1606; Cacert Inc. &#1603;&#1605;&#1588;&#1585;&#1608;&#1593; &#1578;&#1605; &#1578;&#1571;&#1587;&#1610;&#1587;&#1607; &#1605;&#1607;&#1610;&#1574;&#1577; &#1604;&#1575; &#1610;&#1607;&#1583;&#1601; &#1573;&#1604;&#1609; &#1575;&#1604;&#1585;&#1576;&#1581; &#1576;&#1604; &#1610;&#1607;&#1583;&#1601; &#1573;&#1604;&#1609; &#1585;&#1594;&#1576;&#1577; &#1575;&#1604;&#1607;&#1610;&#1574;&#1577; &#1576;&#1578;&#1571;&#1605;&#1610;&#1606; &#1575;&#1604;&#1582;&#1589;&#1608;&#1589;&#1610;&#1577; &#1608;&#1575;&#1604;&#1571;&#1605;&#1606;"
-
-#: www/wot.php:223 www/wot.php:235 scripts/removedead.php:60
-msgid "CAcert Support Team"
-msgstr "&#1601;&#1585;&#1610;&#1602; &#1575;&#1604;&#1583;&#1593;&#1605; &#1575;&#1604;&#1601;&#1606;&#1610; &#1601;&#1610; CAcert"
-
-#: includes/account_stuff.php:181 www/account/0.php:27 www/wot/0.php:15
-msgid "CAcert Web of Trust"
-msgstr "CAcert - &#1588;&#1576;&#1603;&#1577; &#1575;&#1604;&#1579;&#1602;&#1577;"
-
-#: www/wot/3.php:15
-msgid "CAcert Web of Trust Rules"
-msgstr "CAcert - &#1588;&#1576;&#1603;&#1577; &#1602;&#1608;&#1575;&#1593;&#1583; &#1575;&#1604;&#1579;&#1602;&#1577;"
-
-#: www/wot/3.php:45
-msgid "CAcert may, from time to time, alter the amount of Assurance Points that a class of assurer may assign as is necessary to effect a policy or rule change. We may also alter the amount of Assurance Points available to an individual, or new class of assurer, should another policy of CAcert require this."
-msgstr "&#1610;&#1605;&#1603;&#1606; &#1604;&#1600; Cacert&#1548; &#1605;&#1606; &#1608;&#1602;&#1578; &#1604;&#1570;&#1582;&#1585;&#1548; &#1578;&#1593;&#1583;&#1610;&#1604; &#1593;&#1583;&#1583; &#1606;&#1602;&#1575;&#1591; &#1575;&#1604;&#1578;&#1571;&#1605;&#1610;&#1606; &#1575;&#1604;&#1578;&#1610; &#1578;&#1589;&#1606;&#1601; &#1575;&#1604;&#1605;&#1589;&#1575;&#1583;&#1602; &#1581;&#1587;&#1576; &#1575;&#1604;&#1590;&#1585;&#1608;&#1585;&#1577; &#1608;&#1575;&#1604;&#1578;&#1594;&#1610;&#1610;&#1585;&#1575;&#1578; &#1576;&#1575;&#1604;&#1587;&#1610;&#1575;&#1587;&#1577; &#1571;&#1608; &#1575;&#1604;&#1602;&#1608;&#1575;&#1593;&#1583;. &#1602;&#1583; &#1610;&#1578;&#1605; &#1578;&#1593;&#1583;&#1610;&#1604; &#1593;&#1583;&#1583; &#1575;&#1604;&#1606;&#1602;&#1575;&#1591; &#1575;&#1604;&#1605;&#1578;&#1608;&#1601;&#1585;&#1577; &#1604;&#1583;&#1609; &#1601;&#1585;&#1583;&#1548; &#1571;&#1608; &#1578;&#1589;&#1606;&#1610;&#1601; &#1580;&#1583;&#1610;&#1583; &#1605;&#1606; &#1575;&#1604;&#1605;&#1589;&#1575;&#1583;&#1602;&#1610;&#1606;&#1548; &#1601;&#1610; &#1571;&#1606; &#1587;&#1610;&#1575;&#1587;&#1577; &#1571;&#1582;&#1585;&#1609; &#1604;&#1600; Cacert &#1578;&#1591;&#1604;&#1576;&#1578; &#1607;&#1584;&#1575; &#1575;&#1604;&#1573;&#1580;&#1585;&#1575;&#1569;."
-
-#: www/help/6.php:11
-msgid "CAcert then sends you an email with a signed copy of your certificate. Hopefully the rest should be pretty straight forward."
-msgstr "Cacert &#1579;&#1605;&#1617; &#1610;&#1578;&#1605; &#1573;&#1585;&#1587;&#1575;&#1604; &#1585;&#1587;&#1575;&#1604;&#1577; &#1573;&#1604;&#1609; &#1576;&#1585;&#1610;&#1583;&#1603; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1605;&#1593; &#1606;&#1587;&#1582;&#1577; &#1605;&#1608;&#1602;&#1617;&#1593;&#1577; &#1605;&#1606; &#1588;&#1607;&#1575;&#1583;&#1578;&#1603;. &#1593;&#1604;&#1609; &#1571;&#1605;&#1604; &#1575;&#1604;&#1582;&#1591;&#1608;&#1575;&#1578; &#1575;&#1604;&#1604;&#1575;&#1581;&#1602;&#1577; &#1587;&#1578;&#1603;&#1608;&#1606; &#1576;&#1587;&#1610;&#1591;&#1577; &#1580;&#1583;&#1575;."
-
-#: www/account/37.php:19 www/index/12.php:19
-#, php-format
-msgid "CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically with the X.509 family of standards. We have compiled a %sdocument base%s that has helpful hints and tips on setting up encryption with common software, and general information about Public Key Infrastructures (PKI)."
-msgstr "&#1607;&#1583;&#1601; Cacert &#1575;&#1604;&#1578;&#1585;&#1608;&#1610;&#1580; &#1604;&#1604;&#1608;&#1593;&#1610; &#1608;&#1575;&#1604;&#1581;&#1584;&#1585; &#1608;&#1578;&#1593;&#1604;&#1610;&#1605; &#1571;&#1605;&#1606; &#1575;&#1604;&#1603;&#1608;&#1605;&#1576;&#1610;&#1608;&#1578;&#1585; &#1582;&#1604;&#1575;&#1604; &#1575;&#1587;&#1578;&#1582;&#1583;&#1575;&#1605; &#1575;&#1604;&#1578;&#1588;&#1601;&#1610;&#1585;&#1548; &#1576;&#1588;&#1603;&#1604; &#1605;&#1581;&#1583;&#1617;&#1583; &#1605;&#1593; &#1573;&#1603;&#1587; 509 &#1605;&#1606; &#1605;&#1580;&#1605;&#1608;&#1593;&#1577; &#1575;&#1604;&#1605;&#1593;&#1575;&#1610;&#1610;&#1585;. &#1580;&#1605;&#1593;&#1606;&#1575; %sdocument base%s &#1575;&#1604;&#1584;&#1610; &#1610;&#1581;&#1578;&#1608;&#1610; &#1575;&#1604;&#1606;&#1589;&#1575;&#1574;&#1581; &#1575;&#1604;&#1605;&#1587;&#1575;&#1593;&#1583;&#1577; &#1593;&#1604;&#1609; &#1578;&#1590;&#1605;&#1610;&#1606; &#1575;&#1604;&#1578;&#1588;&#1601;&#1610;&#1585; &#1601;&#1610; &#1575;&#1604;&#1576;&#1585;&#1575;&#1605;&#1580; &#1575;&#1604;&#1605;&#1588;&#1578;&#1585;&#1603;&#1577;&#1548; &#1608;&#1605;&#1593;&#1604;&#1608;&#1605;&#1575;&#1578; &#1593;&#1575;&#1605;&#1617;&#1577; &#1581;&#1608;&#1604; &#1575;&#1604;&#1576;&#1606;&#1609; &#1575;&#1604;&#1578;&#1581;&#1578;&#1610;&#1577; &#1604;&#1604;&#1605;&#1601;&#1575;&#1578;&#1610;&#1581; &#1575;&#1604;&#1593;&#1605;&#1608;&#1605;&#1610;&#1577; (PKI)."
-
-#: www/account/0.php:17
-msgid "CAcert.org"
-msgstr "CAcert.org"
-
-#: www/index/51.php:15
-msgid "CAcert.org Mission Statement"
-msgstr "&#1576;&#1610;&#1575;&#1606; &#1605;&#1607;&#1605;&#1617;&#1577; CAcert.org"
-
-#: includes/account.php:49 includes/account.php:389 www/index.php:316
-msgid "CAcert.org Support!"
-msgstr "&#1583;&#1593;&#1605; CAcert.org"
-
-#: www/account/37.php:17 www/index/12.php:17
-msgid "CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free."
-msgstr "&#1607;&#1610; &#1605;&#1580;&#1605;&#1608;&#1593;&#1577; &#1571;&#1587;&#1587;&#1578; &#1607;&#1610;&#1574;&#1577; &#1604;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610;&#1577; &#1575;&#1604;&#1578;&#1610; &#1578;&#1589;&#1583;&#1585; &#1573;&#1604;&#1609; &#1593;&#1575;&#1605;&#1617;&#1577; &#1575;&#1604;&#1606;&#1575;&#1587; &#1605;&#1580;&#1575;&#1606;&#1575;."
-
-#: www/wot/0.php:17
-msgid "CAcert.org was designed to be by the community for the community, and instead of placing all the labour on a central authority and in turn increasing the cost of certificates, the idea was to get community in conjunction with this website to have trust maintained in a dispersed and automated manner!"
-msgstr "&#1573;&#1606; CAcert.org &#1602;&#1583; &#1589;&#1605;&#1605;&#1578; &#1605;&#1606; &#1602;&#1576;&#1604; &#1575;&#1604;&#1607;&#1610;&#1574;&#1577; &#1604;&#1582;&#1583;&#1605;&#1577; &#1575;&#1604;&#1607;&#1610;&#1574;&#1577;&#1548; &#1608;&#1604;&#1603;&#1606; &#1576;&#1583;&#1604;&#1575; &#1605;&#1606; &#1578;&#1585;&#1603;&#1610;&#1586; &#1603;&#1604;&#1617; &#1575;&#1604;&#1593;&#1605;&#1604; &#1590;&#1605;&#1606; &#1587;&#1604;&#1591;&#1577; &#1605;&#1585;&#1603;&#1586;&#1610;&#1577; &#1605;&#1605;&#1575; &#1610;&#1586;&#1610;&#1583; &#1603;&#1604;&#1601;&#1577; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578;&#1548; &#1603;&#1575;&#1606;&#1578; &#1575;&#1604;&#1601;&#1603;&#1585;&#1577; &#1576;&#1585;&#1576;&#1591; &#1575;&#1604;&#1607;&#1610;&#1574;&#1577; &#1605;&#1593; &#1607;&#1584;&#1575; &#1575;&#1604;&#1605;&#1608;&#1602;&#1593; &#1604;&#1578;&#1608;&#1601;&#1610;&#1585; &#1575;&#1604;&#1579;&#1602;&#1577;"
-
-#: includes/account.php:1464 includes/account.php:1515 www/account/30.php:34
-#: www/account/31.php:30 www/account/34.php:34
-msgid "Cancel"
-msgstr "&#1573;&#1604;&#1594;&#1575;&#1569;"
-
-#: includes/general_stuff.php:58
-msgid "Cert Login"
-msgstr "&#1578;&#1587;&#1580;&#1610;&#1604; &#1575;&#1604;&#1583;&#1582;&#1608;&#1604;"
-
-#: www/account/19.php:101 www/account/6.php:99
-msgid "Certificate Installation Complete!"
-msgstr "&#1578;&#1605; &#1578;&#1585;&#1603;&#1610;&#1576; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577; &#1576;&#1606;&#1580;&#1575;&#1581;!"
-
-#: www/account/19.php:97 www/account/6.php:95
-msgid "Certificate Installation Error"
-msgstr "&#1581;&#1589;&#1604; &#1582;&#1591;&#1571; &#1582;&#1604;&#1575;&#1604; &#1578;&#1585;&#1603;&#1610;&#1576; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577;"
-
-#: www/help/3.php:43
-msgid "Certificate Installation process for IIS 5.0"
-msgstr "&#1593;&#1605;&#1604;&#1610;&#1577; &#1578;&#1585;&#1603;&#1610;&#1576; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577; &#1593;&#1604;&#1609; IIS 5.0"
-
-#: includes/general_stuff.php:65
-msgid "CAcert Logos"
-msgstr "&#1588;&#1593;&#1575;&#1585;&#1575;&#1578; CAcert"
-
-#: includes/account.php:669 includes/account.php:1066
-#, php-format
-msgid "Certificate for '%s' has been renewed."
-msgstr "&#1578;&#1605; &#1578;&#1580;&#1583;&#1610;&#1583; &#1575;&#1604;&#1588;&#1593;&#1575;&#1583;&#1577; &#1604;&#1600; %s"
-
-#: includes/account.php:594 includes/account.php:705 includes/account.php:1103
-#: includes/account.php:1319
-#, php-format
-msgid "Certificate for '%s' has been revoked."
-msgstr "&#1578;&#1605; &#1573;&#1576;&#1591;&#1575;&#1604; &#1588;&#1607;&#1575;&#1583;&#1577; %s."
-
-#: www/account/19.php:95 www/account/6.php:93
-msgid "Certificate installation failed!"
-msgstr "&#1601;&#1588;&#1604; &#1601;&#1610; &#1578;&#1585;&#1603;&#1610;&#1576; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577;!."
-
-#: www/stats.php:31
-msgid "Certificates Issued"
-msgstr "&#1578;&#1605; &#1573;&#1589;&#1583;&#1575;&#1585; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577;"
-
-#: pages/help/4.php:21
-msgid "writing new private key to 'private.key'"
-msgstr ""
-
-#: includes/account.php:837 includes/account.php:1312 pages/account/19.php:45
-#: pages/account/6.php:43
-msgid "to install your certificate."
-msgstr ""
-
-#: www/account/14.php:18
-msgid "Change Pass Phrase"
-msgstr "&#1578;&#1594;&#1610;&#1610;&#1585; &#1580;&#1605;&#1604;&#1577; &#1575;&#1604;&#1605;&#1585;&#1608;&#1585;"
-
-#: includes/account_stuff.php:146 www/account/43.php:98 www/account/43.php:99
-#: www/account/44.php:19 www/account/50.php:19
-msgid "Change Password"
-msgstr "&#1578;&#1594;&#1610;&#1610;&#1585; &#1603;&#1604;&#1605;&#1577; &#1575;&#1604;&#1605;&#1585;&#1608;&#1585;"
-
-#: www/help/3.php:36
-msgid "Choose a filename to save the request to"
-msgstr "&#1573;&#1582;&#1578;&#1585; &#1575;&#1587;&#1605; &#1605;&#1604;&#1601; &#1604;&#1581;&#1601;&#1592; &#1575;&#1604;&#1591;&#1604;&#1576; &#1590;&#1605;&#1606;&#1607;"
-
-#: includes/account.php:671 includes/account.php:1068
-#: includes/account.php:1445 includes/account.php:1492
-#: includes/account.php:1504 www/account/19.php:45 www/account/6.php:43
-msgid "Click here"
-msgstr "&#1575;&#1590;&#1594;&#1591; &#1607;&#1606;&#1575;"
-
-#: www/account/40.php:21 www/index/11.php:21
-msgid "Click here to go to the Support List"
-msgstr "&#1573;&#1590;&#1594;&#1591; &#1607;&#1606;&#1575; &#1604;&#1601;&#1578;&#1581; &#1602;&#1575;&#1574;&#1605;&#1577; &#1575;&#1604;&#1583;&#1593;&#1605; &#1575;&#1604;&#1601;&#1606;&#1610;"
-
-#: www/account/40.php:38 www/index/11.php:38
-msgid "Click here to view all lists available"
-msgstr "&#1573;&#1590;&#1594;&#1591; &#1607;&#1606;&#1575; &#1604;&#1605;&#1575;&#1607;&#1583;&#1577; &#1580;&#1605;&#1610;&#1593; &#1575;&#1604;&#1602;&#1608;&#1575;&#1574;&#1605; &#1575;&#1604;&#1605;&#1578;&#1608;&#1601;&#1585;&#1577;"
-
-#: includes/account_stuff.php:153 www/account/18.php:18 www/account/5.php:18
-msgid "Client Certificates"
-msgstr "&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1586;&#1576;&#1608;&#1606;"
-
-#: www/index/0.php:50
-msgid "Client certificates (un-assured)"
-msgstr "&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1586;&#1576;&#1608;&#1606; (&#1594;&#1610;&#1585; &#1605;&#1589;&#1583;&#1617;&#1602;&#1577;)"
-
-#: www/account/3.php:63
-msgid "Code Signing"
-msgstr "&#1578;&#1608;&#1602;&#1610;&#1593; &#1575;&#1604;&#1578;&#1585;&#1605;&#1610;&#1586;"
-
-#: www/index/0.php:70
-msgid "Code signing certificates"
-msgstr "&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1578;&#1608;&#1602;&#1610;&#1593; &#1575;&#1604;&#1578;&#1585;&#1605;&#1610;&#1586;"
-
-#: www/account/24.php:41 www/account/27.php:44 www/account/32.php:27
-#: www/account/33.php:43
-msgid "Comments"
-msgstr "&#1605;&#1604;&#1575;&#1581;&#1592;&#1575;&#1578;"
-
-#: www/help/4.php:14
-msgid "Common Name (eg, YOUR name) []:"
-msgstr "&#1575;&#1604;&#1575;&#1587;&#1605; &#1575;&#1604;&#1588;&#1575;&#1574;&#1593; (&#1605;&#1579;&#1604;&#1575;&#1611; &#1575;&#1587;&#1605;&#1603; &#1575;&#1604;&#1588;&#1582;&#1589;&#1610;)[]:"
-
-#: www/account/11.php:22 www/account/12.php:23 www/account/18.php:23
-#: www/account/21.php:25 www/account/22.php:23
-msgid "CommonName"
-msgstr "&#1575;&#1604;&#1575;&#1587;&#1605;_&#1575;&#1604;&#1588;&#1575;&#1574;&#1593;"
-
-#: includes/account.php:1733 includes/account.php:1780
-#: includes/account.php:1792
-msgid "to continue."
-msgstr ""
-
-#: includes/general_stuff.php:63
-msgid "CAcert News"
-msgstr "&#1571;&#1582;&#1576;&#1575;&#1585; CAcert"
-
-#: includes/general_stuff.php:66
-msgid "CAcert Statistics"
-msgstr "&#1575;&#1581;&#1589;&#1575;&#1574;&#1610;&#1575;&#1578; CAcert"
-
-#: pages/account/11.php:26 pages/account/21.php:31
-msgid "subjectAltName"
-msgstr ""
-
-#: www/wot/3.php:31
-msgid "Compare the online information to the information recorded on the paper form;"
-msgstr "&#1602;&#1575;&#1585;&#1606; &#1575;&#1604;&#1605;&#1593;&#1604;&#1608;&#1605;&#1575;&#1578; &#1593;&#1604;&#1609; &#1575;&#1604;&#1573;&#1606;&#1578;&#1585;&#1606;&#1578; &#1576;&#1575;&#1604;&#1605;&#1593;&#1604;&#1608;&#1605;&#1575;&#1578; &#1575;&#1604;&#1605;&#1587;&#1580;&#1604;&#1577; &#1593;&#1604;&#1609; &#1575;&#1604;&#1608;&#1585;&#1602;&#1563;"
-
-#: www/wot/3.php:24
-msgid "Complete the assurance form if the applicant has not already done so. Ensure that all information matches."
