summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xCommModule/client.pl11
-rw-r--r--includes/account.php334
-rw-r--r--includes/general.php20
-rw-r--r--includes/loggedin.php4
-rw-r--r--includes/notary.inc.php313
-rw-r--r--pages/account/11.php86
-rw-r--r--pages/account/13.php6
-rw-r--r--pages/account/21.php74
-rw-r--r--pages/account/43.php115
-rw-r--r--pages/account/44.php12
-rw-r--r--pages/account/5.php2
-rw-r--r--pages/account/59.php395
-rw-r--r--pages/account/6.php22
-rw-r--r--pages/index/1.php7
-rw-r--r--pages/wot/10.php8
-rw-r--r--pages/wot/6.php2
-rw-r--r--scripts/53de-ate-amberg-email.txt93
-rw-r--r--scripts/53de-ate-amberg-mail.php.txt133
-rwxr-xr-xscripts/db_migrations/version3.sh98
-rwxr-xr-xscripts/db_migrations/version4.sh100
-rw-r--r--www/index.php20
-rw-r--r--www/styles/default.css13
-rw-r--r--www/wot.php9
23 files changed, 1276 insertions, 601 deletions
diff --git a/CommModule/client.pl b/CommModule/client.pl
index bf92b27..bd3eb02 100755
--- a/CommModule/client.pl
+++ b/CommModule/client.pl
@@ -834,8 +834,15 @@ sub HandleCerts($$)
my $days=$org?($server?(365*2):365):calculateDays($row{"memid"});
-
- $crt=Request($ver,1,1,$row{'rootcert'}-1,$profile,$row{'md'}eq"sha1"?2:0,$days,$row{'keytype'}eq"NS"?1:0,$content,$SAN,$subject);
+ my $md_id = 0;
+ $md_id = 1 if( $row{'md'} eq "md5");
+ $md_id = 2 if( $row{'md'} eq "sha1");
+ $md_id = 3 if( $row{'md'} eq "rmd160");
+ $md_id = 8 if( $row{'md'} eq "sha256");
+ $md_id = 9 if( $row{'md'} eq "sha384");
+ $md_id =10 if( $row{'md'} eq "sha512");
+
+ $crt=Request($ver,1,1,$row{'rootcert'}-1,$profile,$md_id,$days,$row{'keytype'}eq"NS"?1:0,$content,$SAN,$subject);
if(length($crt))
{
if($crt=~m/^-----BEGIN CERTIFICATE-----/)
diff --git a/includes/account.php b/includes/account.php
index 5544bdb..ec109ae 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -22,14 +22,70 @@
loadem("account");
- $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
- $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
- $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
+/**
+ * Build a subject string as needed by the signer
+ *
+ * @param array(string) $domains
+ * First domain is used as CN and repeated in subjectAltName. Duplicates
+ * should already been removed
+ *
+ * @param bool $include_xmpp_addr
+ * [default: true] Whether to include the XmppAddr in the subjectAltName.
+ * This is needed if the Jabber server is jabber.example.com but a Jabber ID
+ * on that server would be alice@example.com
+ *
+ * @return string
+ */
+function buildSubject(array $domains, $include_xmpp_addr = true) {
+ $subject = "/CN=${domains[0]}";
- $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']);
- $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
- $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
- $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);
+ foreach ($domains as $domain) {
+ $subject .= "/subjectAltName=DNS:$domain";
+
+ if ($include_xmpp_addr) {
+ $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain";
+ }
+ }
+
+ return $subject;
+}
+
+/**
+ * Builds the subject string from the session variables
+ * $_SESSION['_config']['rows'] and $_SESSION['_config']['altrows']
+ *
+ * @return string
+ */
+function buildSubjectFromSession() {
+ $domains = array();
+
+ if (is_array($_SESSION['_config']['rows'])) {
+ $domains = array_merge($domains, $_SESSION['_config']['rows']);
+ }
+
+ if (is_array($_SESSION['_config']['altrows']))
+ foreach ($_SESSION['_config']['altrows'] as $row) {
+ if (substr($row, 0, 4) === "DNS:") {
+ $domains[] = substr($row, 4);
+ }
+ }
+
+ return buildSubject(array_unique($domains));
+}
+
+ $id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0;
+ $oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
+ $process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : "";
+// $showdetalis refers to Secret Question and Answers from account/13.php
+ $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0;
+
+ $cert = array_key_exists('cert',$_REQUEST) ? intval($_REQUEST['cert']) : 0;
+ $orgid = array_key_exists('orgid',$_REQUEST) ? intval($_REQUEST['orgid']) : 0;
+ $memid = array_key_exists('memid',$_REQUEST) ? intval($_REQUEST['memid']) : 0;
+ $domid = array_key_exists('domid',$_REQUEST) ? intval($_REQUEST['domid']) : 0;
+ $ticketno = array_key_exists('ticketno',$_REQUEST) ? $_REQUEST['ticketno'] : "";
+ $ticketvalidation = FALSE;
+ $actionrequest = array_key_exists('action',$_REQUEST) ? $_REQUEST['action'] : "";
if(!$_SESSION['mconn'])
@@ -739,35 +795,8 @@
exit;
}
- $subject = "";
- $count = 0;
- $supressSAN=0;
- if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
+ $subject = buildSubjectFromSession();
- if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row)
- {
- $count++;
- if($count <= 1)
- {
- $subject .= "/CN=$row";
- if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
- if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
- } else {
- if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
- if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
- }
- }
- if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row)
- {
- if(substr($row, 0, 4) == "DNS:")
- {
- $row = substr($row, 4);
- if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
- if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
- }
- }
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
@@ -793,7 +822,6 @@
echo _("Domain not verified.");
showfooter();
exit;
-
}
mysql_query($query);
@@ -892,29 +920,7 @@
continue;
}
- $subject = "";
- $count = 0;
- if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row)
- {
- $count++;
- if($count <= 1)
- {
- $subject .= "/CN=$row";
- if(!strstr($subject, "=$row/") &&
- substr($subject, -strlen("=$row")) != "=$row")
- $subject .= "/subjectAltName=$row";
- } else {
- if(!strstr($subject, "=$row/") &&
- substr($subject, -strlen("=$row")) != "=$row")
- $subject .= "/subjectAltName=$row";
- }
- }
- if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row)
- if(!strstr($subject, "=$row/") &&
- substr($subject, -strlen("=$row")) != "=$row")
- $subject .= "/subjectAltName=$row";
+ $subject = buildSubjectFromSession();
$subject = mysql_real_escape_string($subject);
mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
@@ -936,6 +942,7 @@
{
echo _("You did not select any certificates for renewal.");
}
+
showfooter();
exit;
}
@@ -1187,25 +1194,7 @@
exit;
}
-
- if($oldid == 6 && $_REQUEST['certid'] != "")
- {
- if(trim($_REQUEST['description']) != ""){
- $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
- }else{
- $description= "";
- }
-
- if(trim($_REQUEST['disablelogin']) == "1"){
- $disablelogin = 1;
- }else{
- $disablelogin = 0;
- }
-
- mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
- }
-
- if($oldid == 13 && $process != "")
+ if($oldid == 13 && $process != "" && $showdetails!="")
{
csrf_check("perschange");
$_SESSION['_config']['user'] = $_SESSION['profile'];
@@ -1270,7 +1259,7 @@
if($oldid == 13 && $process != "")
{
- $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted`=0 group by `to`";
$ddres = mysql_query($ddquery);
$ddrow = mysql_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
@@ -1313,18 +1302,20 @@
where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
}
- $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
- `Q2`='".$_SESSION['_config']['user']['Q2']."',
- `Q3`='".$_SESSION['_config']['user']['Q3']."',
- `Q4`='".$_SESSION['_config']['user']['Q4']."',
- `Q5`='".$_SESSION['_config']['user']['Q5']."',
- `A1`='".$_SESSION['_config']['user']['A1']."',
- `A2`='".$_SESSION['_config']['user']['A2']."',
- `A3`='".$_SESSION['_config']['user']['A3']."',
- `A4`='".$_SESSION['_config']['user']['A4']."',
- `A5`='".$_SESSION['_config']['user']['A5']."'
- where `id`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
+ if ($showdetails!="") {
+ $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
+ `Q2`='".$_SESSION['_config']['user']['Q2']."',
+ `Q3`='".$_SESSION['_config']['user']['Q3']."',
+ `Q4`='".$_SESSION['_config']['user']['Q4']."',
+ `Q5`='".$_SESSION['_config']['user']['Q5']."',
+ `A1`='".$_SESSION['_config']['user']['A1']."',
+ `A2`='".$_SESSION['_config']['user']['A2']."',
+ `A3`='".$_SESSION['_config']['user']['A3']."',
+ `A4`='".$_SESSION['_config']['user']['A4']."',
+ `A5`='".$_SESSION['_config']['user']['A5']."'