-msgstr "&#1573;&#1605;&#1604;&#1571; &#1573;&#1587;&#1578;&#1605;&#1575;&#1585;&#1577; &#1575;&#1604;&#1578;&#1571;&#1605;&#1610;&#1606; &#1573;&#1584;&#1575; &#1604;&#1605; &#1610;&#1602;&#1605; &#1576;&#1584;&#1604;&#1603; &#1605;&#1602;&#1583;&#1605; &#1575;&#1604;&#1591;&#1604;&#1576;. &#1578;&#1571;&#1603;&#1583; &#1605;&#1606; &#1578;&#1591;&#1575;&#1576;&#1602; &#1575;&#1604;&#1576;&#1610;&#1575;&#1606;&#1575;&#1578;."
-
-#: www/help/3.php:39
-msgid "Confirm your request details"
-msgstr "&#1571;&#1603;&#1617;&#1583; &#1578;&#1601;&#1575;&#1589;&#1610;&#1604; &#1591;&#1604;&#1576;&#1603;"
-
-#: www/wot/3.php:19
-msgid "Contact"
-msgstr "&#1575;&#1604;&#1575;&#1578;&#1589;&#1575;&#1604;"
-
-#: www/wot/9.php:39
-msgid "Contact Assurer"
-msgstr "&#1575;&#1604;&#1575;&#1578;&#1589;&#1575;&#1604; &#1576;&#1575;&#1604;&#1605;&#1589;&#1583;&#1617;&#1602;"
-
-#: www/wot/1.php:121
-msgid "Contact Details"
-msgstr "&#1578;&#1601;&#1589;&#1610;&#1604;&#1575;&#1578; &#1575;&#1604;&#1575;&#1578;&#1589;&#1575;&#1604;"
-
-#: www/account/24.php:25 www/account/27.php:28
-msgid "Contact Email"
-msgstr "&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1575;&#1578;&#1589;&#1575;&#1604;"
-
-#: includes/account_stuff.php:210 includes/general_stuff.php:110
-#: www/account/40.php:15 www/index/11.php:15
-msgid "Contact Us"
-msgstr "&#1575;&#1604;&#1575;&#1578;&#1589;&#1575;&#1604; &#1576;&#1606;&#1575;"
-
-#: www/wot/8.php:31
-msgid "Contact information"
-msgstr "&#1576;&#1610;&#1575;&#1606;&#1575;&#1578; &#1575;&#1604;&#1575;&#1578;&#1589;&#1575;&#1604;"
-
-#: www/account/39.php:37 www/index/10.php:37
-msgid "Cookies"
-msgstr "&#1603;&#1608;&#1603;&#1610;&#1586;"
-
-#: www/help/2.php:38
-msgid "Cool man! How do I create my own digital signature?!"
-msgstr "&#1610;&#1575;&#1587;&#1604;&#1575;&#1605;! &#1603;&#1610;&#1601; &#1571;&#1606;&#1588;&#1609;&#1569; &#1578;&#1608;&#1602;&#1610;&#1593;&#1610; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610; &#1575;&#1604;&#1582;&#1575;&#1589;&#1567; !"
-
-#: www/help/3.php:47
-msgid "Copy the contents of the email including the"
-msgstr "&#1573;&#1606;&#1587;&#1582; &#1605;&#1581;&#1578;&#1608;&#1610;&#1575;&#1578; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1608;&#1590;&#1605;&#1606;&#1607;"
-
-#: www/index/51.php:20
-msgid "Core members of CAcert generally have a strong information technology and security background, and a stronger desire to give back to the community."
-msgstr "&#1573;&#1606; &#1575;&#1604;&#1571;&#1593;&#1590;&#1575;&#1569; &#1575;&#1604;&#1585;&#1574;&#1610;&#1587;&#1610;&#1610;&#1606; &#1604;&#1600; Cacert &#1604;&#1583;&#1610;&#1607;&#1605; &#1582;&#1576;&#1585;&#1577; &#1601;&#1610; &#1578;&#1602;&#1606;&#1610;&#1577; &#1575;&#1604;&#1605;&#1593;&#1604;&#1608;&#1605;&#1575;&#1578; &#1608;&#1571;&#1585;&#1590;&#1610;&#1577; &#1571;&#1605;&#1606;&#1610;&#1577; &#1602;&#1608;&#1610;&#1577;&#1548; &#1608;&#1585;&#1594;&#1576;&#1577; &#1571;&#1602;&#1608;&#1609; &#1601;&#1610; &#1582;&#1583;&#1605;&#1577; &#1575;&#1604;&#1605;&#1580;&#1605;&#1608;&#1593;&#1577;."
-
-#: includes/account.php:617 includes/account.php:726 includes/account.php:1125
-#: includes/account.php:1343
-#, php-format
-msgid "Couldn't remove the request for `%s`, request had already been processed."
-msgstr "&#1604;&#1575; &#1610;&#1605;&#1603;&#1606; &#1573;&#1604;&#1594;&#1575;&#1569; &#1591;&#1604;&#1576; %s &#1608;&#1584;&#1604;&#1603; &#1604;&#1571;&#1606;&#1607; &#1605;&#1593;&#1575;&#1604;&#1580;&#1578;&#1607; &#1602;&#1583; &#1576;&#1583;&#1571;&#1578;."
-
-#: www/account/11.php:32 www/account/21.php:35 www/account/24.php:37
-#: www/account/27.php:40
-msgid "Country"
-msgstr "&#1575;&#1604;&#1576;&#1604;&#1583;"
-
-#: www/account/36.php:23 www/index/1.php:112
-msgid "Country Announcements"
-msgstr "&#1575;&#1604;&#1578;&#1606;&#1576;&#1610;&#1607;&#1575;&#1578; &#1575;&#1604;&#1605;&#1578;&#1593;&#1604;&#1602;&#1577; &#1576;&#1575;&#1604;&#1576;&#1604;&#1583;"
-
-#: www/help/4.php:9
-msgid "Country Name (2 letter code) [AU]:"
-msgstr "&#1587;&#1575;&#1605; &#1575;&#1604;&#1576;&#1604;&#1583; (&#1578;&#1585;&#1605;&#1610;&#1586; &#1605;&#1606; &#1581;&#1585;&#1601;&#1610;&#1606;) [SY]:"
-
-#: www/account/17.php:133 www/account/4.php:133
-msgid "Create Certificate Request"
-msgstr "&#1571;&#1606;&#1588;&#1575;&#1569; &#1591;&#1604;&#1576; &#1588;&#1607;&#1575;&#1583;&#1577;"
-
-#: includes/general_stuff.php:72 www/index/7.php:15
-msgid "Credits"
-msgstr "&#1575;&#1604;&#1571;&#1585;&#1589;&#1583;&#1577;"
-
-#: www/help/7.php:2
-msgid "Currently there is 2 main servers, one for webserver, one for root store, with the root store only connected to the webserver via serial cable, with a daemon running as non-root processes on each end of the serial listening/sending requests/info."
-msgstr "&#1581;&#1575;&#1604;&#1610;&#1575; &#1607;&#1606;&#1575;&#1603; &#1605;&#1582;&#1583;&#1605;&#1575;&#1606; &#1585;&#1574;&#1610;&#1587;&#1610;&#1575;&#1606;&#1548; &#1575;&#1604;&#1571;&#1608;&#1604; &#1605;&#1582;&#1583;&#1605; &#1608;&#1576;&#1548; &#1608;&#1575;&#1604;&#1570;&#1582;&#1585; &#1605;&#1582;&#1583;&#1605; &#1604;&#1581;&#1601;&#1592; &#1575;&#1604;&#1580;&#1584;&#1585; &#1575;&#1604;&#1584;&#1610; &#1610;&#1578;&#1589;&#1604; &#1576;&#1605;&#1582;&#1583;&#1605; &#1575;&#1604;&#1608;&#1576; &#1593;&#1606; &#1591;&#1585;&#1610;&#1602; &#1608;&#1589;&#1604;&#1577; &#1578;&#1587;&#1604;&#1587;&#1604;&#1610;&#1577; &#1548;&#1605;&#1593; &#1605;&#1588;&#1594;&#1604; &#1593;&#1605;&#1604;&#1610;&#1575;&#1578; &#1604;&#1575; &#1610;&#1593;&#1605;&#1604; &#1603;&#1580;&#1584;&#1585; (root) &#1608;&#1584;&#1604;&#1603; &#1593;&#1604;&#1609; &#1603;&#1604;&#1617; &#1606;&#1607;&#1575;&#1610;&#1577; &#1578;&#1587;&#1604;&#1587;&#1604;&#1610;&#1577; &#1575;&#1587;&#1578;&#1605;&#1575;&#1593; / &#1573;&#1585;&#1587;&#1575;&#1604; &#1575;&#1604;&#1591;&#1604;&#1576;&#1575;&#1578; / &#1605;&#1593;&#1604;&#1608;&#1605;&#1575;&#1578;."
-
-#: www/stats.php:73 www/stats.php:109 www/ttp.php:95 www/ttp.php:142
-#: www/account/43.php:200 www/account/43.php:235 www/wot/10.php:43
-#: www/wot/10.php:76 www/wot/6.php:91
-msgid "Date"
-msgstr "&#1578;&#1575;&#1585;&#1610;&#1582;"
-
-#: www/cap.php:62 www/ttp.php:126 www/account/13.php:46 www/account/13.php:94
-#: www/account/43.php:93 www/account/52.php:44 www/index/1.php:47
-#: www/index/5.php:25 www/wot/6.php:65
-msgid "Date of Birth"
-msgstr "&#1578;&#1575;&#1585;&#1610;&#1582; &#1575;&#1604;&#1605;&#1610;&#1604;&#1575;&#1583;"
-
-#: www/account/2.php:21
-msgid "Default"
-msgstr "&#1575;&#1604;&#1575;&#1601;&#1578;&#1585;&#1575;&#1590;&#1610;"
-
-#: includes/account_stuff.php:146
-msgid "Default Language"
-msgstr "&#1575;&#1604;&#1604;&#1594;&#1577; &#1575;&#1604;&#1575;&#1601;&#1578;&#1585;&#1575;&#1590;&#1610;&#1577;"
-
-#: www/account/2.php:23 www/account/2.php:50 www/account/25.php:24
-#: www/account/25.php:41 www/account/26.php:26 www/account/26.php:36
-#: www/account/30.php:35 www/account/31.php:31 www/account/32.php:28
-#: www/account/32.php:43 www/account/34.php:35 www/account/9.php:21
-#: www/account/9.php:49
-msgid "Delete"
-msgstr "&#1581;&#1584;&#1601;"
-
-#: www/account/43.php:102 www/account/43.php:103
-msgid "Delete Account"
-msgstr "&#1581;&#1584;&#1601; &#1581;&#1587;&#1575;&#1576;"
-
-#: www/account/34.php:28
-#, php-format
-msgid "Delete Admin for %s"
-msgstr "&#1581;&#1584;&#1601; &#1573;&#1583;&#1575;&#1585;&#1577; &#1604;&#1600; s%"
-
-#: www/account/30.php:28
-#, php-format
-msgid "Delete Domain for %s"
-msgstr "&#1581;&#1584;&#1601; &#1606;&#1591;&#1575;&#1602; &#1604;&#1600; %s"
-
-#: www/account/31.php:24
-#, php-format
-msgid "Delete Organisation"
-msgstr "&#1581;&#1584;&#1601; &#1605;&#1606;&#1592;&#1605;&#1577;"
-
-#: www/account/32.php:26 www/account/33.php:30
-msgid "Department"
-msgstr "&#1575;&#1604;&#1602;&#1587;&#1605;"
-
-#: www/help/2.php:17
-msgid "Digital signing thus provides security on the Internet."
-msgstr "&#1610;&#1590;&#1605;&#1606; &#1575;&#1604;&#1578;&#1608;&#1602;&#1610;&#1593; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610; &#1575;&#1604;&#1571;&#1605;&#1606; &#1593;&#1604;&#1609; &#1575;&#1604;&#1573;&#1606;&#1578;&#1585;&#1606;&#1578;."
-
-#: www/index/0.php:73
-msgid "Digitally sign code, web applets, installers, etc. including your name and location in the certificates."
-msgstr "&#1575;&#1604;&#1578;&#1585;&#1605;&#1610;&#1586; &#1575;&#1604;&#1605;&#1608;&#1602;&#1593; &#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;&#1575;&#1548; &#1576;&#1585;&#1575;&#1605;&#1580; &#1575;&#1604;&#1608;&#1576; &#1575;&#1604;&#1605;&#1581;&#1583;&#1608;&#1583;&#1577;&#1548; &#1576;&#1585;&#1575;&#1605;&#1580; &#1575;&#1604;&#1578;&#1585;&#1603;&#1610;&#1576;&#1548; &#1575;&#1604;&#1582;. &#1610;&#1590;&#1617;&#1605;&#1606; &#1575;&#1587;&#1605;&#1603; &#1608;&#1605;&#1608;&#1602;&#1593;&#1603; &#1583;&#1575;&#1582;&#1604; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578;."
-
-#: www/wot/8.php:22
-msgid "Directory Listing"
-msgstr "&#1602;&#1575;&#1574;&#1605;&#1577; &#1575;&#1604;&#1583;&#1604;&#1610;&#1604;"
-
-#: www/help/2.php:61
-msgid "Disclaimer : These are the author's opinions, but they should not be considered 'truth' without personal verification. The author may have made mistakes and any mistakes will be willingly rectified by contacting the administrator of elucido.net, contact details available from the normal domain registration information services (e.g. whois.net).&amp;nbsp; No recommendation to install a Certificate Authority's root certificate is either intended nor implied."
-msgstr "&#1593;&#1583;&#1605; &#1578;&#1581;&#1605;&#1604; &#1575;&#1604;&#1605;&#1587;&#1572;&#1608;&#1604;&#1610;&#1577;: &#1607;&#1584;&#1607; &#1570;&#1585;&#1575;&#1569; &#1575;&#1604;&#1605;&#1572;&#1604;&#1601;&#1548; &#1608;&#1604;&#1603;&#1606; &#1604;&#1575; &#1610;&#1580;&#1576; &#1575;&#1593;&#1578;&#1576;&#1575;&#1585;&#1607;&#1605; '&#1581;&#1602;&#1610;&#1602;&#1577;' &#1583;&#1608;&#1606; &#1578;&#1581;&#1602;&#1617;&#1602; &#1588;&#1582;&#1589;&#1610;&#1548; &#1608;&#1584;&#1604;&#1603; &#1604;&#1571;&#1606; &#1575;&#1604;&#1605;&#1572;&#1604;&#1601; &#1585;&#1576;&#1605;&#1575; &#1575;&#1582;&#1591;&#1571;. &#1604;&#1584;&#1604;&#1603; &#1573;&#1583;&#1575;&#1585;&#1577; elucido.net &#1587;&#1578;&#1602;&#1608;&#1605; &#1576;&#1603;&#1604; &#1587;&#1585;&#1608;&#1585; &#1576;&#1578;&#1589;&#1581;&#1610;&#1581; &#1571;&#1610; &#1571;&#1582;&#1591;&#1575;&#1569;. &#1578;&#1601;&#1575;&#1589;&#1610;&#1604; &#1575;&#1604;&#1573;&#1578;&#1589;&#1575;&#1604; &#1605;&#1578;&#1608;&#1601;&#1585;&#1577; &#1593;&#1606; &#1591;&#1585;&#1610;&#1602; &#1576;&#1610;&#1575;&#1606;&#1575;&#1578; &#1582;&#1583;&#1605;&#1575;&#1578; &#1578;&#1587;&#1580;&#1610;&#1604; &#1575;&#1587;&#1605; &#1575;&#1604;&#1605;&#1604;&#1603;&#1610;&#1577; (&#1608;&#1605;&#1579;&#1575;&#1604; &#1593;&#1604;&#1609; &#1584;&#1604;&#1603;: - whois.net). &amp;nbsp&#1563; &#1604;&#1575; &#1578;&#1608;&#1589;&#1610;&#1577; &#1604;&#1578;&#1585;&#1603;&#1610;&#1576; &#1588;&#1607;&#1575;&#1583;&#1577; &#1580;&#1584;&#1585; &#1604;&#1571;&#1606; &#1607;&#1610;&#1574;&#1577; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1604;&#1605; &#1578;&#1606;&#1608; &#1608;&#1604;&#1605; &#1578;&#1583;&#1604; &#1593;&#1604;&#1609; &#1584;&#1604;&#1603;"
-
-#: www/account/26.php:24 www/account/28.php:25 www/account/29.php:31
-#: www/account/43.php:181 www/account/48.php:22 www/account/49.php:34
-#: www/account/7.php:22
-msgid "Domain"
-msgstr "&#1575;&#1587;&#1605; &#1606;&#1591;&#1575;&#1602;"
-
-#: www/account/12.php:18 www/account/22.php:18
-msgid "Domain Certificates"
-msgstr "&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1606;&#1591;&#1575;&#1602; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610;&#1577;"
-
-#: includes/account_stuff.php:157 www/account/25.php:21 www/account/25.php:38
-#: www/account/9.php:18
-msgid "Domains"
-msgstr ""
-
-#: www/account/0.php:23
-msgid "Domains and Server Certificates."
-msgstr "&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1606;&#1591;&#1575;&#1602; &#1608;&#1575;&#1604;&#1605;&#1582;&#1583;&#1605; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610;&#1577;."
-
-#: includes/account_stuff.php:209 includes/general_stuff.php:108
-#: www/account/38.php:15 www/index/13.php:15
-msgid "Donations"
-msgstr "&#1575;&#1604;&#1578;&#1576;&#1585;&#1593;&#1575;&#1578;"
-
-#: www/error404.php:21
-msgid "Due to recent site changes bookmarks may no longer be valid, please update your bookmarks."
-msgstr "&#1576;&#1587;&#1576;&#1576; &#1575;&#1604;&#1578;&#1594;&#1610;&#1585;&#1575;&#1578; &#1601;&#1610; &#1575;&#1604;&#1605;&#1608;&#1602;&#1593; &#1602;&#1583; &#1578;&#1603;&#1608;&#1606; &#1602;&#1608;&#1575;&#1574;&#1605; &#1575;&#1604;&#1593;&#1606;&#1575;&#1608;&#1610;&#1606; &#1575;&#1604;&#1605;&#1601;&#1590;&#1604;&#1577; &#1575;&#1604;&#1571;&#1582;&#1610;&#1585;&#1577; &#1594;&#1610;&#1585; &#1589;&#1581;&#1610;&#1581;&#1577;&#1548; &#1585;&#1580;&#1575;&#1569; &#1580;&#1583;&#1617;&#1583; &#1602;&#1608;&#1575;&#1574;&#1605; &#1593;&#1606;&#1575;&#1608;&#1610;&#1606;&#1603; &#1575;&#1604;&#1605;&#1601;&#1590;&#1604;&#1577;."
-
-#: www/help/2.php:39
-msgid "Easy. Ish. Go to CAcert.org, install their root certificate and then follow their joining instructions. Once you have joined, request a certificate from the menu. You will receive an email with a link to the certificate. Click on the link from your email software, and hopefully it will be seamlessly installed. Next find the security section of the settings in your email software and configure digital signatures using the certificate you just downloaded. Hmm. Call me if you want, I'll guide you through it."
-msgstr "&#1607;&#1584;&#1575; &#1587;&#1607;&#1604; &#1578;&#1602;&#1585;&#1610;&#1576;&#1575;. &#1575;&#1601;&#1578;&#1581; &#1605;&#1608;&#1602;&#1593; CAcert.org, &#1585;&#1603;&#1617;&#1576; &#1588;&#1607;&#1575;&#1583;&#1577; &#1575;&#1604;&#1580;&#1584;&#1585; &#1608;&#1576;&#1593;&#1583; &#1584;&#1604;&#1603; &#1575;&#1578;&#1576;&#1593; &#1578;&#1593;&#1604;&#1610;&#1605;&#1575;&#1578; &#1575;&#1604;&#1575;&#1606;&#1590;&#1605;&#1575;&#1605; &#1573;&#1604;&#1609; CAcert. &#1576;&#1593;&#1583; &#1575;&#1604;&#1575;&#1588;&#1578;&#1585;&#1575;&#1605; &#1575;&#1591;&#1604;&#1576; &#1588;&#1607;&#1575;&#1583;&#1577; &#1605;&#1606; &#1602;&#1575;&#1574;&#1605;&#1577; &#1575;&#1604;&#1571;&#1608;&#1575;&#1605;&#1585; &#1608;&#1587;&#1610;&#1578;&#1605; &#1575;&#1585;&#1587;&#1575;&#1604; &#1576;&#1585;&#1610;&#1583; &#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1573;&#1604;&#1610;&#1603; &#1608;&#1589;&#1604;&#1577; &#1573;&#1604;&#1609; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577;. &#1575;&#1587;&#1578;&#1582;&#1583;&#1605; &#1575;&#1604;&#1608;&#1589;&#1604;&#1577; &#1601;&#1610; &#1575;&#1604;&#1585;&#1587;&#1575;&#1604;&#1577; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;&#1577;&#1548; &#1608;&#1606;&#1571;&#1605;&#1604; &#1571;&#1606; &#1610;&#1578;&#1605; &#1575;&#1604;&#1578;&#1585;&#1603;&#1610;&#1576; &#1576;&#1587;&#1607;&#1608;&#1604;&#1577;. &#1576;&#1593;&#1583; &#1584;&#1604;&#1603; &#1608;&#1601;&#1610; &#1602;&#1587;&#1605; &#1575;&#1604;&#1605;&#1578;&#1593;&#1604;&#1602; &#1576;&#1575;&#1604;&#1571;&#1605;&#1606; &#1601;&#1610; &#1576;&#1585;&#1575;&#1605;&#1580; &#1576;&#1585;&#1610;&#1583;&#1603; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1608;&#1602;&#1605; &#1576;&#1573;&#1593;&#1583;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1578;&#1608;&#1575;&#1602;&#1610;&#1593; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610;&#1577; &#1576;&#1575;&#1587;&#1578;&#1582;&#1583;&#1575;&#1605; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577; &#1575;&#1604;&#1578;&#1610; &#1581;&#1605;&#1617;&#1604;&#1578;&#1607;&#1575; &#1604;&#1604;&#1578;&#1608;&#1617;. &#1608;&#1601;&#1610; &#1581;&#1575;&#1604; &#1575;&#1604;&#1581;&#1575;&#1580;&#1577; &#1573;&#1604;&#1609; &#1571;&#1610; &#1605;&#1587;&#1575;&#1593;&#1583;&#1577; &#1575;&#1578;&#1589;&#1604; &#1576;&#1610;."
-
-#: includes/account_stuff.php:146 www/account/25.php:23 www/account/25.php:40
-#: www/account/26.php:25 www/account/26.php:35
-msgid "Edit"
-msgstr "&#1578;&#1581;&#1585;&#1610;&#1585;"
-
-#: www/account/27.php:21
-msgid "Edit Organisation"
-msgstr "&#1578;&#1581;&#1585;&#1610;&#1585; &#1575;&#1604;&#1605;&#1572;&#1587;&#1587;&#1577; (&#1575;&#1604;&#1605;&#1606;&#1592;&#1605;&#1577;)"
-
-#: www/account/16.php:26 www/account/16.php:31 www/account/33.php:26
-#: www/account/42.php:22 www/account/43.php:34 www/account/43.php:74
-#: www/account/44.php:22 www/account/50.php:22 www/wot/5.php:22
-msgid "Email"
-msgstr "&#1576;&#1585;&#1610;&#1583; &#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;"
-
-#: includes/account_stuff.php:149 www/account/2.php:18
-msgid "Email Accounts"
-msgstr "&#1581;&#1587;&#1575;&#1576;&#1575;&#1578; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;"
-
-#: www/account/0.php:21
-msgid "Email Accounts and Client Certificates"
-msgstr "&#1581;&#1587;&#1575;&#1576;&#1575;&#1578; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1608;&#1586;&#1576;&#1575;&#1574;&#1606; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578;"
-
-#: www/cap.php:72 www/account/1.php:22 www/account/11.php:34
-#: www/account/5.php:23 www/index/1.php:75 www/index/4.php:26
-#: www/index/5.php:21 www/gpg/2.php:21 www/disputes/1.php:23 www/help/4.php:29
-
-msgid "Email Address"
-msgstr "&#1593;&#1606;&#1608;&#1575;&#1606; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;"
-
-#: www/index.php:244
-msgid "Email Address was blank"
-msgstr "&#1581;&#1602;&#1604; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1601;&#1575;&#1585;&#1594;"
-
-#: www/wot/1.php:122
-msgid "Email Assurer"
-msgstr "&#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1604;&#1604;&#1605;&#1589;&#1575;&#1583;&#1602;"
-
-#: includes/account.php:51 includes/account.php:391
-msgid "Email Probe"
-msgstr "&#1575;&#1604;&#1578;&#1581;&#1602;&#1602; &#1605;&#1606; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1575;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;"
-
-#: www/help/2.php:20
-msgid "Emails are not secure. In fact emails are VERY not secure!"
-msgstr "&#1575;&#1604;&#1585;&#1587;&#1575;&#1574;&#1604; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583;&#1610;&#1577; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;&#1577; &#1604;&#1610;&#1587;&#1578; &#1570;&#1605;&#1606;&#1577;. &#1608;&#1601;&#1610; &#1575;&#1604;&#1608;&#1575;&#1602;&#1593; &#1575;&#1604;&#1585;&#1587;&#1575;&#1574;&#1604; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583;&#1610;&#1577; &#1575;&#1604;&#1575;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;&#1577; &#1594;&#1610;&#1585; &#1570;&#1605;&#1606;&#1577; &#1606;&#1607;&#1575;&#1574;&#1610;&#1575;&#1611;!"
-
-#: www/index/0.php:83
-msgid "Enable encrypted data transfer for users accessing your web, email, or other SSL enabled service on your server; wildcard certificates are allowed."
-msgstr "&#1601;&#1593;&#1617;&#1604; &#1606;&#1602;&#1604; &#1575;&#1604;&#1576;&#1610;&#1575;&#1606;&#1575;&#1578; &#1575;&#1604;&#1605;&#1588;&#1601;&#1585;&#1577; &#1604;&#1583;&#1582;&#1608;&#1604; &#1575;&#1604;&#1605;&#1587;&#1578;&#1582;&#1583;&#1605;&#1610;&#1606; &#1604;&#1582;&#1583;&#1605;&#1575;&#1578; &#1575;&#1604;&#1608;&#1576; &#1548; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1571;&#1608; &#1571;&#1610; &#1582;&#1583;&#1605;&#1575;&#1578; &#1605;&#1581;&#1605;&#1610;&#1577; &#1593;&#1604;&#1609; &#1605;&#1582;&#1583;&#1605;&#1603; &#1563; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1593;&#1575;&#1605;&#1577; &#1605;&#1605;&#1603;&#1606;&#1577; &#1571;&#1610;&#1590;&#1575;&#1611;"
-
-#: www/help/3.php:58
-msgid "Ensure 'Process the pending request and install the certificate' is selected and click on 'Next'."
-msgstr "&#1578;&#1571;&#1603;&#1583; &#1605;&#1606; &#1575;&#1582;&#1578;&#1610;&#1575;&#1585; '&#1605;&#1593;&#1575;&#1604;&#1580;&#1577; &#1575;&#1604;&#1591;&#1604;&#1576; &#1575;&#1604;&#1605;&#1593;&#1604;&#1617;&#1602; &#1608;&#1578;&#1585;&#1603;&#1610;&#1576; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577; ' &#1608;&#1575;&#1590;&#1594;&#1591; &quot; &#1575;&#1604;&#1578;&#1575;&#1604;&#1610; &quot;."
-
-#: www/help/3.php:63
-msgid "Ensure that you are processing the correct certificate"
-msgstr "&#1578;&#1571;&#1603;&#1583; &#1605;&#1606; &#1571;&#1606;&#1603; &#1578;&#1593;&#1575;&#1604;&#1580; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610;&#1577; &#1575;&#1604;&#1589;&#1581;&#1610;&#1581;&#1577;"
-
-#: www/help/3.php:17
-msgid "Enter a certificate name and select Certificate strength"
-msgstr "&#1575;&#1583;&#1582;&#1604; &#1575;&#1587;&#1605; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577; &#1608;&#1575;&#1582;&#1578;&#1585; &#1583;&#1585;&#1580;&#1577; &#1588;&#1583;&#1577; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577;"
-
-#: www/help/3.php:26
-msgid "Enter the Organisation name: this must be the full legal name of the Organisation that is applying for the certificate."
-msgstr "&#1575;&#1583;&#1582;&#1604; &#1575;&#1587;&#1605; &#1575;&#1604;&#1605;&#1572;&#1587;&#1587;&#1577;: &#1610;&#1580;&#1576; &#1571;&#1606; &#1610;&#1603;&#1608;&#1606; &#1575;&#1604;&#1575;&#1587;&#1605; &#1575;&#1604;&#1603;&#1575;&#1605;&#1604; &#1575;&#1604;&#1602;&#1575;&#1606;&#1608;&#1606;&#1610; &#1604;&#1604;&#1605;&#1572;&#1587;&#1587;&#1577; &#1575;&#1604;&#1578;&#1610; &#1578;&#1602;&#1583;&#1605;&#1578; &#1576;&#1575;&#1604;&#1591;&#1604;&#1576; &#1604;&#1604;&#1581;&#1589;&#1608;&#1604; &#1593;&#1604;&#1609; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577;."
-
-#: www/wot/3.php:30
-msgid "Enter the applicant's email address;"
-msgstr "&#1575;&#1583;&#1582;&#1604; &#1593;&#1606;&#1608;&#1575;&#1606; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1604;&#1605;&#1602;&#1583;&#1605; &#1575;&#1604;&#1591;&#1604;&#1576;&#1563;"
-
-#: www/help/3.php:33
-msgid "Enter the geographical details"
-msgstr "&#1573;&#1583;&#1582;&#1604; &#1575;&#1604;&#1576;&#1610;&#1575;&#1606;&#1575;&#1578; &#1575;&#1604;&#1580;&#1594;&#1585;&#1575;&#1601;&#1610;&#1577;"
-
-#: www/help/3.php:30
-msgid "Enter your Common Name"
-msgstr "&#1573;&#1583;&#1582;&#1604; &#1575;&#1604;&#1575;&#1587;&#1605; &#1575;&#1604;&#1588;&#1575;&#1574;&#1593;"
-
-#: www/help/3.php:25
-msgid "Enter your Organisation Information"
-msgstr "&#1575;&#1583;&#1582;&#1604; &#1576;&#1610;&#1575;&#1606;&#1575;&#1578; &#1575;&#1604;&#1605;&#1572;&#1587;&#1587;&#1577;"
-
-#: www/help/2.php:57
-msgid "Erroneous Verisign Issued Digital Certificates Pose Spoofing Hazard"
-msgstr "&#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610;&#1577; &#1575;&#1604;&#1582;&#1575;&#1591;&#1574;&#1577; &#1575;&#1604;&#1589;&#1575;&#1583;&#1585;&#1577; &#1605;&#1606; Verisign &#1578;&#1588;&#1603;&#1604; &#1582;&#1591;&#1585; &#1575;&#1604;&#1594;&#1588; &#1608;&#1575;&#1604;&#1578;&#1604;&#1575;&#1593;&#1576;"
-
-#: includes/account.php:67 www/verify.php:33 www/verify.php:45
-#: www/verify.php:76 www/verify.php:89
-msgid "Error!"
-msgstr "&#1582;&#1591;&#1571;!"
-
-#: www/help/2.php:21
-msgid "Ever requested a password that you lost to be emailed to you? That password was wide open to inspection by potential crackers."
-msgstr "&#1607;&#1604; &#1591;&#1604;&#1576;&#1578; &#1603;&#1604;&#1605;&#1577; &#1575;&#1604;&#1587;&#1585; &#1575;&#1604;&#1578;&#1610; &#1601;&#1602;&#1583;&#1578;&#1607;&#1575; &#1604;&#1578;&#1585;&#1587;&#1604; &#1573;&#1604;&#1610;&#1603; &#1576;&#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;&#1567; &#1573;&#1606; &#1603;&#1604;&#1605;&#1577; &#1575;&#1604;&#1587;&#1585; &#1578;&#1604;&#1603; &#1603;&#1575;&#1606;&#1578; &#1605;&#1578;&#1575;&#1581;&#1577; &#1580;&#1583;&#1575;&#1611; &#1604;&#1604;&#1576;&#1581;&#1579; &#1605;&#1606; &#1602;&#1576;&#1604; &#1604;&#1589;&#1608;&#1589; &#1575;&#1604;&#1576;&#1585;&#1575;&#1605;&#1580; &#1575;&#1604;&#1605;&#1581;&#1578;&#1605;&#1604;&#1610;&#1606;."
-
-#: www/account/12.php:50 www/account/18.php:50 www/account/22.php:50
-#: www/account/5.php:54
-msgid "Expired"
-msgstr "&#1575;&#1606;&#1578;&#1607;&#1578; &#1575;&#1604;&#1589;&#1604;&#1575;&#1581;&#1610;&#1577;"
-
-#: www/account/12.php:25 www/account/18.php:25 www/account/22.php:25
-#: www/account/5.php:25
-msgid "Expires"
-msgstr "&#1578;&#1606;&#1578;&#1607;&#1610; &#1575;&#1604;&#1589;&#1604;&#1575;&#1581;&#1610;&#1577;"
-
-#: www/wot/3.php:38
-msgid "Fees"
-msgstr "&#1585;&#1587;&#1608;&#1605; &#1605;&#1575;&#1604;&#1610;&#1577;"
-
-#: www/error404.php:19
-msgid "File not found!"
-msgstr "&#1604;&#1605; &#1610;&#1593;&#1579;&#1585; &#1593;&#1604;&#1609; &#1575;&#1604;&#1605;&#1604;&#1601;!"
-
-#: www/help/4.php:16
-msgid "Finally you will be asked information about 'extra' attribute, you simply hit enter to both these questions."
-msgstr "&#1571;&#1582;&#1610;&#1585;&#1575; &#1587;&#1578;&#1587;&#1571;&#1604; &#1593;&#1606; &#1575;&#1604;&#1605;&#1593;&#1604;&#1608;&#1605;&#1575;&#1578; &#1581;&#1608;&#1604; &quot;&#1575;&#1604;&#1582;&#1608;&#1575;&#1589; &#1575;&#1604;&#1573;&#1590;&#1575;&#1601;&#1610;&#1577; &quot;&#1548; &#1573;&#1590;&#1594;&#1591; &#1576;&#1576;&#1587;&#1575;&#1591;&#1577; &#1593;&#1604;&#1609; &#1586;&#1585; &#1575;&#1604;&#1573;&#1583;&#1582;&#1575;&#1604; &#1604;&#1603;&#1604;&#1575; &#1575;&#1604;&#1587;&#1572;&#1575;&#1604;&#1610;&#1606;."
-
-#: includes/account_stuff.php:191
-msgid "Find Domain"
-msgstr "&#1575;&#1576;&#1581;&#1579; &#1593;&#1606; &#1606;&#1591;&#1575;&#1602;"
-
-#: includes/account_stuff.php:191 www/account/42.php:19
-msgid "Find User"
-msgstr "&#1575;&#1576;&#1581;&#1579; &#1593;&#1606; &#1605;&#1587;&#1578;&#1582;&#1583;&#1605;"
-
-#: www/account/48.php:19
-msgid "Find User by Domain"
-msgstr "&#1575;&#1576;&#1581;&#1579; &#1593;&#1606; &#1605;&#1587;&#1578;&#1582;&#1583;&#1605; &#1581;&#1587;&#1576; &#1575;&#1604;&#1606;&#1591;&#1575;&#1602;"
-
-#: includes/account_stuff.php:182
-msgid "Find an Assurer"
-msgstr "&#1575;&#1576;&#1581;&#1579; &#1593;&#1606; &#1605;&#1589;&#1575;&#1583;&#1602;"
-
-#: www/help/3.php:41
-msgid "Finish up and exit IIS Certificate Wizard"
-msgstr "&#1573;&#1606;&#1607;&#1575;&#1569; &#1608;&#1582;&#1585;&#1608;&#1580; &#1605;&#1606; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1577; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610;&#1577; &#1575;&#1604;&#1593;&#1575;&#1605;&#1577; &#1604;&#1605;&#1582;&#1583;&#1605; IIS"
-
-#: www/account/13.php:27 www/account/13.php:75 www/account/43.php:78
-#: www/index/1.php:22
-msgid "First Name"
-msgstr "&#1575;&#1604;&#1575;&#1587;&#1605;"
-
-#: includes/account.php:769
-msgid "First and Last name fields can not be blank."
-msgstr "&#1604;&#1575;&#1610;&#1605;&#1603;&#1606; &#1604;&#1581;&#1602;&#1604;&#1610; &#1575;&#1604;&#1575;&#1587;&#1605; &#1608;&#1575;&#1604;&#1603;&#1606;&#1610;&#1577; &#1571;&#1606; &#1610;&#1576;&#1602;&#1610;&#1575; &#1601;&#1575;&#1585;&#1594;&#1610;&#1606;"
-
-#: www/index.php:233
-msgid "First and/or last names were blank."
-msgstr "&#1604;&#1605; &#1610;&#1578;&#1605; &#1575;&#1583;&#1582;&#1575;&#1604; &#1575;&#1604;&#1575;&#1587;&#1605; &#1608;/ &#1571;&#1608; &#1575;&#1604;&#1603;&#1606;&#1610;&#1577;"
-
-#: www/help/6.php:1
-msgid "Firstly you need to join CAcert to do that go:"
-msgstr "&#1571;&#1608;&#1604;&#1575;&#1611; &#1610;&#1580;&#1576; &#1593;&#1604;&#1610;&#1603; &#1575;&#1604;&#1575;&#1606;&#1590;&#1605;&#1575;&#1605; &#1573;&#1604;&#1609; CAcert &#1548; &#1608;&#1604;&#1604;&#1602;&#1610;&#1575;&#1605; &#1576;&#1584;&#1604;&#1603; &#1610;&#1580;&#1576; &#1575;&#1604;&#1584;&#1607;&#1575;&#1576; &#1573;&#1604;&#1609;:"
-
-#: www/help/4.php:1
-msgid "Firstly you will need to run the following command, preferably in secured directory no one else can access, however protecting your private keys is beyond the scope of this document."