+ where `id`='".$_SESSION['profile']['id']."'";
+ mysql_query($query);
+ }
//!!!Should be rewritten
$_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
@@ -1340,7 +1331,7 @@
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
$_SESSION['profile']['loggedin'] = 1;
- $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted`=0 group by `to`";
$ddres = mysql_query($ddquery);
$ddrow = mysql_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
@@ -1459,7 +1450,6 @@
if($oldid == 16 && $process != "")
{
-
if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
{
$_REQUEST['codesign'] = 1;
@@ -1962,20 +1952,7 @@
//if($org['contact'])
// $csrsubject .= "/emailAddress=".trim($org['contact']);
- if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row)
- $csrsubject .= "/commonName=$row";
- $SAN="";
- if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $subalt)
- {
- if($SAN != "")
- $SAN .= ",";
- $SAN .= "$subalt";
- }
-
- if($SAN != "")
- $csrsubject .= "/subjectAltName=".$SAN;
+ $csrsubject .= buildSubjectFromSession();
$type="";
if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
@@ -2701,18 +2678,16 @@
}
//check if ticket number was entered
- if ( $id== 43 or $oldid==43) {
- $ticketno = 0;
- $ticketvalidation = FALSE;
- if ($_REQUEST['ticketno']) {
+ if ( $id == 43 || $oldid == 43 || $id == 44 || $oldid == 44 ) {
+ if ($ticketno != "" ) {
$ticketno = mysql_real_escape_string(trim($_REQUEST['ticketno']));
$ticketvalidation = valid_ticket_number($ticketno);
}
- $_SESSION['ticketno']=$ticketno;
+ $_SESSION['ticketno'] = $ticketno;
}
- if($oldid == 43 && $_REQUEST['action'] == "updatedob" && $ticketvalidation==TRUE)
+ if($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == TRUE)
{
$id = 43;
$oldid=0;
@@ -2726,16 +2701,23 @@
$userid = intval($_REQUEST['userid']);
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
mysql_query($query);
- write_se_log($userid, $_SESSION['profile']['id'],'AD Name/DOB Change',$ticketno);
- }else{
- $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+ write_se_log($userid, $_SESSION['profile']['id'],'SE Name/DOB Change',$ticketno);
+ }elseif($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == FALSE){
+ $id = 43;
+ $oldid=0;
+ $_SESSION['ticketmsg']='No action (name/dob change) taken. Ticket number is missing!';
}
- if($oldid == 43 && $_REQUEST['action'] == 'revokecert')
+ if($oldid == 43 && $actionrequest == 'revokecert' && $ticketvalidation == TRUE)
{
$userid = intval($_REQUEST['userid']);
revoke_all_private_cert($userid);
+ write_se_log($userid, $_SESSION['profile']['id'], 'SE Revoke all certificates',$ticketno);
$id=43;
+ }elseif($oldid == 43 && $actionrequest == "revokecert" && $ticketvalidation == FALSE){
+ $id = 43;
+ $oldid=0;
+ $_SESSION['ticketmsg']='No certificates revokes. Ticket number is missing!';
}
if($oldid == 48 && $_REQUEST['domain'] == "")
@@ -2761,7 +2743,7 @@
$_REQUEST['email'] = $row['email'];
}
- if($oldid == 44 && $ticketvalidation==TRUE)
+ if($oldid == 44 && $ticketvalidation == TRUE)
{
showheader(_("My CAcert.org Account!"));
if(intval($_REQUEST['userid']) <= 0)
@@ -2781,11 +2763,12 @@
sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body,
"support@cacert.org", "", "", "CAcert Support");
- write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'AD reset password',$ticketno);
+ write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'SE reset password',$ticketno);
}
+
showfooter();
exit;
- }else{
+ }elseif($oldid == 44 && $ticketvalidation == FALSE){
$_SESSION['ticketmsg']='No password reset taken. Ticket number is missing!';
}
@@ -2890,12 +2873,12 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['tverify'];
mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change tverify status',$ticketno);
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change tverify status',$ticketno);
}else{
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
*/
- if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admsetassuret');
$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
@@ -2903,24 +2886,26 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['assurer'];
mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change assurer staus',$ticketno);
- }else{
- $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer status',$ticketno);
+ }elseif($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+ $_SESSION['ticketmsg']='No action (Change assurer status) taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['assurer_blocked'];
mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change assurer blocked status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer blocked status',$ticketno);
+ }elseif($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admactlock');
$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
@@ -2928,12 +2913,13 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locked'];
mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change locked status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change locked status',$ticketno);
+ }elseif($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['locked']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admcodesign');
$memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']);
@@ -2941,12 +2927,13 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['codesign'];
mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change codesign status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change codesign status',$ticketno);
+ }elseif($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['codesign']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admorgadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
@@ -2954,12 +2941,13 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['orgadmin'];
mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change org assuer status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change org assuer status',$ticketno);
+ }elseif($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admttpadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
@@ -2967,12 +2955,13 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['ttpadmin'];
mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change ttp admin status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change ttp admin status',$ticketno);
+ }elseif($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
$query = "select * from `users` where `id`='$memid'";
@@ -2981,24 +2970,26 @@
if($ver > 2)
$ver = 0;
mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change advertising admin status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change advertising admin status',$ticketno);
+ }elseif($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locadmin'];
mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change location admin status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change location admin status',$ticketno);
+ }elseif($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admsetadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['admin']);
@@ -3006,56 +2997,61 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['admin'];
mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change SE status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change SE status',$ticketno);
+ }elseif($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['admin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['general']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['general'];
mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change general status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change general status',$ticketno);
+ }elseif($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['general']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['country']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['country'];
mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change country status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change country status',$ticketno);
+ }elseif($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['country']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['regional']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['regional'];
mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change regional status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change regional status',$ticketno);
+ }elseif($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['regional']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['radius']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['radius'];
mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'AD Change radius status',$ticketno);
- }else{
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change radius status',$ticketno);
+ }elseif($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == false){
+ $_REQUEST['userid'] = intval($_REQUEST['radius']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
@@ -3083,18 +3079,21 @@
if (trim($_REQUEST['arbitrationno'])==""){
showheader(_("My CAcert.org Account!"));
echo _("You did not enter an arbitration number entry.");
+ printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
showheader(_("My CAcert.org Account!"));
printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
@@ -3103,16 +3102,19 @@
check_gpg_cert_running($_REQUEST['userid'],1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The CCA retention time for at least one certificate is not over. Can't continue."));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