-msgstr "&#1571;&#1608;&#1604;&#1575; &#1587;&#1578;&#1581;&#1578;&#1575;&#1580; &#1573;&#1604;&#1609; &#1575;&#1583;&#1582;&#1575;&#1604; &#1575;&#1604;&#1571;&#1605;&#1585; &#1575;&#1604;&#1578;&#1575;&#1604;&#1610;&#1548; &#1608;&#1610;&#1601;&#1590;&#1604; &#1601;&#1610; &#1583;&#1604;&#1610;&#1604; &#1605;&#1590;&#1605;&#1608;&#1606; &#1604;&#1575; &#1571;&#1581;&#1583; &#1594;&#1610;&#1585;&#1603; &#1610;&#1587;&#1578;&#1591;&#1610;&#1593; &#1583;&#1582;&#1608;&#1604;&#1607;&#1548; &#1593;&#1604;&#1609; &#1571;&#1610;&#1577; &#1581;&#1575;&#1604; &#1581;&#1605;&#1575;&#1610;&#1577; &#1605;&#1601;&#1575;&#1578;&#1610;&#1581;&#1603; &#1575;&#1604;&#1582;&#1575;&#1589;&#1617;&#1577; &#1604;&#1610;&#1587; &#1605;&#1608;&#1590;&#1608;&#1593; &#1607;&#1584;&#1607; &#1575;&#1604;&#1608;&#1579;&#1610;&#1602;&#1577;."
-
-#: www/help/0.php:2
-msgid "Following are several tips you may find useful."
-msgstr "&#1601;&#1610;&#1605;&#1575; &#1610;&#1604;&#1610; &#1593;&#1583;&#1577; &#1606;&#1589;&#1575;&#1574;&#1581; &#1575;&#1604;&#1578;&#1610; &#1602;&#1583; &#1578;&#1580;&#1583;&#1607;&#1575; &#1605;&#1601;&#1610;&#1583;&#1577;."
-
-#: www/account/37.php:23 www/index/12.php:23
-msgid "For administrators looking to protect the services they offer, we provide host and wild card certificates which you can issue almost immediately. Not only can you use these to protect websites, but also POP3, SMTP and IMAP connections, to list but a few. Unlike other certificate authorities, we don't limit the strength of the certificates, or the use of wild card certificates. Everyone should have the right to security and to protect their privacy, not just those looking to run ecommerce sites."
-msgstr "&#1604;&#1604;&#1605;&#1583;&#1585;&#1575;&#1569; &#1575;&#1604;&#1584;&#1610;&#1606; &#1610;&#1576;&#1581;&#1579;&#1608;&#1606; &#1593;&#1606; &#1581;&#1605;&#1575;&#1610;&#1577; &#1582;&#1583;&#1605;&#1575;&#1578;&#1607;&#1605; &#1575;&#1604;&#1605;&#1593;&#1585;&#1608;&#1590;&#1577;&#1548; &#1601;&#1606;&#1581;&#1606; &#1606;&#1586;&#1608;&#1617;&#1583; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1585;&#1602;&#1605;&#1610;&#1577; &#1575;&#1604;&#1593;&#1575;&#1605;&#1577; &#1608; &#1604;&#1604;&#1575;&#1587;&#1578;&#1590;&#1575;&#1601;&#1577; &#1575;&#1604;&#1578;&#1610; &#1610;&#1605;&#1603;&#1606;&#1603; &#1575;&#1589;&#1583;&#1575;&#1585;&#1607;&#1575; &#1578;&#1602;&#1585;&#1610;&#1576;&#1575; &#1601;&#1608;&#1585;&#1575;. &#1610;&#1605;&#1603;&#1606; &#1575;&#1587;&#1578;&#1593;&#1605;&#1575;&#1604;&#1607;&#1575; &#1604;&#1610;&#1587; &#1601;&#1602;&#1591; &#1604;&#1581;&#1605;&#1575;&#1610;&#1577; &#1575;&#1604;&#1605;&#1608;&#1575;&#1602;&#1593; &#1593;&#1604;&#1609; &#1575;&#1604;&#1573;&#1606;&#1578;&#1585;&#1606;&#1578; &#1548; &#1576;&#1604; &#1571;&#1610;&#1590;&#1575;&#1611; &#1604;&#1581;&#1605;&#1575;&#1610;&#1577; &#1605;&#1582;&#1583;&#1605;&#1575;&#1578; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; POP3, SMTP &#1608;&#1575;&#1604;&#1575;&#1578;&#1589;&#1575;&#1604;&#1575;&#1578; &#1605;&#1593; IMAP&#1548; &#1608;&#1607;&#1584;&#1575; &#1580;&#1586;&#1569; &#1605;&#1606; &#1575;&#1604;&#1602;&#1575;&#1574;&#1605;&#1577;. &#1593;&#1604;&#1609; &#1582;&#1604;&#1575;&#1601; &#1605;&#1589;&#1583;&#1585;&#1610; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1571;&#1582;&#1585;&#1609;&#1548; &#1606;&#1581;&#1606; &#1604;&#1575; &#1606;&#1581;&#1583;&#1617;&#1583; &#1583;&#1585;&#1580;&#1577; &#1602;&#1608;&#1617;&#1577; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578;&#1548; &#1571;&#1608; &#1573;&#1587;&#1578;&#1593;&#1605;&#1575;&#1604; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1593;&#1575;&#1605;&#1617;&#1577;. &#1610;&#1580;&#1576; &#1571;&#1606; &#1610;&#1605;&#1578;&#1604;&#1603; &#1603;&#1604;&#1617; &#1588;&#1582;&#1589; &#1575;&#1604;&#1581;&#1602;&#1617; &#1601;&#1610; &#1575;&#1604;&#1571;&#1605;&#1606; &#1608;&#1581;&#1605;&#1575;&#1610;&#1577; &#1582;&#1589;&#1608;&#1589;&#1610;&#1575;&#1578;&#1607;&#1548; &#1604;&#1610;&#1587; &#1601;&#1602;&#1591; &#1605;&#1606; &#1610;&#1585;&#1594;&#1576; &#1576;&#1573;&#1606;&#1588;&#1575;&#1569; &#1605;&#1608;&#1575;&#1602;&#1593; &#1604;&#1604;&#1578;&#1580;&#1575;&#1585;&#1577; &#1575;&#1604;&#1575;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;&#1577;."
-
-#: www/help/3.php:71
-msgid "For more information, refer to your server documentation or visit"
-msgstr "&#1604;&#1605;&#1593;&#1604;&#1608;&#1605;&#1575;&#1578; &#1573;&#1590;&#1575;&#1601;&#1610;&#1577; &#1548; &#1585;&#1575;&#1580;&#1593; &#1575;&#1604;&#1608;&#1579;&#1575;&#1574;&#1602; &#1575;&#1604;&#1605;&#1578;&#1593;&#1604;&#1602;&#1577; &#1576;&#1605;&#1582;&#1583;&#1605;&#1603; &#1571;&#1608; &#1602;&#1605; &#1576;&#1586;&#1610;&#1575;&#1585;&#1577;"
-
-#: www/account/37.php:21 www/index/12.php:21
-msgid "For the enthusiast looking to dip their toe in the water, we have an easy way of obtaining certificates you can use with your email program. You can use these not only to encrypt, but to prove to your friends and family that your email really does come from you."
-msgstr "&#1604;&#1583;&#1610;&#1606;&#1575; &#1591;&#1585;&#1610;&#1602;&#1577; &#1576;&#1587;&#1610;&#1591;&#1577; &#1604;&#1604;&#1581;&#1589;&#1608;&#1604; &#1593;&#1604;&#1609; &#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1604;&#1575;&#1587;&#1578;&#1582;&#1583;&#1575;&#1605;&#1607;&#1575; &#1604;&#1610;&#1587; &#1601;&#1602;&#1591; &#1601;&#1610; &#1578;&#1588;&#1601;&#1610;&#1585; &#1585;&#1587;&#1575;&#1574;&#1604; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; &#1576;&#1604; &#1604;&#1604;&#1578;&#1571;&#1603;&#1610;&#1583; &#1604;&#1571;&#1589;&#1583;&#1602;&#1575;&#1574;&#1603; &#1608;&#1571;&#1607;&#1604;&#1603; &#1571;&#1606; &#1575;&#1604;&#1585;&#1587;&#1575;&#1604;&#1577; &#1575;&#1604;&#1573;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610;&#1577; &#1575;&#1604;&#1578;&#1610; &#1608;&#1585;&#1583;&#1578;&#1607;&#1605; &#1607;&#1610; &#1601;&#1593;&#1604;&#1575;&#1611; &#1605;&#1606;&#1603; &#1578;&#1581;&#1583;&#1610;&#1583;&#1575;&#1611;."
-
-#: www/index/0.php:19
-msgid "For years we've all been charged high amounts of money to pay for security that doesn't and shouldn't cost the earth."
-msgstr "&#1604;&#1602;&#1583; &#1583;&#1601;&#1593;&#1606;&#1575; &#1604;&#1587;&#1606;&#1608;&#1575;&#1578; &#1605;&#1576;&#1575;&#1604;&#1594; &#1603;&#1576;&#1610;&#1585;&#1577; &#1605;&#1606; &#1575;&#1604;&#1605;&#1575;&#1604; &#1579;&#1605;&#1606;&#1575;&#1611; &#1604;&#1604;&#1571;&#1605;&#1606; &#1575;&#1604;&#1578;&#1610; &#1604;&#1575; &#1578;&#1603;&#1604;&#1617;&#1601; &#1608;&#1604;&#1575; &#1610;&#1580;&#1576; &#1571;&#1606; &#1578;&#1603;&#1604;&#1617;&#1601; &#1571;&#1603;&#1579;&#1585; &#1605;&#1606; &#1581;&#1601;&#1606;&#1577; &#1578;&#1585;&#1575;&#1576;."
-
-#: www/account/12.php:78 www/account/18.php:84 www/account/22.php:80
-#: www/account/5.php:84
-msgid "From here you can delete pending requests, or revoke valid certificates."
-msgstr "&#1605;&#1606; &#1607;&#1606;&#1575; &#1610;&#1605;&#1603;&#1606;&#1603; &#1581;&#1584;&#1601; &#1575;&#1604;&#1591;&#1604;&#1576;&#1575;&#1578; &#1575;&#1604;&#1605;&#1593;&#1604;&#1617;&#1602;&#1577;&#1548; &#1571;&#1608; &#1573;&#1576;&#1591;&#1575;&#1604; &#1575;&#1604;&#1588;&#1607;&#1575;&#1583;&#1575;&#1578; &#1575;&#1604;&#1589;&#1581;&#1610;&#1581;&#1577;."
-
-#: www/stats.php:55
-msgid "Users with 50-99 Points"
-msgstr "&#1575;&#1604;&#1605;&#1587;&#1578;&#1582;&#1583;&#1605;&#1610;&#1606; &#1605;&#1593; &#1606;&#1602;&#1575;&#1591; 50-99"
-
-#: includes/account_stuff.php:185
-msgid "GPG/PGP Keys"
-msgstr "&#1605;&#1601;&#1575;&#1578;&#1610;&#1581; &#1575;&#1604;&#1600; GPG/PGP"
-
-#: www/account/36.php:22 www/index/1.php:111
-msgid "General Announcements"
-msgstr "&#1576;&#1604;&#1575;&#1594;&#1575;&#1578; &#1593;&#1575;&#1605;&#1577;"
-
-#: www/account/40.php:17 www/index/11.php:17
-msgid "General Questions"
-msgstr "&#1575;&#1604;&#1571;&#1587;&#1574;&#1604;&#1577; &#1575;&#1604;&#1593;&#1575;&#1605;&#1577;"
-
-#: www/disputes.php:320
-#, php-format
-msgid "The domain '%s' doesn't exist in the system. Can't continue."
-msgstr "&#1604;&#1605; &#1610;&#1593;&#1579;&#1585; &#1593;&#1604;&#1609; &#1575;&#1604;&#1606;&#1591;&#1575;&#1602; '%s' &#1601;&#1610; &#1575;&#1604;&#1606;&#1592;&#1575;&#1605;. &#1575;&#1604;&#1575;&#1587;&#1578;&#1605;&#1585;&#1575;&#1585; &#1594;&#1610;&#1585; &#1605;&#1605;&#1603;&#1606;."
-
-#: www/disputes.php:247
-#, php-format
-msgid "The email address '%s' doesn't exist in the system. Can't continue."
-msgstr "&#1604;&#1605; &#1610;&#1593;&#1579;&#1585; &#1593;&#1604;&#1609; &#1593;&#1606;&#1608;&#1575;&#1606; &#1575;&#1604;&#1576;&#1585;&#1610;&#1583; &#1575;&#1604;&#1575;&#1604;&#1603;&#1578;&#1585;&#1608;&#1606;&#1610; '%s' &#1601;&#1610; &#1575;&#1604;&#1606;&#1592;&#1575;&#1605;. &#1575;&#1604;&#1575;&#1587;&#1578;&#1605;&#1585;&#1575;&#1585; &#1594;&#1610;&#1585; &#1605;&#1605;&#1603;&#1606;."
-
-#: www/stats.php:51
-msgid "Users with 1-49 Points"
-msgstr "&#1575;&#1604;&#1605;&#1587;&#1578;&#1582;&#1583;&#1605;&#1608;&#1606; &#1605;&#1593; &#1606;&#1602;&#1575;&#1591; 1-49"
-
-#: www/help/4.php:4
-msgid "Generating a 1024 bit RSA private key"
-msgstr ""
-
-#: www/help/3.php:1
-msgid "Generating a Key Pair and Certificate Signing Request (CSR) for a Microsoft Internet Information Server (IIS) 5.0."
-msgstr ""
-
-#: includes/account_stuff.php:142
-msgid "Go Home"
-msgstr ""
-
-#: www/account/40.php:19 www/index/11.php:19
-msgid "Go here for more details."
-msgstr ""
-
-#: www/help/2.php:16
-msgid "Good question"
-msgstr ""
-
-#: www/stats.php:102
-msgid "Growth by year"
-msgstr ""
-
-#: www/stats.php:66
-msgid "Growth in the last 12 months"
-msgstr ""
-
-#: www/help/0.php:1
-msgid "Help!"
-msgstr ""
-
-#: www/account/10.php:29 www/account/16.php:41 www/account/20.php:26
-#: www/account/3.php:53
-msgid "Sign by class 3 root certificate"
-msgstr ""
-
-#: www/account/19.php:54 www/account/6.php:52
-msgid "Hit the 'Install your Certificate' button below to install the certificate into MS IE 5.x and above."
-msgstr ""
-
-#: www/account/30.php:24
-msgid "Hitting delete will also revoke all existing certificates issued under this domain"
-msgstr ""
-
-#: www/account/29.php:24
-msgid "Hitting update will also revoke all existing certificates issued under this domain"
-msgstr ""
-
-#: www/wot/1.php:23 www/wot/7.php:26
-msgid "Home"
-msgstr ""
-
-#: www/help/2.php:8
-msgid "How do I create my own digital signature?!"
-msgstr ""
-
-#: www/help/0.php:8
-msgid "How do I generate a private key and CSR using OpenSSL?"
-msgstr ""
-
-#: www/help/0.php:9
-msgid "How do I get a secured by CAcert emblem on my site?"
-msgstr ""
-
-#: www/index/7.php:23
-msgid "Has put so much effort into CAcert I don't know where to begin, he managed to get the CPS Christian had started up to draft status, he has given countless hours to assuring people and attending conferences to help spread the word"
-msgstr ""
-
-#: www/help/2.php:4 www/help/2.php:21 www/help/2.php:24
-msgid "How it prepares us to protect our freedom"
-msgstr ""
-
-#: www/account/39.php:50 www/index/10.php:50
-msgid "How to update, correct, or delete your information"
-msgstr ""
-
-#: www/index/51.php:27
-msgid "How?"
-msgstr ""
-
-#: includes/general_stuff.php:64
-msgid "Howto Information"
-msgstr ""
-
-#: www/help/2.php:9 www/help/2.php:41
-msgid "I can't wait to start sending encrypted emails!"
-msgstr ""
-
-#: includes/account.php:884
-msgid "I couldn't match any emails against your organisational account."
-msgstr ""
-
-#: includes/account.php:120 includes/account.php:152 includes/account.php:254
-#: includes/account.php:904 includes/account.php:991
-msgid "I didn't receive a valid Certificate Request, hit the back button and try again."
-msgstr ""
-
-#: www/wot/8.php:25
-msgid "I don't want to be listed"
-msgstr ""
-
-#: www/account/10.php:18 www/account/20.php:18 www/account/3.php:18
-msgid "I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors."
-msgstr ""
-
-#: www/wot/8.php:26
-msgid "I want to be listed"
-msgstr ""
-
-#: www/help/8.php:2
-msgid "I'll anwser the why part first, as that's reasonably easy. The short answer is it takes most of the key handling responsibilty away from you and/or your group. If you need to revoke your key for any reason (such as a developer leaving the project) it won't effect your ability to revoke the existing key or keys, and issue new ones."
-msgstr ""
-
-#: www/account/43.php:62
-msgid "I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"
-msgstr ""
-
-#: www/wot.php:42
-msgid "I'm sorry, there was no email matching what you entered in the system. Please double check your information."
-msgstr ""
-
-#: www/account/38.php:17 www/index/13.php:17
-msgid "If I'd like to donate to CAcert Inc., how can I do it?"
-msgstr ""
-
-#: www/account/10.php:22 www/account/20.php:22
-msgid "If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence."
-msgstr ""
-
-#: www/account/3.php:22
-msgid "If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed andwill not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence."
-msgstr ""
-
-#: www/help/7.php:3
-msgid "If the root store detects a bad request it assumes the webserver is compromised and shuts itself down."
-msgstr ""
-
-#: www/help/7.php:4
-msgid "If the root store doesn't receive a 'ping' reply over the serial link within a determined amount of time it assumes the webserver is compromised or the root store itself has been stolen and shuts itself down."
-msgstr ""
-
-#: www/account/39.php:47 www/index/10.php:47
-msgid "If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information."
-msgstr ""
-
-#: www/wot/7.php:140
-msgid "If you are happy with this location, click 'Make my location here' to update your location details."
-msgstr ""
-
-#: www/account/40.php:41 www/index/11.php:41
-msgid "If you have questions, comments or otherwise and information you're sending to us contains sensitive details, you should use the contact form below. Due to the large amounts of support emails we receive, sending general questions via this contact form will generally take longer then using the support mailing list. Also sending queries in anything but english could cause delays in supporting you as we'd need to find a translator to help."
-msgstr ""
-
-#: www/account/39.php:55 www/index/10.php:55
-msgid "If you need to contact us in writing, address your mail to:"
-msgstr ""
-
-#: scripts/removedead.php:57
-msgid "If you needed more time or any other extenuating circumstances you should contact us immediately so this situation can be dealt with immediately."
-msgstr ""
-
-#: www/account/0.php:18
-msgid "If you would like to view news items or change languages you can click the logout or go home links. Go home doesn't log you out of the system, just returns you to the front of the website. Logout logs you out of the system."
-msgstr ""
-
-#: www/account/37.php:25 www/index/12.php:25
-msgid "If you're extremely serious about encryption, you can join CAcert's Assurance Programme and Web of Trust. This allows you to have your identity verified to obtain added benefits, including longer length certificates and the ability to include your name on email certificates."
-msgstr ""
-
-#: www/wot/3.php:32
-msgid "If, and only if, the two match completely - you may award trust points up to the maximum points you are able to allocate;"
-msgstr ""
-
-#: www/help/7.php:1
-msgid "In light of a request on the bugzilla list for more information about how our root certificate is protected I've decided to do a write up here and see if there is anything more people suggest could be done, or a better way of handling things altogether."
-msgstr ""
-
-#: www/help/3.php:9
-msgid "In the 'Directory Security' folder click on the 'Server Certificate' button in the 'Secure communications' section. If you have not used this option before the 'Edit' button will not be active."
-msgstr ""
-
-#: www/help/3.php:57
-msgid "In the 'IIS Certificate Wizard' you should find a 'Pending Certificate Request'."