if (check_is_orgadmin($_REQUEST['userid'],1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The user is listed as Organisation Administrator. Can't continue."));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
+ write_se_log($_REQUEST['userid'], $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno']));
}
if(($id == 51 || $id == 52 || $oldid == 52))
@@ -3239,11 +3241,11 @@
}
*/
if($id == 59){
- if ($oldid==43) {
- write_se_log($_REQUEST['userid'], $_SESSION['profile']['id'], 'View account history', $_REQUEST['ticketno']);
- $support=1;
- }ELSEIF ($oldid==13){
- $support=0;
+ if ($oldid == 43 && $_SESSION['profile']['admin'] == 1) {
+ write_se_log($_REQUEST['userid'], $_SESSION['profile']['id'], 'SE View account history', $_REQUEST['ticketno']);
+ $_SESSION['support']=1;
+ }ELSEIF ($oldid == 13 && $_REQUEST['userid'] == $_SESSION['profile']['id']){
+ $_SESSION['support']=0;
}ELSE{
showheader(_("My CAcert.org Account!"));
echo _("You do not have access to this page.");
diff --git a/includes/general.php b/includes/general.php
index d89c0e6..b1e1993 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -57,7 +57,7 @@
exit;
}
- if(array_key_exists('HTTP_HOST',$_SERVER) &&
+ if(array_key_exists('HTTP_HOST',$_SERVER) &&
($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] ||
$_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify']))
{
@@ -82,7 +82,7 @@
$locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'"));
if($locked['locked'] == 0)
{
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted`=0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
@@ -169,19 +169,19 @@
$points++;
//echo "Points due to length and charset: $points<br/>";
-
+
// check for historical password proposal
if ($pwd === "Fr3d Sm|7h") {
return 0;
}
-
+
return $points;
}
function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
{
$points = checkpwlight($pwd);
-
+
if(@strstr(strtolower($pwd), strtolower($email)))
$points--;
@@ -232,7 +232,7 @@
{
$bits = explode(": ", $_SESSION['_config']['subject'], 2);
$bits = str_replace(", ", "|", str_replace("/", "|", array_key_exists('1',$bits)?$bits['1']:""));
- $bits = explode("|", $bits);
+ $bits = explode("|", $bits);
$_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0;
$_SESSION['_config']['OU'] = "";
@@ -557,7 +557,7 @@
$fp = @fsockopen($domain,25,$errno,$errstr,5);
if($fp)
{
-
+
$line = fgets($fp, 4096);
while(substr($line, 0, 4) == "220-")
$line = fgets($fp, 4096);
@@ -662,7 +662,7 @@
return $ticket;
}
- function sanitizeHTML($input)
+ function sanitizeHTML($input)
{
return htmlentities(strip_tags($input), ENT_QUOTES);
//In case of problems, please use the following line again:
@@ -732,7 +732,7 @@
$text=preg_replace("/[^\w-.@]/","",$text);
return($text);
}
-
+
// returns text message to be shown to the user given the result of is_no_assurer
function no_assurer_text($Status)
@@ -775,7 +775,7 @@
$name="../$type/$kind/".intval($id/1000)."/$kind-".intval($id).".$type";
if (!is_dir("../csr")) { mkdir("../csr",0777); }
if (!is_dir("../crt")) { mkdir("../crt",0777); }
-
+
if (!is_dir("../csr/$kind")) { mkdir("../csr/$kind",0777); }
if (!is_dir("../crt/$kind")) { mkdir("../crt/$kind",0777); }
if (!is_dir("../csr/$kind/".intval($id/1000))) { mkdir("../csr/$kind/".intval($id/1000)); }
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 4f9b8e8..03de18c 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -49,7 +49,7 @@
else
unset($_SESSION['profile']);
}
-
+
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
{
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
@@ -113,7 +113,7 @@
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
{
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted`=0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index 83709c1..0695450 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -35,7 +35,7 @@
function get_number_of_assurances ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
+ WHERE `method` = 'Face to Face Meeting' AND `deleted`=0 AND `from`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
@@ -44,7 +44,7 @@
function get_number_of_ttpassurances ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
+ WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `deleted`=0 AND `to`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
@@ -53,7 +53,7 @@
function get_number_of_assurees ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
+ WHERE `method` = 'Face to Face Meeting' AND `deleted`=0 AND `to`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
@@ -75,27 +75,49 @@
return intval(query_get_number_of_rows($res)+1);
}
- function get_given_assurances ($userid)
+ /**
+ * get_given_assurances()
+ * returns the list of assurances given by the user
+ * @param mixed $userid - user id for the account for report
+ * @param integer $log - for log output = 1
+ * @return
+ */
+ function get_given_assurances ($userid, $log=0)
{
- $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
+ $deleted='';
+ if ($log == 0) {
+ $deleted = ' and `deleted` = 0 ';
+ }
+ $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc");
return $res;
}
- function get_received_assurances ($userid)
+ /**
+ * get_received_assurances()
+ * returns the list of assurances received by the user
+ * @param mixed $userid - user id for the account for report
+ * @param integer $log - for log output = 1
+ * @return
+ */
+ function get_received_assurances ($userid, $log=0)
{
- $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
+ $deleted='';
+ if ($log == 0) {
+ $deleted = ' and `deleted` = 0 ';
+ }
+ $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc ");
return $res;
}
function get_given_assurances_summary ($userid)
{
- $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
+ $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' AND `deleted`=0 group by points,awarded,method");
return $res;
}
function get_received_assurances_summary ($userid)
{
- $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
+ $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' AND `deleted`=0 group by points,awarded,method");
return $res;
}
@@ -286,7 +308,7 @@
<?
}
- function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
+ function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked, $ticketno)
{
$tdstyle="";
@@ -333,7 +355,7 @@
<?
} else {
?>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
}
}
@@ -381,7 +403,7 @@
// ************* output given assurances ******************
- function output_given_assurances_content($userid,&$points,&$sum_experience,$support)
+ function output_given_assurances_content($userid,&$points,&$sum_experience,$support, $ticketno)
{
$points = 0;
$sumexperience = 0;
@@ -392,13 +414,13 @@
$apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
$email = show_email_link ($fromuser['email'],intval($row['to']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked, $ticketno);
}
}
// ************* output received assurances ******************
- function output_received_assurances_content($userid,&$points,&$sum_experience,$support)
+ function output_received_assurances_content($userid,&$points,&$sum_experience,$support, $ticketno)
{
$points = 0;
$sumexperience = 0;
@@ -409,7 +431,7 @@
calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
$email = show_email_link ($fromuser['email'],intval($row['from']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked, $ticketno);
}
}
@@ -591,17 +613,17 @@
return $issue_points;
}
- function output_given_assurances($userid,$support=0)
+ function output_given_assurances($userid, $support=0, $ticketno='')
{
output_assurances_header(_("Assurance Points You Issued"),$support);
- output_given_assurances_content($userid,$points,$sum_experience,$support);
+ output_given_assurances_content($userid,$points,$sum_experience,$support, $ticketno);
output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support);
}
- function output_received_assurances($userid,$support=0)
+ function output_received_assurances($userid,$support=0, $ticketno='')
{
output_assurances_header(_("Your Assurance Points"),$support);
- output_received_assurances_content($userid,$points,$sum_experience,$support);
+ output_received_assurances_content($userid,$points,$sum_experience,$support, $ticketno);
output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience,$support);
}
@@ -639,10 +661,16 @@
$res = mysql_query($query);
}
+ /**
+ * get_user_agreement_status()
+ * returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded
+ * @param mixed $memid
+ * @param string $type
+ * @return
+ */
function get_user_agreement_status($memid, $type="CCA"){
- //returns 0 - no user agreement, 1- at least one entry
$query="SELECT u.`document` FROM `user_agreements` u
- WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ;
+ WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ;
$res = mysql_query($query);
if(mysql_num_rows($res) <=0){
return 0;
@@ -651,43 +679,41 @@
}
}
+ /**
+ * get_first_user_agreement()
+ * returns the first user_agreement entry of the requested type depending on thes status of active of a given user
+ * @param mixed $memid
+ * @param integer $active, 0 - passive, 1 -active
+ * @param string $type
+ * @return
+ */
function get_first_user_agreement($memid, $active=1, $type="CCA"){
//returns an array (`document`,`date`,`method`, `comment`,`active`)
- if($active==1){
- $filter="u.`memid`=".$memid;
- }else{
- $filter="u.`secmemid`=".$memid;
- }
- $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u
- WHERE u.`document` = '".$type."' AND ".$filter."
- ORDER BY u.`date` Limit 1;";
+ $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
+ WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) . " AND u.`active`=" . intval($active) .
+ " ORDER BY u.`date` Limit 1;";
$res = mysql_query($query);
if(mysql_num_rows($res) >0){
- $row = mysql_fetch_assoc($res);
- $rec['document']= $row['document'];
- $rec['date']= $row['date'];
- $rec['method']= $row['method'];
- $rec['comment']= $row['comment'];
- $rec['active']= $row['active'];
+ $rec = mysql_fetch_assoc($res);
}else{
$rec=array();
}
return $rec;
}
+ /**
+ * get_last_user_agreement()
+ * returns the last user_agreement entry of a given type and of a given user
+ * @param mixed $memid
+ * @param string $type
+ * @return
+ */
function get_last_user_agreement($memid, $type="CCA"){
//returns an array (`document`,`date`,`method`, `comment`,`active`)
- $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
- union
- (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
+ $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM user_agreements u WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND (u.`memid`=" . intval($memid) . " ) order by `date` desc limit 1 " ;
$res = mysql_query($query);
if(mysql_num_rows($res) >0){
- $row = mysql_fetch_assoc($res);
- $rec['document']= $row['document'];
- $rec['date']= $row['date'];
- $rec['method']= $row['method'];
- $rec['comment']= $row['comment'];
- $rec['active']= $row['active'];
+ $rec = mysql_fetch_assoc($res);
}else{
$rec=array();
}
@@ -705,10 +731,20 @@ function get_user_agreement($memid){
return mysql_query($query);
}
- function delete_user_agreement($memid, $type="CCA"){
- //deletes all entries to an user for the given type of user agreements
- mysql_query("delete from `user_agreements` where `memid`='".$memid."'");
- mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'");
+ /**
+ * delete_user_agreement()
+ * deletes all entries for a given type from user_agreement of a given user, if type is not given all
+ * @param mixed $memid
+ * @param string $type
+ * @return
+ */
+ function delete_user_agreement($memid, $type=false){
+ if ($type === false) {
+ $filter = '';
+ } else {
+ $filter = " and `document` = '" . mysql_real_escape_string($type) . "'";
+ }
+ mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
}
// functions for 6.php (assure somebody)
@@ -905,11 +941,6 @@ function get_user_agreement($memid){
}
//change personal information to arbitration number and DOB=1900-01-01
- $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
- $details = mysql_fetch_assoc(mysql_query($query));
- $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
- `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
- mysql_query($query);
$query = "update `users` set `fname`='".$arbno."',
`mname`='".$arbno."',
`lname`='".$arbno."',
@@ -1138,8 +1169,8 @@ function write_se_log($uid, $adminid, $type, $info){
$adminid = intval($adminid);
$type = mysql_real_escape_string($type);
$info = mysql_real_escape_string($info);
- $query="insert into `adminlog` (`when`, `uid`, `admind`,`type`,`information`) values
- (Now(), $uid, $adminid, '$type', '$info'";
+ $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values
+ (Now(), $uid, $adminid, '$type', '$info')";
mysql_query($query);
}
@@ -1268,8 +1299,8 @@ function get_se_log($userid){
* @param integer $viewall- states if expired certs should be visible , default = 0 - not visible
* @return
*/
+//add to account/5.php
function get_client_certs($userid,$viewall=0){
- //add to account/5.php
$userid = intval($userid);
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
@@ -1366,17 +1397,17 @@ function output_log_email_header(){
function output_log_email($row,$primary){
$italic='';
$bold='';
- if (0==$row['deleted']) {
- $italic='italic ';
+ if ($row['deleted'] > 0) {
+ $italic=' italic';
}
- if ($primary==$row['email']) {
- $bold= 'bold ';
+ if ($primary==$row['email'] && $row['deleted'] == 0) {
+ $bold= ' bold';
}
?>
<tr>
- <td class="DataTD <? $bold . $italic ?>"><?=$row['email']?></td>
- <td class="DataTD <? $bold . $italic ?>"><?=$row['created']?></td>
- <td class="DataTD <? $bold . $italic ?>"><?=$row['deleted']?></td>
+ <td class="DataTD<?= $bold . $italic ?>"><?=$row['email']?></td>
+ <td class="DataTD<?= $bold . $italic ?>"><?=$row['created']?></td>
+ <td class="DataTD<?= $bold . $italic ?>"><?=$row['deleted']?></td>
</tr>
<?
}
@@ -1428,7 +1459,7 @@ function output_log_agreement_header(){
<td class="DataTD bold"><?= _("Agreement") ?></td>
<td class="DataTD bold"><?= _("Date") ?></td>
<td class="DataTD bold"><?= _("Method") ?></td>
- <td class="DataTD bold"><?= _("Comment") ?></td>
+ <td class="DataTD bold"><?= _("Active ") ?></td>
</tr>
<?
}
@@ -1445,7 +1476,7 @@ function output_log_agreement($row){
<td class="DataTD" ><?=$row['document']?></td>
<td class="DataTD" ><?=$row['date']?></td>
<td class="DataTD" ><?=$row['method']?></td>
- <td class="DataTD"><?= ($row['active']==0)? _('No'):_('Yes')?></td>
+ <td class="DataTD"><?= ($row['active']==0)? _('passive'):_('active')?></td>
</tr>
<?
}
@@ -1534,8 +1565,8 @@ function output_log_se($row, $support=0){
* @return
*/
function output_client_cert_header($support=0){
- ?>
//should be added to account/5.php
+ ?>
<tr>
<?if ($support !=1) { ?>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@@ -1630,8 +1661,8 @@ function output_client_cert($row, $support=0){
* @return
*/
function output_log_server_certs_header($support=0){
- ?>
//should be entered in account/12.php
+ ?>
<tr>
<?if ($support !=1) { ?>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@@ -1707,7 +1738,7 @@ function output_gpg_certs_header($support=0){
<td class="DataTD"><?=_("Email Address")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Key ID")?></td>
- <?if (1==$support) { ?>
+ <?if ($support !=1) { ?>
<td colspan="2" class="DataTD"><?=_("Comment *")?></td>
<? }?>
</tr>
@@ -1733,7 +1764,7 @@ function output_gpg_certs($row, $support=0){
<tr>
<? if($verified == _("Valid")) { ?>
<td class="DataTD"><?=$verified?></td>
- <?if (1==$support) { ?>
+ <?if ($support !=1) { ?>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
<? } else { ?>
<td class="DataTD"><?=$row['email']?></td>
@@ -1743,22 +1774,160 @@ function output_gpg_certs($row, $support=0){
<td class="DataTD"><?=$row['email']?></td>
<? } else { ?>
<td class="DataTD"><?=$verified?></td>
- <?if (1==$support) { ?>
+ <?if ($support !=1) { ?>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
<? } else { ?>
<td class="DataTD"><?=$row['email']?></td>
<? } ?>
<? } ?>
<td class="DataTD"><?=$row['expires']?></td>
- <?if (1==$support) { ?>
+ <?if ($support != 1) { ?>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
<? } else { ?>
<td class="DataTD"><?=$row['keyid']?></td>
<? } ?>
- <?if (1==$support) { ?>
+ <?if ($support !=1) { ?>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
<? } ?>
</tr>
<?
}
+
+/**
+ * output_log_given_assurances()
+ * returns the list of all given assurances
+ * @param mixed $userid - user id for the output
+ * @param integer $support - support view = 1
+ * @return
+ */
+function output_log_given_assurances($userid, $support=0)
+{
+ output_assurances_header(_("Assurance given"),$support);
+ output_log_given_assurances_content($userid, $support);
+}
+
+/**
+ * output_log_given_assurances_content()
+ *
+ * @param mixed $userid
+ * @param mixed $support
+ * @return
+ */
+function output_log_given_assurances_content($userid, $support)
+{
+ $res = get_given_assurances(intval($userid), 1);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $fromuser = get_user (intval($row['to']));
+ $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
+ $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
+ $email = show_email_link ($fromuser['email'],intval($row['to']));
+ $revoked = '';
+ if ($row['date'] != 0) {
+ $revoked = $row['deleted'];
+ }
+ output_log_assurances_row(intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ }
+}
+
+/**
+ * output_log_received_assurances()
+ *
+ * @param mixed $userid
+ * @param integer $support
+ * @return
+ */
+function output_log_received_assurances($userid, $support=0)
+{
+ output_assurances_header(_("Assurance received"), $support);
+ output_log_received_assurances_content($userid, $support);
+}
+
+/**
+ * output_log_received_assurances_content()
+ *
+ * @param mixed $userid
+ * @param mixed $support
+ * @param mixed $points
+ * @param mixed $sum_experience
+ * @param mixed $ticketno
+ * @return
+ */
+function output_log_received_assurances_content($userid, $support)
+{
+ $res = get_received_assurances(intval($userid), 1);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $fromuser = get_user (intval($row['from']));
+ calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked);
+ $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
+ $email = show_email_link ($fromuser['email'],intval($row['from']));
+ $revoked = '';
+ if ($row['date'] != 0) {
+ $revoked = $revoked = $row['deleted'];
+ }
+ output_log_assurances_row(intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ }
+}
+
+/**
+ * output_log_assurances_row()
+ *
+ * @param mixed $assuranceid
+ * @param mixed $date
+ * @param mixed $when
+ * @param mixed $email
+ * @param mixed $name
+ * @param mixed $awarded
+ * @param mixed $points
+ * @param mixed $location
+ * @param mixed $method
+ * @param mixed $experience
+ * @param mixed $userid
+ * @param mixed $support
+ * @param mixed $revoked
+ * @return
+ */
+function output_log_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
+{
+
+ $tdstyle="";
+ $emopen="";
+ $emclose="";
+
+ if ($awarded == $points)
+ {
+ if ($awarded == "0")
+ {
+ if ($when < "2006-09-01")
+ {
+ $tdstyle="style='background-color: #ffff80'";
+ $emopen="<em>";
+ $emclose="</em>";
+ }
+ }
+ }
+ ?>
+ <tr>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
+ <?
+ if ($support == "1")
+ {
+ ?>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
+ <?
+ }
+ ?>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$revoked?><?=$emclose?></td>
+ </tr>
+ <?