-msgstr ""
-
-#: www/account/0.php:20
-msgid "In this section you will be able to edit your personal information (if you haven't been assured), update your pass phrase, and lost pass phrase questions. You will also be able to set your location for the Web of Trust, it also effects the email announcement settings which among other things can be set to notify you if you're within 200km of a planned assurance event. You'll also be able to set additional contact information when you become fully trusted, so others can contact you to meet up outside official events."
-msgstr ""
-
-#: www/account/3.php:53 www/account/3.php:54 www/account/3.php:55
-#: www/account/3.php:56
-msgid "Include"
-msgstr ""
-
-#: www/index/0.php:23
-msgid "Inclusion into mainstream browsers!"
-msgstr ""
-
-#: www/index.php:195
-msgid "Incorrect email address and/or Pass Phrase."
-msgstr ""
-
-#: www/account/19.php:60 www/account/6.php:58
-msgid "Install Your Certificate"
-msgstr ""
-
-#: www/help/3.php:51
-msgid "Installation steps"
-msgstr ""
-
-#: www/account/19.php:43 www/account/19.php:52 www/account/6.php:41
-#: www/account/6.php:50
-msgid "Installing your certificate"
-msgstr ""
-
-#: www/index/0.php:15
-msgid "Introduction"
-msgstr ""
-
-#: includes/account.php:517 includes/account.php:583 includes/account.php:611
-#: includes/account.php:644 includes/account.php:694 includes/account.php:720
-#: includes/account.php:1042 includes/account.php:1092
-#: includes/account.php:1119 includes/account.php:1253
-#: includes/account.php:1308 includes/account.php:1337
-#, php-format
-msgid "Invalid ID '%s' presented, can't do anything with it."
-msgstr ""
-
-#: includes/account.php:776 www/index.php:239
-msgid "Invalid date of birth"
-msgstr ""
-
-#: www/wot/6.php:78
-msgid "Issuing a temporary increase will automatically boost their points to 200 points for a nomindated amount of days, after which the person will be reduced to 150 points regardless of the amount of points they had previously. Regardless of method chosen above it will be recorded in the system as an Administrative Increase and there is a maximum amount of 45 days that points can be issued for."
-msgstr ""
-
-#: www/wot/3.php:17
-msgid "It is essential that CAcert Assurers understand and follow the rules below to ensure that applicants for assurance are suitably identified, which, in turn, maintains trust in the system."
-msgstr ""
-
-#: www/wot/3.php:36
-msgid "It is imperative that you maintain the confidentiality and privacy of the applicant, and never disclose the information obtained without the applicant's consent."
-msgstr ""
-
-#: includes/account.php:589 includes/account.php:700 includes/account.php:1048
-#: includes/account.php:1098 includes/account.php:1259
-#: includes/account.php:1314
-#, php-format
-msgid "It would seem '%s' has already been revoked. I'll skip this for now."
-msgstr ""
-
-#: www/index/0.php:17
-msgid "It's been a long time coming, but the wait was worthwhile, finally you are able to get security at the right price... Free!"
-msgstr ""
-
-#: www/index/1.php:107
-msgid "It's possible to get notifications of up and coming events and even just general announcements, untick any notifications you don't wish to receive. For country, regional and radius notifications to work you must choose your location once you've verified your account and logged in."
-msgstr ""
-
-#: includes/general_stuff.php:53
-msgid "Join"
-msgstr ""
-
-#: includes/general_stuff.php:52
-msgid "Join CAcert.org"
-msgstr ""
-
-#: www/account/17.php:21 www/account/4.php:21
-msgid "Key Strength:"
-msgstr ""
-
-#: www/help/3.php:4
-msgid "Key generation process"
-msgstr ""
-
-#: www/account/17.php:131 www/account/4.php:131
-msgid "Keysize:"
-msgstr ""
-
-#: www/wot/9.php:47
-msgid "Language"
-msgstr ""
-
-#: www/account/13.php:37 www/account/13.php:85 www/account/43.php:86
-#: www/index/1.php:32
-msgid "Last Name"
-msgstr ""
-
-#: www/index/0.php:28
-msgid "Latest News"
-msgstr ""
-
-#: www/wot/3.php:41
-msgid "Liability"
-msgstr ""
-
-#: www/index/0.php:54 www/index/0.php:64 www/index/0.php:74 www/index/0.php:84
-#: www/index/0.php:94 www/index/0.php:104 www/index/0.php:114
-msgid "Limitations"
-msgstr ""
-
-#: www/wot/1.php:23 www/wot/1.php:30 www/wot/1.php:43 www/wot/1.php:56
-#: www/wot/1.php:74 www/wot/1.php:87 www/wot/1.php:102 www/wot/7.php:26
-#: www/wot/7.php:35 www/wot/7.php:46 www/wot/7.php:58
-msgid "Listed"
-msgstr ""
-
-#: www/help/4.php:11
-msgid "Locality Name (eg, city) [Sydney]:"
-msgstr ""
-
-#: www/account/11.php:30 www/account/21.php:33 www/account/43.php:196
-#: www/account/43.php:231 www/wot/10.php:25 www/wot/10.php:58 www/wot/6.php:69
-msgid "Location"
-msgstr ""
-
-#: www/wot/7.php:123
-msgid "Location Name"
-msgstr ""
-
-#: www/index/4.php:23 www/index/4.php:34
-msgid "Login"
-msgstr ""
-
-#: includes/account_stuff.php:142
-msgid "Logout"
-msgstr ""
-
-#: www/index/5.php:18
-msgid "Lost Pass Phrase"
-msgstr ""
-
-#: www/index/6.php:18
-msgid "Lost Pass Phrase - Step 2"
-msgstr ""
-
-#: www/account/13.php:100
-msgid "Lost Pass Phrase Questions"
-msgstr ""
-
-#: pages/index/0.php:24
-#, php-format
-msgid "Have you passed the CAcert %s Assurer Challenge %s yet?"
-msgstr ""
-
-#: includes/general_stuff.php:59 www/account/43.php:106 www/account/43.php:110
-#: www/account/43.php:114 www/account/43.php:118 www/account/43.php:122
-#: www/account/43.php:126 www/account/43.php:130 www/account/43.php:134
-#: www/account/43.php:138 www/account/43.php:142
-msgid "Lost Password"
-msgstr ""
-
-#: www/index.php:318
-msgid "Mail Probe"
-msgstr ""
-
-#: www/account/2.php:49
-msgid "Make Default"
-msgstr ""
-
-#: www/wot/7.php:138
-msgid "Make my location here"
-msgstr ""
-
-#: www/index/51.php:21
-msgid "Many are just the users of the system who by just making use of the project contribute to the wider community by word-of-mouth."
-msgstr ""
-
-#: www/index/51.php:24
-msgid "Many people are currently dissatisfied with the commercial offerings. Many people wish only to connect or share with people they know, or simply secure their webmail from people potentially sniffing their traffic. Why subscribe to a service that is not structured to handle this, and furthermore charges a king's ransom for the privilege?"
-msgstr ""
-
-#: www/index/7.php:17
-msgid "Many people to thank, if you've had a large input with the CAcert project with code, documentation, translations, or assurances and would like recognition let me know."
-msgstr ""
-
-#: www/account/32.php:25 www/account/33.php:35
-msgid "Master Account"
-msgstr ""
-
-#: www/wot/1.php:120
-msgid "Max Points"
-msgstr ""
-
-#: www/wot/9.php:56
-msgid "Message"
-msgstr ""
-
-#: www/account/43.php:197 www/account/43.php:232 www/wot/10.php:26
-#: www/wot/10.php:59 www/wot/6.php:52
-msgid "Method"
-msgstr ""
-
-#: www/help/2.php:58
-msgid "Microsoft Root Certificate Program"
-msgstr ""
-
-#: www/help/3.php:71
-msgid "Microsoft Support Online"
-msgstr ""
-
-#: www/account/43.php:82
-msgid "Middle Name"
-msgstr ""
-
-#: www/account/13.php:31 www/account/13.php:79 www/index/1.php:26
-msgid "Middle Name(s)"
-msgstr ""
-
-#: www/help/2.php:26
-msgid "Most people would object if they found that all their postal letters are being opened, read and possibly recorded by the Government before being passed on to the intended recipient, resealed as if nothing had happened. And yet this is what happens every day with your emails (in the UK). There are some who have objected to this intrusion of privacy, but their voices are small and fall on deaf ears. However the most effective way to combat this intrusion is to seal the envelope shut in a miniature bank vault, i.e. encrypt your email. If all emails were encrypted, it would be very hard for Government, or other organisations/individual crackers, to monitor the general public. They would only realistically have enough resources to monitor those they had reason to suspect. Why? Because encryption can be broken, but it takes a lot of computing power and there wouldn't be enough to monitor the whole population of any given country."
-msgstr ""
-
-#: includes/general_stuff.php:56 www/account/0.php:15
-msgid "My Account"
-msgstr ""
-
-#: includes/account_stuff.php:146 www/account/36.php:18
-msgid "My Alert Settings"
-msgstr ""
-
-#: includes/account.php:24 includes/account.php:35 includes/account.php:53
-#: includes/account.php:76 includes/account.php:85 includes/account.php:119
-#: includes/account.php:151 includes/account.php:176 includes/account.php:253
-#: includes/account.php:280 includes/account.php:303 includes/account.php:362
-#: includes/account.php:372 includes/account.php:393 includes/account.php:402
-#: includes/account.php:447 includes/account.php:460 includes/account.php:490
-#: includes/account.php:503 includes/account.php:536 includes/account.php:569
-#: includes/account.php:632 includes/account.php:682 includes/account.php:813
-#: includes/account.php:826 includes/account.php:883 includes/account.php:903
-#: includes/account.php:990 includes/account.php:1016
-#: includes/account.php:1028 includes/account.php:1079
-#: includes/account.php:1163 includes/account.php:1176
-#: includes/account.php:1226 includes/account.php:1238
-#: includes/account.php:1293 includes/account.php:1361
-#: includes/account.php:1387 includes/account.php:1415
-#: includes/account.php:1443 includes/account.php:1490
-#: includes/account.php:1502 includes/account.php:1565
-#: includes/account.php:1668 includes/account.php:1675
-#: includes/account.php:1685 includes/account.php:1728
-#: includes/account.php:1754 includes/account.php:1773
-#: includes/account.php:1801 includes/general.php:296 includes/general.php:374
-#: www/account.php:41 www/error404.php:17 www/wot.php:22 www/wot.php:124
-#: www/wot.php:132 www/wot.php:145 www/wot.php:246 www/wot.php:265
-#: www/wot.php:277 www/wot.php:288 www/account/15.php:23 www/account/19.php:23
-#: www/account/19.php:42 www/account/19.php:50 www/account/23.php:23
-#: www/account/6.php:21 www/account/6.php:40 www/account/6.php:48
-msgid "My CAcert.org Account!"
-msgstr ""
-
-#: includes/account_stuff.php:145 www/account/0.php:19 www/account/13.php:23
-#: www/index/1.php:19
-msgid "My Details"
-msgstr ""
-
-#: www/account/41.php:18
-msgid "My Language Settings"
-msgstr ""
-
-#: includes/account_stuff.php:146 www/wot/8.php:19
-msgid "My Listing"
-msgstr ""
-
-#: includes/account_stuff.php:146
-msgid "My Location"
-msgstr ""
-
-#: www/account/41.php:21
-msgid "My prefered language"
-msgstr ""
-
-#: www/account/2.php:41
-msgid "N/A"
-msgstr ""
-
-#: www/account/16.php:35 www/wot/1.php:119 www/wot/6.php:43
-msgid "Name"
-msgstr ""
-
-#: includes/account_stuff.php:154 includes/account_stuff.php:162
-#: includes/account_stuff.php:167 includes/account_stuff.php:171
-#: includes/account_stuff.php:186
-msgid "New"
-msgstr ""
-
-#: www/account/33.php:23
-#, php-format
-msgid "New Admin for %s"
-msgstr ""
-
-#: www/stats.php:71 www/stats.php:107
-msgid "New Assurers"
-msgstr ""
-
-#: www/stats.php:72 www/stats.php:108
-msgid "New Certificates"
-msgstr ""
-
-#: www/account/16.php:18 www/account/3.php:27
-msgid "New Client Certificate"
-msgstr ""
-
-#: www/account/28.php:22
-#, php-format
-msgid "New Domain for %s"
-msgstr ""
-
-#: includes/account_stuff.php:177 www/account/24.php:18
-msgid "New Organisation"
-msgstr ""
-
-#: www/account/14.php:25 www/index/6.php:43
-msgid "New Pass Phrase"
-msgstr ""
-
-#: includes/account.php:829 www/index.php:92
-msgid "New Pass Phrases specified don't match or were blank."
-msgstr ""
-
-#: www/account/44.php:26
-msgid "New Password"
-msgstr ""
-
-#: www/stats.php:70 www/stats.php:106
-msgid "New Users"
-msgstr ""
-
-#: www/account/16.php:40 www/account/24.php:45 www/account/3.php:70
-#: www/account/42.php:26 www/account/44.php:30 www/account/48.php:26
-#: www/index/1.php:117 www/index/5.php:53 www/index/6.php:54 www/wot/5.php:26
-msgid "Next"
-msgstr ""
-
-#: www/help/4.php:17
-msgid "Next step is that you submit the contents of server.csr to the CAcert website, it should look *EXACTLY* like the following example otherwise the server may reject your request because it appears to be invalid."
-msgstr ""
-
-#: www/account/50.php:29
-msgid "No"
-msgstr ""
-
-#: www/account/3.php:52
-msgid "No Name"
-msgstr ""
-
-#: www/account/12.php:42 www/account/22.php:42 www/account/9.php:32
-msgid "No domains are currently listed."
-msgstr ""
-
-#: pages/account/53.php:83
-msgid "move"
-msgstr ""
-
-#: pages/index/1.php:90
-msgid "Lost Pass Phrase Questions - Please enter five questions and your responses to be used for security verification."
-msgstr ""
-
-#: www/account/15.php:24 www/account/19.php:24 www/account/23.php:24
-#: www/account/6.php:22
-msgid "No such certificate attached to your account."
-msgstr ""
-
-#: includes/account.php:1731
-msgid "No such user found."
-msgstr ""
-
-#: www/account/43.php:51
-#, php-format
-msgid "No users found matching %s"
-msgstr ""
-
-#: www/index/0.php:114
-msgid "None, the sky is the limit for CAcert."
-msgstr ""
-
-#: www/index/0.php:115
-msgid "None; $10 USD per year membership fee."
-msgstr ""
-
-#: includes/general_stuff.php:57
-msgid "Normal Login"
-msgstr ""
-
-#: www/account/12.php:56 www/account/18.php:56 www/account/22.php:56
-#: www/account/5.php:60
-msgid "Not Revoked"
-msgstr ""
-
-#: includes/account.php:25
-#, php-format
-msgid "Not a valid email address. Can't continue."
-msgstr ""
-
-#: www/help/2.php:10 www/help/2.php:44
-msgid "Notes for the strangely curious"
-msgstr ""
-
-#: www/account/39.php:45 www/index/10.php:45
-msgid "Notification of changes"
-msgstr ""
-
-#: www/help/3.php:12
-msgid "Now 'Create a new certificate'."
-msgstr ""
-
-#: includes/account.php:600 includes/account.php:711 includes/account.php:1109
-#: includes/account.php:1325
-msgid "Now deleting the following pending requests:"
-msgstr ""
-
-#: includes/account.php:506 includes/account.php:635 includes/account.php:1032
-#: includes/account.php:1241
-msgid "Now renewing the following certificates:"
-msgstr ""
-
-#: includes/account.php:572 includes/account.php:685 includes/account.php:1082
-#: includes/account.php:1296
-msgid "Now revoking the following certificates:"
-msgstr ""
-
-#: www/wot/6.php:81
-msgid "Number of days"
-msgstr ""
-
-#: pages/gpg/2.php:23
-msgid "Key ID"
-msgstr ""
-
-#: www/help/2.php:30
-msgid "Of the biggest reasons why most people haven't started doing this, apart from being slightly technical, the reason is financial. You need your own certificate to digitally sign your emails. And the Certificate Authorities charge money to provide you with your own certificate. Need I say more. Dosh = no thanks I'd rather walk home. But organisations are emerging to provide the common fool in the street with a free alternative. However, given the obvious lack of funding and the emphasis on money to get enrolled, these organisations do not yet have the money to get themselves established as trusted Certificate Authorities. Thus it is currently down to trust. The decision of the individual to trust an unknown Certificate Authority. However once you have put your trust in a Certificate Authority you can implicitly trust the digital signatures generated using their certificates. In other words, if you trust (and accept the certificate of) the Certificate Authority that I use, you can automatically trust my digital signature. Trust me!"
-msgstr ""
-
-#: www/account/14.php:21
-msgid "Old Pass Phrase"
-msgstr ""
-
-#: www/account/10.php:16 www/account/20.php:16 www/account/3.php:16
-msgid "Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement."
-msgstr ""
-
-#: www/account/0.php:26
-msgid "Once you have verified your company you will see these menu options. They allow you to issue as many certificates as you like without proving individual email accounts as you like, further more you are able to get your company details on the certificate."
-msgstr ""
-
-#: www/help/4.php:28
-msgid "Once you've submitted it the system will process your request and send an email back to you containing your server certificate."
-msgstr ""
-
-#: www/help/2.php:45
-msgid "One assumes that if a site has an SSL certificate (that's what enables secure communication, for exchanging personal details, credit card numbers, etc. and gives the 'lock' icon in the browser) that they have obtained that certificate from a reliable source (a Certificate Authority), which has the appropriate stringent credentials for issuing something so vital to the security of the Internet, and the security of your communications. You have probably never even asked yourself the question of who decided to trust these Certificate Authorities, because your browser comes with their (root) certificates pre-installed, so any web site that you come across that has an SSL certificate signed by one of them, is automatically accepted (by your browser) as trustworthy."
-msgstr ""
-
-#: www/wot/6.php:74
-msgid "Only fill this in if you assured the person on a different day"
-msgstr ""
-
-#: www/account/43.php:39 www/account/49.php:39
-msgid "Only the first 100 rows are displayed."
-msgstr ""
-
-#: www/wot/6.php:61
-msgid "Only tick the next box if the Assurance was face to face."
-msgstr ""
-
-#: www/help/3.php:8
-msgid "Open Directory Security folder"
-msgstr ""
-
-#: includes/account_stuff.php:176
-msgid "Org Admin"
-msgstr ""
-
-#: includes/account_stuff.php:166
-msgid "Org Client Certs"
-msgstr ""
-
-#: www/account/0.php:25
-msgid "Org Client and Server Certificates"
-msgstr ""
-
-#: includes/account_stuff.php:170
-msgid "Org Server Certs"
-msgstr ""
-
-#: www/account/11.php:29 www/account/21.php:32
-msgid "Org. Unit"
-msgstr ""
-
-#: www/account/11.php:28 www/account/21.php:31 www/account/25.php:20
-#: www/account/35.php:20
-msgid "Organisation"
-msgstr ""
-
-#: www/account/24.php:21 www/account/27.php:24
-msgid "Organisation Name"
-msgstr ""
-
-#: includes/account.php:1379 includes/account.php:1406
-msgid "Organisation Name and Contact Email are required fields."
-msgstr ""
-
-#: www/account/25.php:17 www/account/35.php:17
-msgid "Organisations"
-msgstr ""
-
-#: www/help/4.php:12
-msgid "Organization Name (eg, company) [XYZ Corp]:"
-msgstr ""
-
-#: www/help/4.php:13
-msgid "Organizational Unit Name (eg, section) [Server Administration]:."