+}
+
diff --git a/pages/account/11.php b/pages/account/11.php
index 4e070cb..5f94122 100644
--- a/pages/account/11.php
+++ b/pages/account/11.php
@@ -15,39 +15,61 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
+
<p>
-<?=_("Please make sure the following details are correct before proceeding any further.")?>
+<?=_("Please make sure the following details are correct before proceeding ".
+ "any further.")?>
</p>
-<?// print_r($_SESSION['_config']['altrows']); ?>
+
+<p><?
+if (is_array($_SESSION['_config']['rows'])) {
+ foreach ($_SESSION['_config']['rows'] as $row) {
+ echo _("CommonName"), ": $row<br>\n";
+ }
+}
+
+if (is_array($_SESSION['_config']['altrows'])) {
+ foreach ($_SESSION['_config']['altrows'] as $row) {
+ echo _("subjectAltName"), ": $row<br>\n";
+ }
+}
+?></p>
+
<p>
-<? if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row) { ?>
-<?=_("CommonName")?>: <?=$row?><br>
-<? } ?>
-<? if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row) { ?>
-<?=_("subjectAltName")?>: <?=$row?><br>
-<? } ?>
-<? if(1 == 0) { ?>
-<?=_("Organisation")?>: <?=$_SESSION['_config']['O']?><br>
-<?=_("Org. Unit")?>: <?=$_SESSION['_config']['OU']?><br>
-<?=_("Location")?>: <?=$_SESSION['_config']['L']?><br>
-<?=_("State/Province")?>: <?=$_SESSION['_config']['ST']?><br>
-<?=_("Country")?>: <?=$_SESSION['_config']['C']?><br>
-<?=_("Email Address")?>: <?=$_SESSION['_config']['emailAddress']?><br>
-<? } ?>
-<?=_("No additional information will be included on certificates because it can not be automatically checked by the system.")?>
-<? if(array_key_exists('rejected',$_SESSION['_config']) && is_array($_SESSION['_config']['rejected'])) { ?>
-<br><br><?=_("The following hostnames were rejected because the system couldn't link them to your account, if they are valid please verify the domains against your account.")?><br>
-<? foreach($_SESSION['_config']['rejected'] as $row) { ?>
-<?=_("Rejected")?>: <a href="account.php?id=7&amp;newdomain=<?=$row?>"><?=$row?></a><br>
-<? } } ?>
-<? if(is_array($_SESSION['_config']['rows']) || is_array($_SESSION['_config']['altrows'])) { ?>
-<form method="post" action="account.php">
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
-<? } else { ?>
-<br><br><b><?=_("Unable to continue as no valid commonNames or subjectAltNames were present on your certificate request.")?></b>
-<? } ?>
+<?=_("No additional information will be included on certificates because it ".
+ "can not be automatically checked by the system.")?>
</p>
+
+<p><?
+if (array_key_exists('rejected',$_SESSION['_config']) &&
+ is_array($_SESSION['_config']['rejected'])) {
+ echo _("The following hostnames were rejected because the system couldn't ".
+ "link them to your account, if they are valid please verify the ".
+ "domains against your account."), "<br>\n";
+
+ foreach ($_SESSION['_config']['rejected'] as $row) {
+ echo _("Rejected");
+ echo ": <a href='account.php?id=7&amp;newdomain=$row'>$row</a><br>\n";
+ }
+}
+?></p>
+
+<?
+if (is_array($_SESSION['_config']['rows']) ||
+ is_array($_SESSION['_config']['altrows'])) {
+ ?>
+ <form method="post" action="account.php">
+ <p>
+ <input type="submit" name="process" value="<?=_("Submit")?>">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ </p>
+ </form>
+ <?
+} else {
+ ?>
+ <p>
+ <b><?=_("Unable to continue as no valid commonNames or ".
+ "subjectAltNames were present on your certificate request.")?></b>
+ </p>
+ <?
+}
diff --git a/pages/account/13.php b/pages/account/13.php
index 7aa95f1..7e2adfc 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -23,7 +23,8 @@
$year = intval(substr($user['dob'], 0, 4));
$month = intval(substr($user['dob'], 5, 2));
$day = intval(substr($user['dob'], 8, 2));
- $showdetails = array_key_exists('showdetails', $_REQUEST) && !!intval($_REQUEST['showdetails']);
+ $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0;
+
if($showdetails){
$body = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
$body .= _("You receive this automatic mail since you yourself or someone ".
@@ -123,7 +124,7 @@
</tr>
<? } ?>
<tr>
- <td colspan="2" class="title"><a href="account.php?id=59&amp;userid=<?=$_SESSION['profile']['id']?>"><?=_('Show account history')?></a></td>
+ <td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=$_SESSION['profile']['id']?>"><?=_('Show account history')?></a></td>
</tr>
<tr>
<td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=!$showdetails?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
@@ -163,6 +164,7 @@
<td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td>
</tr>
<tr>
+ <input type="hidden" name="showdetails" value="1" />
<? } ?>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
</tr>
diff --git a/pages/account/21.php b/pages/account/21.php
index 6c3786b..75827fb 100644
--- a/pages/account/21.php
+++ b/pages/account/21.php
@@ -14,41 +14,57 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- $org = $_SESSION['_config']['row'];
- if($org['id'] <= 0)
- $org = $_SESSION['_config']['altrow'];
+*/
+
+$org = $_SESSION['_config']['row'];
+if ($org['id'] <= 0) {
+ $org = $_SESSION['_config']['altrow'];
+}
?>
-<p>
-<?=_("Please make sure the following details are correct before proceeding any further.")?>
-</p>
<p>
-<? if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row) { ?>
-<?=_("CommonName")?>: <?=$row?><br>
-<? } ?>
-<? if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row) { ?>
-<?=_("subjectAltName")?>: <?=$row?><br>
-<? } ?>
-<?=_("Organisation")?>: <?=$org['O']?><br>
-<?=_("Org. Unit")?>: <?=($_SESSION['_config']['OU'])?><br>
-<?=_("Location")?>: <?=$org['L']?><br>
-<?=_("State/Province")?>: <?=$org['ST']?><br>
-<?=_("Country")?>: <?=$org['C']?><br>
+<?=_("Please make sure the following details are correct before proceeding ".
+ "any further.")?>
+</p>
+<p><?
+if (is_array($_SESSION['_config']['rows'])) {
+ foreach ($_SESSION['_config']['rows'] as $row) {
+ echo _("CommonName"), ": $row<br>\n";
+ }
+}
-<form method="post" action="account.php">
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+if (is_array($_SESSION['_config']['altrows'])) {
+ foreach ($_SESSION['_config']['altrows'] as $row) {
+ echo _("subjectAltName"), ": $row<br>\n";
+ }
+}
+echo _("Organisation"), ": {$org['O']}<br>\n";
+echo _("Org. Unit"), ": {$_SESSION['_config']['OU']}<br>\n";
+echo _("Location"), ": {$org['L']}<br>\n";
+echo _("State/Province"), ": {$org['ST']}<br>\n";
+echo _("Country"), ": {$org['C']}<br>\n";
+?>
-<? if($_SESSION['profile']['admin'] == 1) { ?>
-<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
-<input type="checkbox" name="ocspcert" value="OCSPCert"/> <?=_("OCSP certificate")?>
-<? } ?>
+<form method="post" action="account.php">
+ <p>
+ <input type="submit" name="process" value="<?=_("Submit")?>">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ </p>
+
+ <?
+ if ($_SESSION['profile']['admin'] == 1) {
+ ?>
+ <p>
+ <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
+ <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
+ <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
+ <input type="checkbox" name="ocspcert" value="OCSPCert"/>
+ <?=_("OCSP certificate")?>
+ </p>
+ <?
+ }
+ ?>
</form>
-</p>
diff --git a/pages/account/43.php b/pages/account/43.php
index 686a61b..73fb071 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -21,29 +21,15 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$ticketno='';
$ticketvalidation=FALSE;
-//check if an assurance should be deleted
-if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
-{
- $assurance = mysql_real_escape_string(intval($_REQUEST['assurance']));
- $row = 0;
- $res = mysql_query("select `to` from `notary` where `id`='$assurance' and `deleted` = 0");
- if ($res) {
- $row = mysql_fetch_assoc($res);
- }
- mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'");
- if ($row) {
- fix_assurer_flag($row['to']);
- }
-}
if (isset($_SESSION['ticketno'])) {
- $ticketno=$_SESSION['ticketno'];
- $ticketvalidation=TRUE;
+ $ticketno = $_SESSION['ticketno'];
+ $ticketvalidation = valid_ticket_number($ticketno);
}
if (isset($_SESSION['ticketmsg'])) {
- $ticketmsg=$_SESSION['ticketmsg'];
+ $ticketmsg = $_SESSION['ticketmsg'];
} else {
- $ticketmsg='';
+ $ticketmsg = '';
}
// search for an account by email search, if more than one is found display list to choose
@@ -139,20 +125,20 @@ if(intval($_REQUEST['userid']) > 0) {
//display account data
//deletes an assurance
- if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation==true)
+ if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
{
$assurance = mysql_escape_string(intval($_REQUEST['assurance']));
- $row = 0;
+ $trow = 0;
$res = mysql_query("select `to` from `notary` where `id`='$assurance'");
if ($res) {
- $row = mysql_fetch_assoc($res);
+ $trow = mysql_fetch_assoc($res);
}
- mysql_query("delete from `notary` where `id`='$assurance'");
- if ($row) {
- fix_assurer_flag($row['to']);
- write_se_log($uid, $adminid, 'AD assurance revoke', $ticketno);
+ mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'");
+ if ($trow) {
+ fix_assurer_flag($trow['to']);
+ write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno);
}
- } else {
+ } elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) {
$ticketmsg=_('No assurance revoked. Ticket number is missing!');
}
@@ -169,7 +155,7 @@ if(intval($_REQUEST['userid']) > 0) {
<td class="DataTD"><input type="text" name="ticketno" value="<?=$ticketno?>"/></td>
</tr>
<tr>
- <td colspan="2" ><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
+ <td colspan="2" class="DataTDError"><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
</tr>
<tr>
<td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
@@ -260,75 +246,75 @@ if(intval($_REQUEST['userid']) > 0) {
</tr>
<tr>
<td class="DataTD"><?=_("Is Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>&amp;ticketno=<?=$ticketno?>"><?=$row['assurer']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Blocked Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>&amp;ticketno=<?=$ticketno?>"><?=$row['assurer_blocked']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Account Locking")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>&amp;ticketno=<?=$ticketno?>"><?=$row['locked']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Code Signing")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>&amp;ticketno=<?=$ticketno?>"><?=$row['codesign']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Org Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['orgadmin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("TTP Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['ttpadmin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Location Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['locadmin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['admin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Ad Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
</tr>
<!-- presently not needed
<tr>
<td class="DataTD"><?=_("Tverify Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['tverify']?></a></td>
</tr>
-->
<tr>
<td class="DataTD"><?=_("General Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['general']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Country Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['country']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Regional Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['regional']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['radius']?></a></td>
</tr>
<? //change password, view secret questions and delete account section ?>
<tr>
<td class="DataTD"><?=_("Change Password")?>:</td>
- <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
+ <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=_("Change Password")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Delete Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
+ <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>&amp;ticketno=<?=$ticketno?>"><?=_("Delete Account")?></a></td>
</tr>
<?
// This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
- write_se_log($uid, $adminid, 'AD view lost password information', $ticketno);
+ write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno);
?>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
@@ -377,10 +363,15 @@ if(intval($_REQUEST['userid']) > 0) {
<td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes&amp;ticketno=<?=$ticketno?>"><?=_("Show Lost Password Details")?></a></td>
</tr>
<?
- }
+ } else {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes&amp;ticketno=<?=$ticketno?>"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <? }
// list assurance points
?>
@@ -392,20 +383,7 @@ if(intval($_REQUEST['userid']) > 0) {
// show account history
?>
<tr>
- <td class="DataTD" colspan="2"><a href="account.php?id=59&amp;userid=<?=intval($row['id'])?>"><?=_('Show account history')?></a></td>
- </tr>
- </table>
- <br/>
- <?
- //ticket number to track SE log
- ?>
- <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td td colspan="5" class="title"><?=_("Ticket/Arbitration No, needs to be entered to apply any changes")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_('Ticket/Arbitration No')?></td>
- <td class="DataTD"><input name="ticketno" /></td>
+ <td class="DataTD" colspan="2"><a href="account.php?id=59&amp;oldid=43&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=$ticketno?>"><?=_('Show account history')?></a></td>
</tr>
</table>
<br/>
@@ -952,6 +930,7 @@ if(intval($_REQUEST['userid']) > 0) {
<input type="hidden" name="oldid" value="43">
<input type="hidden" name="userid" value="<?=intval($userid)?>">
<input type="submit" value="<?=_('revoke certificates')?>">
+ <input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
</form>
</td>
</tr>
@@ -961,14 +940,14 @@ if(intval($_REQUEST['userid']) > 0) {
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td class="DataTD">
- <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
- (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
+ <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto&amp;ticketno=<?=$ticketno?>"><?=_("Show Assurances the user got")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15&amp;ticketno=<?=$ticketno?>"><?=_("New calculation")?></a>)
</td>
</tr>
<tr>
<td class="DataTD">
- <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
- (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
+ <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby&amp;ticketno=<?=$ticketno?>"><?=_("Show Assurances the user gave")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15&amp;ticketno=<?=$ticketno?>"><?=_("New calculation")?></a>)
</td>
</tr>
</table>
@@ -1008,7 +987,7 @@ if(intval($_REQUEST['userid']) > 0) {
<td class="DataTD"><?=intval($drow['points'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
</tr>
<?
}
@@ -1055,7 +1034,7 @@ if(intval($_REQUEST['userid']) > 0) {
<td class="DataTD"><?=$drow['points']?></td>
<td class="DataTD"><?=$drow['location']?></td>
<td class="DataTD"><?=$drow['method']?></td>
- <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
</tr>
<?
}
@@ -1080,10 +1059,10 @@ if(isset($_GET['shownotary'])) {
showassuredby();
break;
case 'assuredto15':
- output_received_assurances(intval($_GET['userid']),1);
+ output_received_assurances(intval($_GET['userid']),1,$ticketno);
break;
case 'assuredby15':
- output_given_assurances(intval($_GET['userid']),1);
+ output_given_assurances(intval($_GET['userid']),1, $ticketno);
break;
}
}
diff --git a/pages/account/44.php b/pages/account/44.php
index fd34612..0b4a9b9 100644
--- a/pages/account/44.php
+++ b/pages/account/44.php
@@ -15,7 +15,16 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); }
+
+$ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
+if (!valid_ticket_number($ticketno)) {
+ echo printf(_("I'm sorry, you did not enter a ticket number!%sYou cannot reset the password.%s"), '<br/>', '<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>');
+ showfooter();
+ exit;
+ }
+?>
+
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -35,4 +44,5 @@
</table>
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
</form>
diff --git a/pages/account/5.php b/pages/account/5.php
index 44763e2..934ca0c 100644
--- a/pages/account/5.php
+++ b/pages/account/5.php
@@ -91,7 +91,7 @@
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD">
- <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+ <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/>
<input type="hidden" name="cert_<?=$row['id']?>" value="1" />
</td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
diff --git a/pages/account/59.php b/pages/account/59.php
index f9aadab..7ad3f9d 100644
--- a/pages/account/59.php
+++ b/pages/account/59.php
@@ -1,30 +1,33 @@
<?/*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+
$colspandefault=2;
-//$userid = intval($_REQUEST['userid']);
+$userid = intval($_REQUEST['userid']);
$res =get_user_data($userid);
+
+
if(mysql_num_rows($res) <= 0)
{
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
- exit;
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ exit;
}
$row = mysql_fetch_assoc($res);
@@ -34,113 +37,121 @@ $mname = $row['mname'];
$lname = $row['lname'];
$suffix = $row['suffix'];
$dob = $row['dob'];
-$name = $fname." ".$mname." ".$lname." ".$suffix;