-msgstr ""
-
-#: www/account/40.php:36 www/index/11.php:36
-msgid "Other Mailing Lists"
-msgstr ""
-
-#: www/index/16.php:16 www/index/3.php:16
-msgid "PKI Key"
-msgstr ""
-
-#: www/account/10.php:28 www/account/16.php:40 www/account/20.php:25
-#: www/account/3.php:52
-msgid "Sign by class 1 root certificate"
-msgstr ""
-
-#: pages/account/13.php:41 pages/account/13.php:51 pages/account/13.php:89
-#: pages/account/13.php:99 pages/index/1.php:33 pages/index/1.php:43
-msgid "optional"
-msgstr ""
-
-#: www/wot/6.php:28
-msgid "PLEASE NOTE: You have already assured this person before! If this is unintentional please DO NOT CONTINUE with this assurance."
-msgstr ""
-
-#: www/index/1.php:73 www/index/4.php:30
-msgid "Pass Phrase"
-msgstr ""
-
-#: www/account/14.php:29 www/index/1.php:77
-msgid "Pass Phrase Again"
-msgstr ""
-
-#: www/index.php:254
-msgid "Pass Phrases don't match"
-msgstr ""
-
-#: www/index.php:249
-msgid "Pass Phrases were blank"
-msgstr ""
-
-#: www/account/10.php:26 www/account/20.php:24 www/account/45.php:15
-msgid "Paste your CSR below..."
-msgstr ""
-
-#: www/account/12.php:52 www/account/12.php:59 www/account/18.php:52
-#: www/account/18.php:63 www/account/22.php:52 www/account/22.php:61
-#: www/account/5.php:56 www/account/5.php:63
-msgid "Pending"
-msgstr ""
-
-#: www/account/19.php:99 www/account/6.php:97
-msgid "Personal Certificate Installed."
-msgstr ""
-
-#: www/account/39.php:24 www/index/10.php:24
-msgid "Personal information"
-msgstr ""
-
-#: pages/wot/11.php:48
-msgid "for more information about Organizational Support."
-msgstr ""
-
-#: pages/wot/13.php:73
-msgid "(hit enter to submit)"
-msgstr ""
-
-#: www/capnew.php:1326
-msgid "location of the assurance"
-msgstr ""
-
-#: www/capnew.php:732 www/coapnew.php:753
-msgid "generated"
-msgstr ""
-
-#: pages/wot/12.php:32 pages/wot/13.php:72
-msgid "Location:"
-msgstr ""
-
-#: www/account/3.php:65
-msgid "Please Note: By ticking this box you will automatically have your name included in any certificates."
-msgstr ""
-
-#: www/account/2.php:56 www/account/9.php:56
-msgid "Please Note: You can not set an unverified account as a default account, and you can not remove a default account. To remove the default account you must set another verified account as the default."
-msgstr ""
-
-#: www/account/7.php:32
-msgid "Please Note: You only need to enter the main part of your domain, eg. mydomain.com rather then www.mydomain.com. Once you have verified your domain you are able to enter any sub-domain, such as www.mydomain.com or www.this.is.mydomain.com as the system checks from right to left, rather then specific hostnames when you upload a CSR to the system."
-msgstr ""
-
-#: www/wot.php:233
-#, php-format
-msgid "Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."
-msgstr ""
-
-#: www/wot.php:220
-#, php-format
-msgid "Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."
-msgstr ""
-
-#: www/account/8.php:19
-msgid "Please choose an authority email address"
-msgstr ""
-
-#: www/account/11.php:16 www/account/21.php:19
-msgid "Please make sure the following details are correct before proceeding any further."
-msgstr ""
-
-#: www/index/0.php:120
-msgid "Please note a general limitation is that, unlike long-time players like Verisign, CAcert's root certificate is not included by default in mainstream browsers, email clients, etc. This means people to whom you send encrypted email, or users who visit your SSL-enabled web server, will first have to import CAcert's root certificate, or they will have to agree to pop-up security warnings (which may look a little scary to non-techy users)."
-msgstr ""
-
-#: www/account/14.php:33 www/index/1.php:81 www/index/6.php:51
-msgid "Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol."
-msgstr ""
-
-#: www/wot/8.php:40
-msgid "Please note: All html will be stripped from the contact information box, a link to an email form will automatically be inserted to ensure your privacy."
-msgstr ""
-
-#: www/account/43.php:195 www/account/43.php:230 www/wot/10.php:24
-#: www/wot/10.php:57 www/wot/6.php:108
-msgid "Points"
-msgstr ""
-
-#: www/stats.php:59
-msgid "Points Issued"
-msgstr ""
-
-#: www/account/40.php:54 www/index/11.php:54
-msgid "Postal Address:"
-msgstr ""
-
-#: www/help/3.php:14
-msgid "Prepare the request"
-msgstr ""
-
-#: pages/index/8.php:5
-msgid "Secretary"
-msgstr ""
-
-#: www/wot/3.php:35
-msgid "Privacy"
-msgstr ""
-
-#: includes/account_stuff.php:210 includes/general_stuff.php:109
-#: www/account/39.php:15 www/index/10.php:15
-msgid "Privacy Policy"
-msgstr ""
-
-#: www/account/8.php:29
-msgid "Probe"
-msgstr ""
-
-#: www/wot/3.php:27
-msgid "Processing"
-msgstr ""
-
-#: www/help/8.php:1
-msgid "Question: I'm a software developer for linux and I want to use CAcert/openssl to distribute my packages with detached signatures, is this possible and why would I do this over PGP/GPG detached signatures?"
-msgstr ""
-
-#: www/help/2.php:11 www/help/2.php:54
-msgid "References"
-msgstr ""
-
-#: www/account/36.php:24 www/index/1.php:113
-msgid "Regional Announcements"
-msgstr ""
-
-#: includes/account.php:623 includes/account.php:732 includes/account.php:1131
-#: includes/account.php:1349
-#, php-format
-msgid "Removed a pending request for '%s'"
-msgstr ""
-
-#: www/account/12.php:71 www/account/18.php:77 www/account/22.php:73
-#: www/account/5.php:77
-msgid "Renew"
-msgstr ""
-
-#: www/account/12.php:21 www/account/18.php:21 www/account/22.php:21
-#: www/account/5.php:21
-msgid "Renew/Revoke/Delete"
-msgstr ""
-
-#: includes/account.php:548 includes/account.php:1270
-msgid "Renewing"
-msgstr ""
-
-#: www/index/6.php:47
-msgid "Repeat"
-msgstr ""
-
-#: www/help/3.php:52
-msgid "Return to the 'Internet Information Services' screen in 'Administrative Tools' under 'Control Panel'. Right click on 'Default Web Site' and select 'Properties'."
-msgstr ""
-
-#: www/account/12.php:72 www/account/18.php:78 www/account/22.php:74
-#: www/account/5.php:78
-msgid "Revoke/Delete"
-msgstr ""
-
-#: www/account/12.php:24 www/account/12.php:54 www/account/18.php:24
-#: www/account/18.php:54 www/account/22.php:24 www/account/22.php:54
-#: www/account/5.php:24 www/account/5.php:58
-msgid "Revoked"
-msgstr ""
-
-#: www/index/51.php:31
-msgid "Right now it's happening all around you - there are secured websites and email protocols being protected and trusted by people, signed by CAcert."
-msgstr ""
-
-#: includes/general_stuff.php:67
-msgid "Root Certificate"
-msgstr ""
-
-#: www/index/16.php:18 www/index/3.php:18
-msgid "Root Certificate (DER Format)"
-msgstr ""
-
-#: www/index/16.php:17 www/index/3.php:17
-msgid "Root Certificate (PEM Format)"
-msgstr ""
-
-#: includes/account_stuff.php:182
-msgid "Rules"
-msgstr ""
-
-#: www/index/7.php:20
-msgid "Put a lot of effort convincing people in Germany to signup and be assured, he started work on a new RFC compliant CPS, spent countless hours helping with tech support, and so much more"
-msgstr ""
-
-#: www/index/0.php:63
-msgid "Same as above plus you can include your full name in the certificates."
-msgstr ""
-
-#: www/index/0.php:94
-msgid "Same as above, except certificates expire in 24 months."
-msgstr ""
-
-#: www/index/0.php:95
-msgid "Same as above, plus get 50 assurance points by meeting with assurer(s) from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents."
-msgstr ""
-
-#: www/index/0.php:65
-msgid "Same as above, plus you must get a minimum of 50 assurance points by meeting with one or more assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents."
-msgstr ""
-
-#: www/index/0.php:93
-msgid "Same as above."
-msgstr ""
-
-#: www/help/3.php:46
-msgid "Saving the certificate"
-msgstr ""
-
-#: www/help/3.php:6 www/help/3.php:7 www/help/3.php:10 www/help/3.php:13
-#: www/help/3.php:16 www/help/3.php:19 www/help/3.php:29 www/help/3.php:32
-#: www/help/3.php:35 www/help/3.php:38 www/help/3.php:50 www/help/3.php:53
-#: www/help/3.php:56 www/help/3.php:59 www/help/3.php:62 www/help/3.php:65
-#: www/help/3.php:68
-msgid "Screenshot of IIS 5.0"
-msgstr ""
-
-#: www/wot/7.php:127
-msgid "Search"
-msgstr ""
-
-#: www/wot/7.php:120
-msgid "Search this region"
-msgstr ""
-
-#: www/account/43.php:163
-msgid "Secondary Emails"
-msgstr ""
-
-#: pages/wot/13.php:40
-msgid "Your location has been updated"
-msgstr ""
-
-#: www/account.php:49 www/index.php:475
-msgid "Your message has been sent to the general support list."
-msgstr ""
-
-#: www/account.php:35 www/index.php:464
-msgid "Your message has been sent."
-msgstr ""
-
-#: includes/account.php:2480
-msgid "Your vote has been accepted."
-msgstr ""
-
-#: www/cap.php:43 www/ttp.php:48 pages/help/3.php:62
-msgid "and"
-msgstr ""
-
-#: www/ttp.php:107
-msgid "as applicable"
-msgstr ""
-
-#: pages/account/13.php:56 pages/account/13.php:104 pages/index/1.php:48
-#: pages/index/5.php:26
-msgid "dd/mm/yyyy"
-msgstr ""
-
-#: pages/wot/13.php:65
-msgid "eg Sydney, New South Wales, Australia"
-msgstr ""
-
-#: includes/account.php:98
-msgid "has changed the default email on your account."
-msgstr ""
-
-#: includes/account.php:1076
-msgid "has changed the password on your account."
-msgstr ""
-
-#: pages/account/13.php:23
-msgid "has viewed your lost password questions."
-msgstr ""
-
-#: pages/help/3.php:63
-msgid "lines. Do not copy any extra line feeds or carriage returns at the beginning or end of the certificate. Save the certificate into a text editor like Notepad. Save the certificate with an extension of .cer and a meaningful name like certificate.cer"
-msgstr ""
-
-#: www/help/3.php:18
-msgid "Select 'Bit length'. We advise a key length of 1024 bits."
-msgstr ""
-
-#: www/help/3.php:11
-msgid "Select 'Create a new certificate'"
-msgstr ""
-
-#: www/help/3.php:55
-msgid "Select 'Server Certificate' at the bottom of the tab in the 'Secure communications' section."
-msgstr ""
-
-#: www/account/43.php:28 www/account/49.php:28
-msgid "Select Specific Account Details"
-msgstr ""
-
-#: www/help/3.php:37
-msgid "Select an easy to locate folder. You'll have to open this file up with Notepad. The CSR must be copied and pasted into our online form. Once the CSR has been submitted, you won't need this CSR any more as IIS won't reuse old CSR to generate new certificates."
-msgstr ""
-
-#: www/help/3.php:61
-msgid "Select the .cer file and click 'Next'."
-msgstr ""
-
-#: www/help/3.php:54
-msgid "Select the Directory Security tab"
-msgstr ""
-
-#: www/account/40.php:30 www/account/40.php:48 www/index/11.php:30
-#: www/index/11.php:48 www/wot/9.php:60
-msgid "Send"
-msgstr ""
-
-#: www/account/40.php:40 www/index/11.php:40
-msgid "Sensitive Information"
-msgstr ""
-
-#: includes/account_stuff.php:161
-msgid "Server Certificates"
-msgstr ""
-
-#: www/index/0.php:80
-msgid "Server certificates (un-assured)"
-msgstr ""
-
-#: www/wot.php:247
-msgid "Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this."
-msgstr ""
-
-#: www/account/40.php:51 www/index/11.php:51
-msgid "Snail Mail"
-msgstr ""
-
-#: www/help/2.php:50
-msgid "So if you don't pass the audit, you don't get to be a Certificate Authority. And to pass the audit, well, you've got to show that you can do a good job issuing certificates. That they're secure, you only give them to the right people, etc. So what happens when you make a mistake and you erroneously issue a certificate that risks the entire Internet browsing population, like Verisign did? Well, er, nothing actually. They already paid for their audit, and damn it, they're so big now, we couldn't possibly revoke their Certificate Authority status. (There's too much money at stake!)"
-msgstr ""
-
-#: www/index/51.php:33
-msgid "So what can I do to help the cause?"
-msgstr ""
-
-#: www/help/2.php:52
-msgid "So, dammit, what's the point of all this then?"
-msgstr ""
-
-#: www/account/39.php:39 www/index/10.php:39
-msgid "Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them."
-msgstr ""
-
-#: www/wot/9.php:19 www/wot/9.php:29
-msgid "Sorry, I was unable to locate that user."
-msgstr ""
-
-#: www/wot/6.php:85
-msgid "Sponsoring Member"
-msgstr ""
-
-#: www/help/4.php:10
-msgid "State or Province Name (full name) [NSW]:"
-msgstr ""
-
-#: www/account/11.php:31 www/account/21.php:34 www/account/24.php:33
-#: www/account/27.php:36
-msgid "State/Province"
-msgstr ""
-
-#: includes/general_stuff.php:66 www/stats.php:5 www/stats.php:9
-msgid "Statistics"
-msgstr ""
-
-#: www/account/12.php:22 www/account/18.php:22 www/account/2.php:22
-#: www/account/22.php:22 www/account/5.php:22 www/account/9.php:22
-msgid "Status"
-msgstr ""
-
-#: www/account/40.php:28 www/account/40.php:46 www/index/11.php:28
-#: www/index/11.php:46 www/wot/9.php:52
-msgid "Subject"
-msgstr ""
-
-#: www/gpg.php:22 www/account/10.php:29 www/account/11.php:36
-#: www/account/20.php:27 www/account/21.php:38 www/account/45.php:18
-msgid "Submit"
-msgstr ""
-
-#: www/account/13.php:41 www/account/13.php:89 www/account/43.php:90
-#: www/index/1.php:36
-msgid "Suffix"
-msgstr ""
-
-#: includes/account_stuff.php:190
-msgid "System Admin"
-msgstr ""
-
-#: www/help/6.php:7
-msgid "System will send you an email with a link in it, you just open the link in a webbrowser."
-msgstr ""
-
-#: includes/general.php:24 www/wot/6.php:99
-msgid "Temporary Increase"
-msgstr ""
-
-#: scripts/removedead.php:62
-msgid "Temporary points increase has expired."
-msgstr ""
-
-#: www/help/2.php:55
-msgid "Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure"
-msgstr ""
-
-#: www/account/38.php:23 www/index/13.php:23
-msgid "Thank you very much for your support, your donations help CAcert to continue to operate."
-msgstr ""
-
-#: www/index.php:314
-msgid "Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!"
-msgstr ""
-
-#: www/help/2.php:47
-msgid "That situation has changed, and Internet Explorer, being the most obvious example, now insists that any Certificate Authorities are 'audited' by an 'independent' organisation, the American Institute for Certified Public Accountant's (AICPA). So now, if you have the money needed (from US$75000 up to US$250000 and beyond) you can get these accountants, who clearly know a lot about money, to approve you as having the required technical infrastructure and business processes to be a Certificate Authority. And they get a nice wad of money for the pleasure. And the Certificate Authorities, having a kind of monopoly as a result, charge a lot for certificates and also get a nice wad of money. And everyone's happy."
-msgstr ""
-
-#: www/account/17.php:89 www/account/4.php:89
-msgid "The 1024-bit key generation failed. Would you like to try 512 instead?"
-msgstr ""
-
-#: www/help/3.php:31
-msgid "The Common Name is the fully qualified host and Domain Name or website address that you will be securing. Both 'www.CAcert.org' and 'secure.CAcert.com' are valid Common Names. IP addresses are usually not used."
-msgstr ""
-
-#: www/verify.php:46
-msgid "The ID or Hash has already been verified, or something weird happened."
-msgstr ""
-
-#: www/verify.php:90
-msgid "The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened."
-msgstr ""
-
-#: www/help/3.php:28
-msgid "The Organisational Unit field is the 'free' field. It is often the department or Server name for reference."
-msgstr ""
-
-#: includes/account.php:838
-msgid "The Pass Phrase you submitted was too short."
-msgstr ""
-
-#: www/index.php:94
-msgid "The Pass Phrase you submitted was too short. It must be at least 6 characters."
-msgstr ""
-
-#: www/help/2.php:59
-msgid "The Regulation of Investigational Powers Act (RIPA)&lt;/a&gt; ('Snooping Bill' official gov site, UK)"
-msgstr ""
-
-#: www/index/0.php:103
-msgid "The ability to assure other new CAcert users; contribute to the strengthening and broadening of the CAcert Web of Trust."
-msgstr ""
-
-#: includes/account.php:363
-msgid "The address you submitted isn't a valid authority address for the domain."
-msgstr ""
-
-#: www/index/8.php:1
-#, php-format
-msgid "The current %s board, and roles."
-msgstr ""
-
-#: includes/account.php:394
-#, php-format
-msgid "The domain '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."
-msgstr ""
-
-#: www/account/0.php:22
-msgid "The email account section is for adding/updating/removing email accounts which can be used to issue client certificates against. The client certificate section steps you through generating a certificate signing request for one or more emails you've registered in the email account section."
-msgstr ""
-
-#: includes/account.php:54
-#, php-format
-msgid "The email address '%s' has been added to the system, however before any certificates for this can be issued you need to open the link in a browser that has been sent to your email address."
-msgstr ""
-
-#: includes/account.php:86
-msgid "The following accounts have been removed:"
-msgstr ""
-
-#: includes/account.php:403
-msgid "The following domains have been removed:"
-msgstr ""
-
-#: www/index/0.php:104
-msgid "The number of assurance point you have will limit the maximum assurance points you can issue for people you assure."
-msgstr ""
-
-#: www/account/10.php:30 www/account/20.php:27
-msgid "Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people."
-msgstr ""
-
-#: www/help/2.php:62
-#, php-format
-msgid "The page has been reproduced on %s with explicit permission from %sthe author%s with the information being copyrighted to the author (name with held by request)"
-msgstr ""
-
-#: includes/account.php:1735
-#, php-format
-msgid "The password for %s has been updated successfully in the system."
-msgstr ""
-
-#: www/index/0.php:21
-msgid "The primary goals are:"
-msgstr ""
-
-#: www/help/2.php:15
-msgid "The purpose of digital signing is to prove, electronically, one's identity"
-msgstr ""
-
-#: www/help/2.php:27
-msgid "The reason digital signatures prepare us for encryption is that if everyone were setup to be able to generate their own digital signatures, it would be technically very easy to make the next step from digital signatures to encryption. And that would be great for privacy, the fight against spamming, and a safer Internet."
-msgstr ""
-
-#: www/help/7.php:6
-msgid "The requests sent to the root store, are stored in a file for another process triggered by cron to parse and sign them, then stored in a reply file to be sent back to the webserver. Causing things to be separated into different users, basic privilege separation stuff. So being actually able to hack the serial daemons will only at the VERY worst cause fraudulent certificates, not the root to be revealed."
-msgstr ""
-
-#: www/index/51.php:34
-msgid "The simplest and most effective thing you can do is spread the word, by telling your friends, colleagues and relatives about us and join."
-msgstr ""
-
-#: www/help/4.php:3
-msgid "Then the system will try to generate some very random numbers to get a secure key."
-msgstr ""
-
-#: www/help/6.php:3
-msgid "Then you need to generate a Certificate Signing Request, for more details go:"
-msgstr ""
-
-#: www/help/6.php:9
-msgid "Then you need to submit the contents from the CSR file to CAcert, you need to go:"
-msgstr ""
-
-#: www/account/40.php:37 www/index/11.php:37
-msgid "There are a number of other mailing lists CAcert runs, some are general discussion, others are technical (such as the development list) or platform specific help (such as the list for Apple Mac users)"
-msgstr ""
-
-#: www/account/16.php:42 www/account/3.php:54
-msgid "Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"
-msgstr ""
-
-#: www/wot.php:284
-msgid "There was an error and I couldn't proceed"
-msgstr ""
-
-#: www/help/0.php:25
-msgid "How does CAcert protect its root private key?"
-msgstr ""
-
-#: www/index/19.php:15
-msgid "Information"
-msgstr ""
-
-#: www/help/2.php:42
-msgid "There's nothing to it. I mean literally, you can already start sending your emails encrypted. Assuming of course you have your own digital signature certificate (e.g. as per above), and the person you want to send an encrypted email to also has a digital signature certificate, and has recently sent you a digitally signed email with it. If all these conditions hold, you just have to change the settings in your email software to send the email encrypted and hey presto! Your email software (probably Outlook I guess) should suss out the rest."
-msgstr ""
-
-#: www/index.php:272
-msgid "This email address is currently valid in the system."
-msgstr ""
-
-#: includes/account.php:1957 includes/account.php:1974
-#: includes/account.php:1984
-msgid "Your language setting has been updated."
-msgstr ""
-
-#: www/wot/6.php:32
-#, php-format
-msgid "This person already has %s assurance points. Any points you give this person may be rounded down, or they may not even get any points. If you have less then 150 points you will still receive 2 points for assuring them."
-msgstr ""
-
-#: pages/index/2.php:16
-msgid "Your information has been submitted into our system. You will now be sent an email with a web link, you need to open that link in your web browser within 24 hours or your information will be removed from our system!"
-msgstr ""
-
-#: www/help/2.php:46
-msgid "Thus, having now asked the question, you suppose that it's the people who make the browser software that have carefully decided who is a trustworthy Certificate Authority. Funnily enough, the mainstream browsers have not, historically, had public policies on how they decide whether a Certificate Authority gets added to their browser. All of the Certificate Authorities that have found themselves in the browser software, are big names, probably with big profits (so they must be doing a good job!)."
-msgstr ""
-
-#: www/wot/9.php:42
-msgid "To"
-msgstr ""
-
-#: www/help/5.php:1
-msgid "To be completed"
-msgstr ""
-
-#: www/wot/2.php:15
-msgid "To become an Assurer"
-msgstr ""
-
-#: www/index/51.php:17
-msgid "To create a Non-Profit Certificate Authority; an alternative to the commercial CAs."
-msgstr ""
-
-#: www/help/2.php:33
-msgid "To fully understand, read the section directly above. I am using a free Certificate Authority to provide me with the ability to digitally sign my emails. As a result, this Certificate Authority is not (yet) recognised by your email software as it is a new organisation that is not yet fully established, although it is probably being included in the Mozilla browser. If you choose to, you can go the their site at CAcert.org to install the root certificate. You may be told that the certificate is untrusted - that is normal and I suggest that you continue installation regardless. Be aware that this implies your acceptance that you trust their secure distribution and storing of digital signatures, such as mine. (You already do this all the time). The CAcert.org root certificate will then automatically provide the safe validation of my digital signature, which I have entrusted to them. Or you can simply decide that you've wasted your time reading this and do nothing (humbug!). Shame on you! :-)"
-msgstr ""
-
-#: www/help/3.php:2
-msgid "To generate a public and private key pair and CSR for a Microsoft IIS 5 Server:"
-msgstr ""
-
-#: www/help/2.php:21
-msgid "To get from computer Internet User A to Internet User B an email may pass through tens of anonymous computers on the Internet. These 'Internet infrastructure' computers are all free to inspect and change the contents of your email as they see fit. Governments systematically browse the contents of all emails going in/out/within their country, e.g. the"
-msgstr ""
-
-#: www/index/0.php:24
-msgid "To provide a trust mechanism to go with the security aspects of encryption."
-msgstr ""
-
-#: www/account/43.php:217 www/account/43.php:252 www/wot/10.php:44
-msgid "Total Points"
-msgstr ""
-
-#: www/wot/10.php:79
-msgid "Total Points Issued"
-msgstr ""
-
-#: www/account/24.php:29 www/account/27.php:32
-msgid "Town/Suburb"
-msgstr ""
-
-#: includes/general_stuff.php:76
-msgid "Translations"
-msgstr ""
-
-#: pages/index/8.php:4
-msgid "Public Officer"
-msgstr ""
-
-#: includes/account_stuff.php:205 includes/general.php:23 www/wot/4.php:15
-msgid "Trusted Third Parties"
-msgstr ""
-
-#: www/help/2.php:60
-msgid "U.K. e-mail snooping bill passed"
-msgstr ""
-
-#: www/help/2.php:21
-msgid "UK Government has done this since the year 2000"
-msgstr ""
-
-#: www/index.php:126
-msgid "Unable to match your details with any user accounts on file"
-msgstr ""
-
-#: www/help/3.php:5
-msgid "Under 'Administrative Tools', open the 'Internet Services Manager'. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on the particular website will open up its properties."
-msgstr ""
-
-#: www/help/0.php:12
-msgid "Unofficial FAQ/Wiki"
-msgstr ""
-
-#: www/account/2.php:34 www/account/9.php:40
-msgid "Unverified"
-msgstr ""
-
-#: www/account/13.php:123 www/account/27.php:48 www/account/29.php:35
-#: www/account/41.php:36 www/wot/8.php:35
-msgid "Update"
-msgstr ""
-
-#: www/account/29.php:28
-#, php-format
-msgid "Update Domain for %s"
-msgstr ""
-
-#: www/account/36.php:28
-msgid "Update My Settings"
-msgstr ""
-
-#: www/account/14.php:36
-msgid "Update Pass Phrase"
-msgstr ""
-
-#: www/verify.php:55 www/verify.php:97
-msgid "Updated"
-msgstr ""
-
-#: www/account/12.php:48 www/account/18.php:48 www/account/18.php:59
-#: www/account/22.php:48 www/account/22.php:59 www/account/5.php:52
-msgid "Valid"
-msgstr ""
-
-#: www/stats.php:43
-msgid "Valid Certificates"
-msgstr ""
-
-#: www/index/0.php:55 www/index/0.php:65 www/index/0.php:75 www/index/0.php:85
-#: www/index/0.php:95 www/index/0.php:105 www/index/0.php:115
-msgid "Verification needed"
-msgstr ""
-
-#: www/account/2.php:32 www/account/9.php:38
-msgid "Verified"
-msgstr ""
-
-#: www/stats.php:20 www/account/43.php:175
-msgid "Verified Domains"
-msgstr ""
-
-#: www/stats.php:16
-msgid "Verified Emails"
-msgstr ""
-
-#: www/stats.php:12
-msgid "Verified Users"
-msgstr ""
-
-#: pages/index/8.php:3
-msgid "President"
-msgstr ""
-
-#: includes/account_stuff.php:150 includes/account_stuff.php:154
-#: includes/account_stuff.php:158 includes/account_stuff.php:162
-#: includes/account_stuff.php:167 includes/account_stuff.php:171
-#: includes/account_stuff.php:177 includes/account_stuff.php:186
-msgid "View"
-msgstr ""
-
-#: includes/account_stuff.php:177
-msgid "View Organisations"
-msgstr ""
-
-#: www/account/29.php:23 www/account/30.php:23
-msgid "Warning!"
-msgstr ""
-
-#: www/index/1.php:15 www/index/4.php:19
-msgid "Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result."
-msgstr ""
-
-#: www/capnew.php:1025
-msgid "driver license"
-msgstr ""
-
-#: www/capnew.php:1117
-msgid "email address as e.g. john.family@gmail.com"
-msgstr ""
-
-#: www/capnew.php:1331
-msgid "date of assurance"
-msgstr ""
-
-#: www/capnew.php:1025
-msgid "certificate"
-msgstr ""
-
-#: includes/account.php:1609
-#, php-format
-msgid "Wasn't able to match '%s' against any user in the system"
-msgstr ""
-
-#: www/account/39.php:34 www/index/10.php:34
-msgid "We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user."
-msgstr ""
-
-#: www/verify.php:124
-msgid "Your domain has been verified. You can now start issuing certificates for this domain."
-msgstr ""
-
-#: www/wot.php:439
-msgid "Your email has been sent to"
-msgstr ""
-
-#: pages/wot/7-old.php:174
-msgid "Your details have been updated."
-msgstr ""
-
-#: www/account/39.php:42 www/index/10.php:42
-msgid "We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer."
-msgstr ""
-
-#: www/help/2.php:56
-msgid "WebTrust for Certification Authorities"
-msgstr ""
-
-#: www/account.php:27 www/account.php:36 www/cps.php:3 www/gpg.php:160
-#: www/gpg.php:179 www/help.php:20 www/index.php:105 www/index.php:342
-#: www/index.php:353 www/index.php:362 www/logos.php:3 www/news.php:20
-#: www/stats.php:3
-msgid "Welcome to CAcert.org"
-msgstr ""
-
-#: www/account/0.php:16
-msgid "Welcome to your account section of the website. Below is a description of the different sections and what they're for."
-msgstr ""
-
-#: www/index/0.php:46
-msgid "What can CAcert provide to you, to increase your privacy and security for free?"
-msgstr ""
-
-#: www/help/2.php:2 www/help/2.php:14
-msgid "What is it for?"
-msgstr ""
-
-#: www/index/51.php:30
-msgid "When and Where?"
-msgstr ""
-
-#: www/help/3.php:67
-msgid "When you have read this information, click 'Finish'."
-msgstr ""
-
-#: pages/wot/13.php:67
-#, php-format
-msgid "Your current location is set as: %s"
-msgstr ""
-
-#: includes/account.php:109
-#, php-format
-msgid "Your default email address has been updated to '%s'."
-msgstr ""
-
-#: includes/account.php:1033
-msgid "Your details have been updated with the database."
-msgstr ""
-
-#: www/account/43.php:194 www/account/43.php:229 www/wot/10.php:23
-#: www/wot/10.php:56
-msgid "Who"
-msgstr ""
-
-#: www/index/51.php:19
-msgid "Who?"
-msgstr ""
-
-#: www/help/2.php:3 www/help/2.php:19
-msgid "Why digitally sign your own emails?! (weirdo..)"
-msgstr ""
-
-#: www/help/2.php:6 www/help/2.php:32
-msgid "Why is the digital signature described as 'not valid/not trusted'?"
-msgstr ""
-
-#: www/help/2.php:5 www/help/2.php:29
-msgid "Why isn't it being adopted by everyone?"
-msgstr ""
-
-#: www/help/7.php:7
-msgid "Why use serial you ask? Well certificate requests are low bandwidth for starters, then of course simpler systems in security are less prone to exploits, and finally serial code is pretty mature and well tested and hopefully all exploits were found and fixed a long time ago."
-msgstr ""
-
-#: www/index/51.php:23
-msgid "Why?"
-msgstr ""
-
-#: www/help/7.php:8
-msgid "With the proposed root certificate changes, there would be a new root, this would sign at least 1 sub-root, then the private key stored offline in a bank vault, with the sub-root doing all the signing, or alternatively 2 sub-roots, 1 for client certificates, one for server, the thinking behind this, if any of the sub-roots are compromised they can be revoked and reissued."
-msgstr ""
-
-#: www/account/36.php:25 www/index/1.php:114
-msgid "Within 200km Announcements"
-msgstr ""
-
-#: includes/account_stuff.php:182
-msgid "WoT Form"
-msgstr ""
-
-#: www/cap.php:64 www/ttp.php:128 www/wot/6.php:66
-msgid "YYYY-MM-DD"
-msgstr ""
-
-#: www/account/50.php:29
-msgid "Yes"
-msgstr ""
-
-#: www/account/39.php:52 www/index/10.php:52
-msgid "You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link"
-msgstr ""
-
-#: www/account/19.php:44 www/account/6.php:42
-msgid "You are about to install a certificate, if you are using mozilla/netscape based browsers you will not be informed that the certificate was installed successfully, you can go into the options dialog box, security and manage certificates to view if it was installed correctly however."
-msgstr ""
-
-#: www/wot.php:54
-msgid "You are never allowed to Assure yourself!"
-msgstr ""
-
-#: www/wot.php:68
-msgid "You are only allowed to Assure someone once!"
-msgstr ""
-
-#: www/help/2.php:45
-msgid "You are putting your trust in people you don't know!"
-msgstr ""
-
-#: scripts/removedead.php:56
-msgid "You are receiving this email because you had a temporary increase to 200 points. This has since expired and you have been reduced to 150 points."
-msgstr ""
-
-#: www/wot.php:230
-#, php-format
-msgid "You are receiving this email because you have assured %s %s (%s)."
-msgstr ""
-
-#: www/wot.php:206
-#, php-format
-msgid "You are receiving this email because you have been assured by %s %s (%s)."
-msgstr ""
-
-#: includes/general_stuff.php:112 includes/tverify_stuff.php:78
-msgid "Further Information"
-msgstr ""
-
-#: www/index/7.php:26
-msgid "Has been involved in translating this website into Portuguese"
-msgstr ""
-
-#: www/index/7.php:24
-msgid "Has put a lot of time and effort into promoting and assuring people in Brazil and South America, and for helping to translate this site into Portuguese"
-msgstr ""
-
-#: www/index.php:586 www/index.php:593
-msgid "This seems like potential spam, cannot continue."
-msgstr ""
-
-#: www/index.php:572 www/index.php:579
-msgid "This seems like you have cookies or Javascript disabled, cannot continue."
-msgstr ""
-
-#: includes/general_stuff.php:74
-msgid "CAcert Board"
-msgstr ""
-
-#: www/account/40.php:22 www/index/11.php:22
-msgid "You can alternatively use the form below, however joining the list is the prefered option to support your queries"
-msgstr ""
-
-#: includes/account.php:346 includes/account.php:617 includes/account.php:629
-#: includes/account.php:718 includes/account.php:833 includes/account.php:1259
-#: includes/account.php:1308 includes/account.php:1514
-#: includes/account.php:1567 includes/account.php:2233
-#, php-format
-msgid "Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."
-msgstr ""
-
-#: pages/help/3.php:48
-msgid "Your country, state and city."
-msgstr ""
-
-#: www/index/0.php:53
-msgid "You can send digitally signed/encrypted emails; others can send encrypted emails to you."
-msgstr ""
-
-#: includes/account.php:68
-msgid "You currently don't have access to the email address you selected, or you haven't verified it yet."
-msgstr ""
-
-#: www/wot.php:133
-msgid "You didn't list a valid sponsor for this action."
-msgstr ""
-
-#: includes/account.php:1362 includes/account.php:1566
-#: includes/account.php:1686
-msgid "You don't have access to this area."
-msgstr ""
-
-#: pages/account/40.php:68 pages/index/11.php:68
-msgid "Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on &lt;a href='https://bugs.cacert.org/'&gt;bugs.cacert.org&lt;/a&gt; and mark it as private."
-msgstr ""
-
-#: www/wot.php:92 www/wot.php:99
-msgid "You failed to check all boxes to validate your adherence to the rules and policies of CAcert"
-msgstr ""
-
-#: includes/account.php:842
-msgid "You failed to correctly enter your current Pass Phrase."
-msgstr ""
-
-#: www/wot.php:109
-msgid "You failed to enter a location of your meeting."
-msgstr ""
-
-#: www/index.php:97
-msgid "You failed to get all answers correct or you didn't configure enough lost password questions for your account. System admins have been notified."
-msgstr ""
-
-#: www/gpg.php:24
-msgid "You failed to paste a valid GPG/PGP key."
-msgstr ""
-
-#: www/index/0.php:113
-msgid "You get a vote in how CAcert (a non-profit association incorporated in Australia) is run; be eligible for positions on the CAcert board."
-msgstr ""
-
-#: www/help/3.php:21
-msgid "You have now created a public/private key pair. The private key is stored locally on your machine. The public portion is sent to CAcert in the form of a CSR."
-msgstr ""
-
-#: www/gpg.php:166
-msgid "Your certificate request has failed to be processed correctly, please try submitting it again."
-msgstr ""
-
-#: pages/help/2.php:30
-msgid "Your browser includes special digital (root) certificates from a number of these 'Certificate Authorities' by default, and all web sites use certificates that are validated by one of these companies, which you as a user implicitly trust every time you go to the secure part of a web site. (You might ask, who validates the security of the Certificate Authorities, and why should you trust them?!"
-msgstr ""
-
-#: www/disputes.php:107
-msgid "Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID. Your attempt has been logged and the request will be removed from the system as a result."
-msgstr ""
-
-#: www/disputes.php:110
-msgid "Your attempt to accept or reject a disputed email is invalid due to the hash string not matching with the email ID."
-msgstr ""
-
-#: www/disputes.php:198
-msgid "Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID. Your attempt has been logged and the request will be removed from the system as a result."
-msgstr ""
-
-#: www/index.php:231
-msgid "Your account has not been verified yet, please check your email account for the signup messages."
-msgstr ""
-
-#: www/wot.php:415
-msgid "Your account information has been updated."
-msgstr ""
-
-#: www/disputes.php:201
-msgid "Your attempt to accept or reject a disputed domain is invalid due to the hash string not matching with the domain ID."
-msgstr ""
-
-#: www/verify.php:66
-msgid "Your account and/or email address has been verified. You can now start issuing certificates for this address."
-msgstr ""
-
-#: includes/account.php:1072 www/index.php:117
-msgid "Your Pass Phrase has been updated and your primary email account has been notified of the change."
-msgstr ""
-
-#: pages/account/40.php:31 pages/account/40.php:54 pages/index/11.php:31
-#: pages/index/11.php:54
-msgid "Your Name"
-msgstr ""
-
-#: pages/account/40.php:32 pages/account/40.php:55 pages/index/11.php:32
-#: pages/index/11.php:55
-msgid "Your Email"
-msgstr ""
-
-#: www/verify.php:42
-msgid "You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system"
-msgstr ""
-
-#: www/wot.php:344
-msgid "You've been Assured."
-msgstr ""
-
-#: pages/account/43.php:287 pages/wot/10.php:40
-msgid "Your Assurance Points"
-msgstr ""
-
-#: www/wot.php:360
-msgid "You've Assured Another Member."
-msgstr ""
-
-#: www/verify.php:101
-msgid "You've attempted to verify the same domain a fourth time with an invalid hash, subsequantly this request has been deleted in the system"
-msgstr ""
-
-#: pages/help/3.php:29
-msgid "You'll prepare the request now, but you can only submit the request via the online request forms. We do not accept CSRs via email."
-msgstr ""
-
-#: pages/help/4.php:22
-msgid "You will then be asked to enter information about your company into the certificate. Below is a valid example:"
-msgstr ""
-
-#: pages/help/3.php:80
-msgid "You will see a confirmation screen."
-msgstr ""
-
-#: pages/help/3.php:37
-msgid "You will now create a CSR. This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. The following characters must be excluded from your CSR fields, or your certificate may not work:"
-msgstr ""
-
-#: pages/index/19.php:77
-msgid "You will need to be issued 100 points by meeting with existing assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents; OR if it is too difficult to meet up with existing assurers in your area, meet with two Trusted Third Party assurers (notary public, justice of the peace, lawyer, bank manager, accountant) to do the verifying."