+$username = $fname." ".$mname." ".$lname." ".$suffix;
$email = $row['email'];
$alerts =get_alerts($userid);
-
-
-
+$support=0;
+if(intval($_REQUEST['oldid'])==43){
+ $support=$_SESSION['profile']['admin'];
+}
+$ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
+if (!valid_ticket_number($ticketno) && $support == 1) {
+ echo printf(_("I'm sorry, you did not enter a ticket number!%sSupport is not allowed to view the account history without a ticket number.%s"), '<br/>', '<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>');
+ showfooter();
+ exit;
+}
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="<? $colspandefault ?>" class="title"><?=sprintf(_('Account history of %s'),'username')?></td>
- </tr>
- <tr>
- <td colspan="<? $colspandefault ?>" class="title"><?=_('User actions')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_('User name')?></td>
- <td class="DataTD"><?=$name?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_('Date of Birth')?></td>
- <td class="DataTD"><?=$dob?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Is Assurer")?>:</td>
- <td class="DataTD"><?= ($row['assurer']==0)? _('No'):_('Yes')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
- <td class="DataTD"><?= ($row['assurer_blocked']==0)? _('No'):_('Yes')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Account Locking")?>:</td>
- <td class="DataTD"><?= ($row['locked']==0)? _('No'):_('Yes')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Code Signing")?>:</td>
- <td class="DataTD"><?= ($row['codesign']==0)? _('No'):_('Yes')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Org Assurer")?>:</td>
- <td class="DataTD"><?= ($row['orgadmin']==0)? _('No'):_('Yes')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("TTP Admin")?>:</td>
- <td class="DataTD"><?= $row['ttpadmin']._(' - 0 = none, 1 = TTP Admin, 2 = TTP TOPUP admin')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Location Admin")?>:</td>
- <td class="DataTD"><?= ($row['locadmin']==0)? _('No'):_('Yes')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Admin")?>:</td>
- <td class="DataTD"><?= ($row['admin']==0)? _('No'):_('Yes')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Ad Admin")?>:</td>
- <td class="DataTD"><?= $row['adadmin']._(' - 0 = none, 1 = submit, 2 = approve')?></td>
- </tr>
- <td class="DataTD"><?=_("General Announcements")?>:</td>
- <td class="DataTD"><?= ($alerts['general']==0)? _('No'):_('Yes')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Country Announcements")?>:</td>
- <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Regional Announcements")?>:</td>
- <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
- <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
- </tr>
+ <tr>
+ <td colspan="<?=$colspandefault ?>" class="title"><?=sprintf(_('Account history of %s'),$username)?></td>
+ </tr>
+ <tr>
+ <td colspan="<?=$colspandefault ?>" class="title"><?=_('User actions')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('User name')?></td>
+ <td class="DataTD"><?=$username?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Date of Birth')?></td>
+ <td class="DataTD"><?=$dob?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Is Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['assurer']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['assurer_blocked']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Account Locking")?>:</td>
+ <td class="DataTD"><?= ($row['locked']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Code Signing")?>:</td>
+ <td class="DataTD"><?= ($row['codesign']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Org Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['orgadmin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("TTP Admin")?>:</td>
+ <td class="DataTD"><?= $row['ttpadmin']._(' - 0 = none, 1 = TTP Admin, 2 = TTP TOPUP admin')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location Admin")?>:</td>
+ <td class="DataTD"><?= ($row['locadmin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Admin")?>:</td>
+ <td class="DataTD"><?= ($row['admin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Ad Admin")?>:</td>
+ <td class="DataTD"><?= $row['adadmin']._(' - 0 = none, 1 = submit, 2 = approve')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("General Announcements")?>:</td>
+ <td class="DataTD"><?= ($alerts['general']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Regional Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
</table>
<br/>
<?
$dres = get_email_address($userid,'',1);
if(mysql_num_rows($dres) > 0) {
?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="3" class="title"><?=_('Email addresses')?></td>
- </tr>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Email addresses')?></td>
+ </tr>
<?
-output_log_email_header();
-while($drow = mysql_fetch_assoc($dres))
-{
- output_log_email($drow,$email);
-} ?>
+ output_log_email_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_email($drow,$email);
+ } ?>
</table>
<br/>
-<?
+<?}
$dres = get_domains($userid,'',1);
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="3" class="title"><?=_('Domains')?></td>
- </tr>
+ <tr>
+ <td colspan="3" class="title"><?=_('Domains')?></td>
+ </tr>
<?
if(mysql_num_rows($dres) > 0) {
- output_log_domain_header();
- while($drow = mysql_fetch_assoc($dres))
- {
- output_log_domain($drow,$email);
- }
+ output_log_domains_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_domains($drow,$email);
+ }
}ELSE{?>
- <td colspan="3" ><?=_('no entry avialable')?></td>
+ <td colspan="3" ><?=_('no entry avialable')?></td>
<?}?>
</table>
<br/>
@@ -149,19 +160,19 @@ if(mysql_num_rows($dres) > 0) {
$dres = get_training_result($userid);
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="3" class="title"><?=_('Trainings')?></td>
- </tr>
+ <tr>
+ <td colspan="3" class="title"><?=_('Trainings')?></td>
+ </tr>
<?
-if(mysql_num_rows($dres) > 0) {
- output_log_training_header();
- while($drow = mysql_fetch_assoc($dres))
- {
- output_log_training($drow);
- }
-}ELSE{
- ?><td colspan="3" ><?=_('no entry avialable')?></td><?
-}?>
+ if(mysql_num_rows($dres) > 0) {
+ output_log_training_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_training($drow);
+ }
+ }ELSE{
+ ?><td colspan="3" ><?=_('no entry avialable')?></td><?
+ }?>
</table>
<br/>
@@ -169,90 +180,126 @@ if(mysql_num_rows($dres) > 0) {
$dres = get_user_agreement($userid,'',1);
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="4" class="title"><?=_('User agreements')?></td>
- </tr>
+ <tr>
+ <td colspan="4" class="title"><?=_('User agreements')?></td>
+ </tr>
<?
-if(mysql_num_rows($dres) > 0) {
- output_log_agreement_header();
- while($drow = mysql_fetch_assoc($dres))
- {
- output_log_agreement($drow);
- }
-}ELSE{
- ?><td colspan="4" ><?=_('no entry avialable')?></td><?
-}?>
+ if(mysql_num_rows($dres) > 0) {
+ output_log_agreement_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_agreement($drow);
+ }
+ }ELSE{
+ ?><td colspan="4" ><?=_('no entry avialable')?></td><?
+ }?>
</table>
<br/>
<?
-$dres = get_client_certs($userid);
+$dres = get_client_certs($userid,1);
$colspan=10;
if (1==$support) {
- $colspan=7;
+ $colspan=7;
}
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="<? $colspan?>" class="title"><?=_('Client certificates')?></td>
- </tr>
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Client certificates')?></td>
+ </tr>
<?
-if(mysql_num_rows($dres) > 0) {
- output_client_cert_header($support);
- while($drow = mysql_fetch_assoc($dres))
- {
- output_client_cert($drow,$support);
- }
-}ELSE{
- ?><td colspan="<? $colspan?>" ><?=_('no entry avialable')?></td><?
-}?>
+ if(mysql_num_rows($dres) > 0) {
+ output_client_cert_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_client_cert($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
</table>
<br/>
<?
-$dres = get_server_certs($userid);
-$colspan=8;
-if (1==$support) {
- $colspan=5;
+$dres = get_server_certs($userid,1);
+$colspan = 8;
+if (1 == $support) {
+ $colspan = 5;
}
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="<? $colspan?>" class="title"><?=_('Server certificates')?></td>
- </tr>
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Server certificates')?></td>
+ </tr>
<?
-if(mysql_num_rows($dres) > 0) {
- output_log_server_certs_header($support);
- while($drow = mysql_fetch_assoc($dres))
- {
- output_log_server_certs($drow,$support);
- }
-}ELSE{
- ?><td colspan="<? $colspan?>" ><?=_('no entry avialable')?></td><?
-}?>
+ if(mysql_num_rows($dres) > 0) {
+ output_log_server_certs_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_server_certs($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
</table>
<br/>
<?
-$dres = get_server_certs($userid);
-$colspan=6;
-if (1==$support) {
- $colspan=4;
+$dres = get_gpg_certs($userid,1);
+$colspan = 6;
+if (1 == $support) {
+ $colspan = 4;
}
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="<? $colspan?>" class="title"><?=_('Server certificates')?></td>
- </tr>
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('GPG/PGP certificates')?></td>
+ </tr>
<?
-if(mysql_num_rows($dres) > 0) {
- output_log_server_certs_header($support);
- while($drow = mysql_fetch_assoc($dres))
- {
- output_log_server_certs($drow,$support);
- }
-}ELSE{
- ?><td colspan="<? $colspan?>" ><?=_('no entry avialable')?></td><?
-}?>
+ if(mysql_num_rows($dres) > 0) {
+ output_gpg_certs_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_gpg_certs($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+
+output_log_given_assurances($userid, $support);
+?><br/><?
+
+output_log_received_assurances($userid, $support);
+?><br/><?
+
+$dres = get_se_log($userid);
+$colspan = 2;
+if (1 == $support) {
+ $colspan = 4;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Admin log')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_se_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_se($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }
+ if ($support==1) {
+ ?><td colspan="<?=$colspan?>" ><a href="account.php?id=43&amp;userid=<?= $userid ?>"><?= _('Back to previous page.')?></a></td><?