-msgstr ""
-
-#: www/wot.php:320
-#, php-format
-msgid "You were issued %s points however the system has rounded this down to %s and you now have %s points in total."
-msgstr ""
-
-#: www/wot.php:212
-msgid "You tried to give a temporary points increase to someone that already has more then 150 points. Can't continue."
-msgstr ""
-
-#: includes/account.php:1964
-msgid "You tried to use an invalid language."
-msgstr ""
-
-#: www/wot.php:322
-#, php-format
-msgid "You were issued %s points and you now have %s points in total."
-msgstr ""
-
-#: includes/account.php:233
-msgid "You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request."
-msgstr ""
-
-#: pages/help/6.php:19
-msgid "You then need to add the domain you have control of to your account, which you can do:"
-msgstr ""
-
-#: pages/help/2.php:29
-msgid "You see this all the time on the Internet - every time you go to a secure page on a web site, for example to enter personal details, or to make a purchase, every day you browse web sites that have been digitally signed by a Certificate Authority that is accepted as having the authority to sign it. This is all invisible to the user, except that you may be aware that you are entering a secure zone (e.g. SSL and HTTPS)."
-msgstr ""
-
-#: www/disputes.php:269
-msgid "You only dispute the primary email address of an account if there is no longer any email addresses or domains linked to it."
-msgstr ""
-
-#: www/wot.php:326
-msgid "You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years."
-msgstr ""
-
-#: www/wot.php:196
-msgid "You must enter the number of points you wish to allocate to this person."
-msgstr ""
-
-#: pages/wot/3.php:21
-msgid "You must meet the applicant in person;"
-msgstr ""
-
-#: pages/wot/3.php:22
-msgid "You must sight at least one form of government issued photo identification. It's preferable if 2 forms of Government issued photo ID are presented, as less points may be issued if there is any doubt on the person by the person issuing points;"
-msgstr ""
-
-#: pages/account/17.php:17 pages/account/19.php:57 pages/account/4.php:17
-#: pages/account/6.php:55
-msgid "You must enable ActiveX for this to work."
-msgstr ""
-
-#: pages/index/19.php:57
-msgid "You must confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address listed in the whois record, or one of the RFC-mandatory addresses (hostmaster/postmaster/etc)."
-msgstr ""
-
-#: www/analyse.php:25
-msgid "Analyse"
-msgstr ""
-
-#: includes/account.php:840 www/index.php:100
-#, php-format
-msgid "The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."
-msgstr ""
-
-#: www/src-lic.php:20
-msgid "CAcert Source License"
-msgstr ""
-
-#: www/index/7.php:25
-msgid "Did a substantial amount of work on the previous website design, and has been floating about on the mailing lists often giving invaluble insight into what we should be doing better."
-msgstr ""
-
-#: includes/account.php:25 includes/account.php:302
-msgid "Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses."
-msgstr ""
-
-#: www/help/9.php:28
-msgid "Firstly you need mod-ssl and apache setup (this is beyond the scope of this FAQ item and you will need to search on google etc for LAMP setup information). I recommend mod-ssl over apache-ssl because it means you need less resources to achieve the same result."
-msgstr ""
-
-#: www/help/0.php:26 www/help/9.php:26
-msgid "How can I do a single sign on similar to CAcert using client certificates?"
-msgstr ""
-
-#: www/index/1.php:17
-msgid "In light of the number of people having issues with making up a password we have the following suggestions:"
-msgstr ""
-
-#: www/index/17.php:142
-msgid "Install a Root Certificate using Internet Explorer and the CEnroll ActiveX control. This avoids the Microsoft Certificate Installation wizard and all of its complexity and extra screens for users. This however will ONLY work for Microsoft Internet Explorer."
-msgstr ""
-
-#: includes/general_stuff.php:111
-msgid "Mission Statement"
-msgstr ""
-
-#: www/help/9.php:30
-msgid "Once you have everything setup and working you will need to add lines similar to below to your apache.conf"
-msgstr ""
-
-#: www/help/9.php:49
-msgid "Once you have everything working and you've tested sending a client certificate to your site and you're happy all is well you can start adding code to PHP (or any other language you like that can pull server environment information). At present I only have PHP code available and the example is in PHP"
-msgstr ""
-
-#: www/help/9.php:47
-msgid "Please note, you will need to alter the paths, hostname and IP of the above example, which is just that an example! The SSLCACertificateFile directive is supposed to point to a file with the root certificate you wish to verify your client certificates against, for the CAcert website we obviously only accept certificates issued by our own website and use our root certificate to initially verify this."
-msgstr ""
-
-#: includes/general_stuff.php:69
-msgid "RSS News Feed"
-msgstr ""
-
-#: www/help/2.php:67
-msgid "The point is, as the current situation holds, you should be wary of anyone making decisions for you (i.e. pre-installed certificates in your browser), and you should be weary of anyone else's certificates that you install. But at the end of the day, it all boils down to trust. If an independent Certificate Authority seems to be reputable to you, and you can find evidence to support this claim, there's no reason why you shouldn't trust it any less than you implicitly trust the people who have already made mistakes."
-msgstr ""
-
-#: www/wot.php:233
-msgid "You listed an invalid sponsor for this action."
-msgstr ""
-
-#: pages/wot/3.php:38
-msgid "You may charge a fee for your expenses if the applicant has been advised of the amount prior to the meeting."
-msgstr ""
-
-#: pages/index/19.php:27
-msgid "You must confirm it is your email address by responding to a 'ping' email sent to it."
-msgstr ""
-
-#: includes/account_stuff.php:153 includes/general_stuff.php:48
-#: includes/tverify_stuff.php:34
-msgid "Free digital certificates!"
-msgstr ""
-
-#: www/wot.php:353
-#, php-format
-msgid "You issued %s points and they now have %s points in total."
-msgstr ""
-
-#: www/wot.php:351
-#, php-format
-msgid "You issued %s points however the system has rounded this down to %s and they now have %s points in total."
-msgstr ""
-
-#: www/wot.php:49
-msgid "A reminder notice has been sent."
-msgstr ""
-
-#: includes/account_stuff.php:214 www/disputes/0.php:19
-msgid "Abuses"
-msgstr ""
-
-#: www/disputes/4.php:26 www/disputes/6.php:26
-msgid "Accept Dispute"
-msgstr ""
-
-#: www/wot/10.php:19
-msgid "Assurer Ranking"
-msgstr ""
-
-#: www/index/16.php:24 www/index/3.php:24
-msgid "CAcert's GPG Key"
-msgstr ""
-
-#: www/account/52.php:39
-msgid "Certificate Subject"
-msgstr ""
-
-#: pages/index/47.php:10
-msgid "As described in the Style Guide, the monochrome version of the logo must be used in situations where the logo colours cannot be reproduced correctly."
-msgstr ""
-
-#: www/account/52.php:48
-msgid "Comment"
-msgstr ""
-
-#: includes/account.php:478 includes/account.php:491 includes/account.php:592
-#: includes/account.php:1238 includes/account.php:1251
-#: includes/account.php:1859 includes/account.php:1884
-msgid "CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."
-msgstr ""
-
-#: www/account/52.php:42
-msgid "Current Points"
-msgstr ""
-
-#: www/disputes/6.php:16
-#, php-format
-msgid "Currently the domain '%s' is in dispute, you have been sent an email to resolve the issue, below you have the option to accept, reject or report the request as fraudulent."
-msgstr ""
-
-#: www/disputes/4.php:16
-#, php-format
-msgid "Currently the email '%s' is in dispute, you have been sent an email to resolve the issue, below you have the option to accept, reject or report the request as fraudulent."
-msgstr ""
-
-#: www/account/1.php:31 www/account/7.php:33
-msgid "Currently we only issue certificates for Punycode domains if the person requesting them has code signing attributes attached to their account, as these have potentially slightly higher security risk."
-msgstr ""
-
-#: pages/account/53.php:84
-msgid "aliases"
-msgstr ""
-
-#: www/index/1.php:18
-msgid "To get a password that will work, we suggest the following example"
-msgstr ""
-
-#: www/disputes/2.php:20
-msgid "Dispute Domain"
-msgstr ""
-
-#: www/disputes.php:286 www/disputes.php:420
-msgid "Dispute Probe"
-msgstr ""
-
-#: www/disputes/0.php:17
-msgid "Disputes"
-msgstr ""
-
-#: www/disputes/0.php:15
-msgid "Disputes and Abuse Reporting"
-msgstr ""
-
-#: includes/account_stuff.php:213
-msgid "Disputes/Abuses"
-msgstr ""
-
-#: includes/account_stuff.php:214 www/disputes.php:138 www/disputes.php:147
-#: www/disputes.php:154 www/disputes.php:181 www/disputes.php:195
-#: www/disputes.php:205 www/disputes.php:215 www/disputes.php:299
-#: www/disputes.php:309 www/disputes.php:319 www/disputes.php:328
-#: www/disputes.php:377 www/disputes.php:422 www/disputes/2.php:15
-#: www/disputes/6.php:15 www/disputes/6.php:20
-msgid "Domain Dispute"
-msgstr ""
-
-#: www/disputes.php:399
-msgid "Domain Dispute!"
-msgstr ""
-
-#: www/disputes.php:428
-msgid "Domain and Email Disputes"
-msgstr ""
-
-#: pages/account/3.php:82
-msgid "By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."
-msgstr ""
-
-#: pages/index/8.php:4
-msgid "Treasurer"
-msgstr ""
-
-#: includes/account.php:50 includes/account.php:402 www/index.php:293
-msgid "Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid"
-msgstr ""
-
-#: includes/account_stuff.php:214 www/disputes.php:28 www/disputes.php:39
-#: www/disputes.php:46 www/disputes.php:90 www/disputes.php:104
-#: www/disputes.php:114 www/disputes.php:124 www/disputes.php:226
-#: www/disputes.php:235 www/disputes.php:246 www/disputes.php:256
-#: www/disputes.php:268 www/disputes.php:288 www/disputes/1.php:15
-#: www/disputes/4.php:15 www/disputes/4.php:20
-msgid "Email Dispute"
-msgstr ""
-
-#: www/disputes/1.php:27 www/disputes/2.php:28
-msgid "File Dispute"
-msgstr ""
-
-#: www/index/7.php:22
-msgid "For much of the art work that exists on the website, t-shirt designs, much of the organisational work for Usenix '04, as well as a few published articles and written documents."
-msgstr ""
-
-#: www/index/16.php:23 www/index/3.php:23
-msgid "GPG Key"
-msgstr ""
-
-#: www/account/40.php:20 www/index/11.php:20
-msgid "General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question."
-msgstr ""
-
-#: www/capnew.php:1001
-msgid "abbreviated:"
-msgstr ""
-
-#: www/help/0.php:21
-msgid "Generating a new key pair and CSR for IIS 5.0"
-msgstr ""
-
-#: www/help/0.php:24
-msgid "How do I get a server certificate from CAcert?"
-msgstr ""
-
-#: includes/account_stuff.php:162
-msgid "My Points"
-msgstr ""
-
-#: www/index/7.php:21
-msgid "He's constantly helping out on the support list, building up documentation and all round nice guy, he was even offered a free book and turned down the offer until there is a book on CAcert available!"
-msgstr ""
-
-#: www/account/52.php:49
-msgid "I agree with this Application"
-msgstr ""
-
-#: www/account/52.php:50
-msgid "I don't agree with this Application"
-msgstr ""
-
-#: www/disputes/0.php:18
-msgid "If you want to dispute who has control of your email address or domain, select 'Dispute Email' or 'Dispute Domain' on the right hand side."
-msgstr ""
-
-#: www/disputes/0.php:20
-msgid "If you would like to report an abuse of our certificates that breaches our policies please select the Abuse menu on the right."
-msgstr ""
-
-#: www/disputes/2.php:16
-msgid "If your dispute is successful the domain will be removed from the current account and any certificates will be revoked."
-msgstr ""
-
-#: www/disputes/1.php:16
-msgid "If your dispute is successful you will have the email address removed from the system, you will need add the email address as per usual afterwards. The email will be removed from the current account and any certificates will be revoked."
-msgstr ""
-
-#: www/disputes.php:91 www/disputes.php:115 www/disputes.php:182
-#: www/disputes.php:206
-msgid "Invalid request. Can't continue."
-msgstr ""
-
-#: includes/tverify_stuff.php:39
-msgid "Main Website"
-msgstr ""
-
-#: includes/account_stuff.php:214
-msgid "More Information"
-msgstr ""
-
-#: www/account/52.php:37
-msgid "Name on file"
-msgstr ""
-
-#: www/account/11.php:36
-msgid "No additional information will be included on certificates because it can not be automatically checked by the system."
-msgstr ""
-
-#: www/disputes.php:300
-msgid "Not a valid Domain. Can't continue."
-msgstr ""
-
-#: www/account/52.php:40
-msgid "Notary URL"
-msgstr ""
-
-#: includes/account_stuff.php:198
-msgid "Organisation Assurance"
-msgstr ""
-
-#: www/wot/11.php:19
-msgid "Organisational Assurance"
-msgstr ""
-
-#: www/wot/11.php:22
-msgid "Organisation Title"
-msgstr ""
-
-#: www/index/16.php:28 www/index/3.php:28
-msgid "PKI finger/thumb print signed by the CAcert GPG Key"
-msgstr ""
-
-#: www/account/52.php:41
-msgid "Photo ID URL"
-msgstr ""
-
-#: www/disputes/0.php:16
-msgid "Please select the most appropriate section to report your problem."
-msgstr ""
-
-#: www/account/52.php:43
-msgid "Potential Points"
-msgstr ""
-
-#: www/account/52.php:38
-msgid "Primary email address"
-msgstr ""
-
-#: www/wot/1.php:133
-msgid "Email Me"
-msgstr ""
-
-#: www/disputes/4.php:23 www/disputes/6.php:23
-msgid "Reject Dispute"
-msgstr ""
-
-#: www/account/11.php:40
-msgid "Rejected"
-msgstr ""
-
-#: www/disputes/4.php:29 www/disputes/6.php:29
-msgid "Report Dispute as Abuse"
-msgstr ""
-
-#: www/account/52.php:36
-msgid "Request Details"
-msgstr ""
-
-#: www/index/0.php:75
-msgid "Same as above plus get 100 assurance points by meeting with multiple assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents."
-msgstr ""
-
-#: www/wot/5.php:20
-msgid "Send reminder notice"
-msgstr ""
-
-#: www/disputes.php:310
-#, php-format
-msgid "The domain '%s' already exists in the dispute system. Can't continue."
-msgstr ""
-
-#: www/coapnew.php:1243
-msgid "The organisation assurer will check the trade office registry for company information (name, location, country of jurisdiction, director names, trade office Identification number, domain name ownership, and system admin reference). Any associated costs for this research will be reimborsed by the assurer from the organisation."
-msgstr ""
-
-#: www/disputes.php:423
-#, php-format
-msgid "The domain '%s' has been entered into the dispute system, the email address you choose will now be sent an email which will give the recipent the option of accepting or rejecting the request, if after 2 days we haven't received a valid response for or against we will discard the request."
-msgstr ""
-
-#: www/disputes.php:400
-#, php-format
-msgid "The domain '%s' isn't in the system. Can't continue."
-msgstr ""
-
-#: www/disputes.php:236
-#, php-format
-msgid "The email address '%s' already exists in the dispute system. Can't continue."
-msgstr ""
-
-#: www/wot/9.php:48
-#, php-format
-msgid "%s prefers to be contacted in %s"
-msgstr ""
-
-#: www/disputes.php:289
-#, php-format
-msgid "The email address '%s' has been entered into the dispute system, the email address will now be sent an email which will give the recipent the option of accepting or rejecting the request, if after 2 days we haven't received a valid response for or against we will discard the request."
-msgstr ""
-
-#: includes/account.php:2056
-msgid "The following comments were made by reviewers"
-msgstr ""
-
-#: www/account/11.php:38
-msgid "The following hostnames were rejected because the system couldn't link them to your account, if they are valid please verify the domains against your account."
-msgstr ""
-
-#: www/index/7.php:18
-msgid "The list of names are in no sense of order"
-msgstr ""
-
-#: includes/account.php:70
-#, php-format
-msgid "The email address '%s' is already in a different account. Can't continue."
-msgstr ""
-
-#: www/wot/2.php:17
-msgid "There are several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!)."
-msgstr ""
-
-#: www/account/51.php:27 www/account/52.php:59
-msgid "This UID has already been voted on."
-msgstr ""
-
-#: www/disputes.php:29 www/disputes.php:139
-msgid "This dispute no longer seems to be in the database, can't continue."
-msgstr ""
-
-#: www/disputes.php:76
-msgid "This was the primary email on the account, and no emails or domains were left linked so the account has also been removed from the system."
-msgstr ""
-
-#: www/logos.php:8
-#, php-format
-msgid "If you want to use the graphics and design, or you want to contribute something, please read the %sCAcert Styleguide%s"
-msgstr ""
-
-#: www/logos.php:7
-#, php-format
-msgid "On this page you find a number of logos to add to your website. Help CAcert to get some publicity by using a logo to link back to %s or to indicate that you or your website are using a CAcert certificates for security and privacy."
-msgstr ""
-
-#: www/account/43.php:101
-msgid "Tverify Account"
-msgstr ""
-
-#: www/account/11.php:48
-msgid "Unable to continue as no valid commonNames or subjectAltNames were present on your certificate request."
-msgstr ""
-
-#: includes/account.php:1997
-msgid "Unable to find a valid tverify request for this ID."
-msgstr ""
-
-#: www/account/51.php:29 www/account/52.php:61
-msgid "Unable to locate a valid request for that UID."
-msgstr ""
-
-#: includes/account.php:2075
-msgid "Unfortunately your request for a points increase has been denied, below is the comments from people that reviewed your request as to why they rejected your application."
-msgstr ""
-
-#: www/disputes/4.php:32 www/disputes/5.php:29 www/disputes/6.php:32
-msgid "Update Dispute"
-msgstr ""
-
-#: www/wot/2.php:26
-msgid "Upon receiving your documents you will be notified, and points will be added to your account."
-msgstr ""
-
-#: www/account/12.php:18 www/account/5.php:18
-msgid "View all certificates"
-msgstr ""
-
-#: www/disputes/1.php:20
-msgid "Which Email?"
-msgstr ""
-
-#: www/wot/6.php:40
-msgid "You are about to assure a person that isn't currently verified. If you continue and they do not verify their account within 48 hours the account could automatically be removed by the system."
-msgstr ""
-
-#: includes/account.php:2081
-msgid "You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again."
-msgstr ""
-
-#: www/disputes.php:257 www/disputes.php:329
-msgid "You aren't allowed to dispute your own email addresses. Can't continue."
-msgstr ""
-
-#: www/wot/2.php:19
-msgid "You can also become a CAcert Assurer by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:"
-msgstr ""
-
-#: www/wot.php:257
-msgid "You can list your location by going to:"
-msgstr ""
-
-#: includes/account.php:2010
-msgid "You have already voted on this request."
-msgstr ""
-
-#: www/disputes.php:416
-#, php-format
-msgid "You have been sent this email as the domain '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"
-msgstr ""
-
-#: www/disputes.php:282
-#, php-format
-msgid "You have been sent this email as the email address '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"
-msgstr ""
-
-#: www/wot/10.php:34
-#, php-format
-msgid "You have made %s assurances which ranks you as the #%s top assurer."
-msgstr ""
-
-#: www/disputes.php:155
-msgid "You have opted t