+ }
+
+ ?>
+
</table>
-} \ No newline at end of file
diff --git a/pages/account/6.php b/pages/account/6.php
index 0054b7a..8455499 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -115,7 +115,6 @@ if (array_key_exists('format', $_REQUEST)) {
echo "<pre>$cert</pre>";
?>
-<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Information about the certificate")?></td>
@@ -133,16 +132,6 @@ if (array_key_exists('format', $_REQUEST)) {
$row['revoke'] = _("Not Revoked");
?>
<tr>
- <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
-<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="revokeid[<?=$row['id']?>]" ></td>
-<? } else if($verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="delid[<?=$row['id']?>]"></td>
-<? } else { ?>
- <td class="DataTD">&nbsp;</td>
-<? } ?>
- </tr>
- <tr>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=$verified?></td>
</tr>
@@ -165,21 +154,14 @@ if (array_key_exists('format', $_REQUEST)) {
<tr>
<td class="DataTD"><?=_("Login")?></td>
<td class="DataTD">
- <input type="checkbox" name="disablelogin" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+ <input type="checkbox" name="disablelogin" disabled="disabled" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
</td>
</tr>
<tr>
<td class="DataTD"><?=_("Comment")?></td>
- <td class="DataTD"><input type="text" name="description" maxlength="100" size=100 value="<?=htmlspecialchars($row['description'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+ <td class="DataTD"><?=htmlspecialchars($row['description'])?></td>
</tr>
</table>
-<input type="hidden" name="oldid" value="6">
-<input type="hidden" name="certid" value="<?=$certid?>">
-</form>
-
<?
showfooter();
exit;
diff --git a/pages/index/1.php b/pages/index/1.php
index a60a242..4f0ca83 100644
--- a/pages/index/1.php
+++ b/pages/index/1.php
@@ -15,9 +15,14 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<p><?=_("By joining CAcert and becoming a Member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p>
+<p><?=_("By joining CAcert and becoming a member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p>
<p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
+<b><?=_("Note: Please enter your date of birth and names as they are written in your official documents.")?></b><br /><br />
+<?=_("Because CAcert is a certificate authority (CA) people rely on us knowing about the identity of the users of our certificates. So even as we value privacy very much, we need to collect at least some basic information about our members. This is especially the case for everybody who wants to take part in our web of trust.")?>
+<?=_("Your private information will be used for internal procedures only and will not be shared with third parties.")?>
+</p>
+<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
<?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br>
<b><?=_("Note: White spaces at the beginning and end of a password will be removed.")?></b>
</p>
diff --git a/pages/wot/10.php b/pages/wot/10.php
index bc76a86..e490af9 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -36,8 +36,8 @@
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
*/
- $query = "SELECT count(*) AS `list` FROM `users`
- inner join `notary` on `users`.`id` = `notary`.`from`
+ $query = "SELECT count(*) AS `list` FROM `users`
+ inner join `notary` on `users`.`id` = `notary`.`from`
GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
$rank = mysql_num_rows(mysql_query($query)) + 1;
@@ -64,7 +64,7 @@
<td class="DataTD"><b><?=_("Method")?></b></td>
</tr>
<?
- $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
+ $query = "select * from `notary` where `deleted`=0 and `to`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
@@ -114,7 +114,7 @@ if ($thawte)
</tr>
<?
$points = 0;
- $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'";
+ $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `to`!='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
diff --git a/pages/wot/6.php b/pages/wot/6.php
index ef8cac7..a565aa7 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -79,7 +79,7 @@
AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
- AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
+ AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")");
AssureFoot($id,_("I confirm this Assurance"));
?>
diff --git a/scripts/53de-ate-amberg-email.txt b/scripts/53de-ate-amberg-email.txt
new file mode 100644
index 0000000..d8f76ff
--- /dev/null
+++ b/scripts/53de-ate-amberg-email.txt
@@ -0,0 +1,93 @@
+[Deutsch]
+
+Es hat sich viel getan in den letzten Jahren. Eine ganze Reihe von bisher
+eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen.
+Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B.
+in dem CAcert Community Agreement) wurden beschlossen. Die Assurer
+Training Events wollen versuchen, die ganzen Informationen unter's
+Volk zu bringen:
+
+- Welcher Satz fehlt auf alten CAP Formularen?
+- Warum soll ich mir R/L/O einpraegen?
+- Wie verhaelst du dich,
+ wenn du ein fremdes Ausweisdokument das erste Mal pruefst?
+
+Antworten auf diese und weitere Fragen erhaelst du bei den
+Assurer Training Events (ATEs).
+
+Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung
+trainiert und auditiert, um die Qualitaet der Assurances in der
+taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und
+Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die
+Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren,
+wie diese vermieden werden koennen.
+
+Wie IanG sagte: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers, and include parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+Die kommende Veranstaltung in deiner Naehe findet statt am:
+
+- Montag, den 6. Januar 2014
+- in der Zeit von: 12:00 - ca. 16:00 Uhr
+- ASAMnet e.V.
+- Emailfabrik 1. Stock
+- Emailfabrikstrasse 12
+- 92224 Amberg
+
+
+Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
+Wiki [https://wiki.cacert.org/Events/2014-01-06ATE-Amberg]
+Blog [http://blog.cacert.org/2013/12/ate-amberg-de-2014-01-06/]
+
+Teilnehmer Registrierung mit Rueckantwort:
+ 'Ich moechte am ATE-Amberg teilnehmen'
+
+Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
+
+Kontakt: events@cacert.org
+
+
+
+[English]
+
+During the last year many changes took place inside CAcert. Many "oral"
+rules have been put into Policies. New procedures
+(e.g. Assurer Challenge) and obligations
+(e.g. CAcert Community Agreement) have been put into live.
+The Assurer Training Events (ATE) try to spread this information:
+
+- What is missing on the "old" CAP forms?
+- Why should I remember R/L/O?
+- What can you do if an Assuree shows an ID document unknown to you?
+
+These and more questions will be answered during the
+Assurer Training Events (ATEs)
+
+Furthermore, the ATE trains how to do assurances and audits assurances,
+to measure the quality of assurances in the daily routine. Here are some
+possible errors and pitfalls which need to be found. Assurers have the
+opportunity to see those errors and how to avoid them.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers and includes parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+The next event held in your area will be:
+
+- Monday, January 6th 2014
+- during: 12:00 - ca. 16:00
+- ASAMnet e.V.
+- Emailfabrik 1. Stock
+- Emailfabrikstrasse 12
+- 92224 Amberg
+
+Details to the location can be found:
+Wiki [https://wiki.cacert.org/Events/2014-01-06ATE-Amberg]
+Blog [http://blog.cacert.org/2013/12/ate-amberg-de-2014-01-06/]
+
+User reply for registration: 'I will attend the ATE-Amberg'
+
+The event team is looking forward for your attendance:
+
+Contact: events@cacert.org
diff --git a/scripts/53de-ate-amberg-mail.php.txt b/scripts/53de-ate-amberg-mail.php.txt
new file mode 100644
index 0000000..4be2ebd
--- /dev/null
+++ b/scripts/53de-ate-amberg-mail.php.txt
@@ -0,0 +1,133 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2013 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("53de-ate-amberg-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+
+// CAcert Assurance and Keysigning event at FUDcon, Lawrence, KS, Jan 19th 2013
+// $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+// $eventname = "CAcert Assurance and Keysigning at FUDcon Lawrence, KS";
+// $city = "January 19th 2013";
+
+// ATE-Kiel 2013-02-11
+// $locid = 919560; // Kiel, Schleswig-Holstein, Germany
+// $eventname = "ATE-Kiel";
+// $city = "11. Februar 2013";
+
+// Linuxtag, Berlin, May 22-25, 2013,
+// $locid = 228950; // Berlin
+// $eventname = "Linuxtag Berlin";
+// $city = "22.-25. Mai, 2013";
+
+// $locid = 1117395; // Lubeck Hansestadt, Schleswig-Holstein, Germany
+// $eventname = "ATE-Luebeck";
+// $city = "07. Juni 2013";
+
+// $locid = 675661; // Graz, Steiermark, Austria
+// $eventname = "ATE-Graz";
+// $city = "16. August 2013";
+
+// $locid = 1992733; // Wien, Wien, Austria
+// $eventname = "ATE-Wien";
+// $city = "15. Oktober 2013";
+
+ $locid = 54334; // Amberg, Bayern, Germany
+ $eventname = "ATE-Amberg";
+ $city = "06. Januar 2014";
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/db_migrations/version3.sh b/scripts/db_migrations/version3.sh
new file mode 100755
index 0000000..8febfe7
--- /dev/null
+++ b/scripts/db_migrations/version3.sh
@@ -0,0 +1,98 @@
+#!/bin/sh
+# LibreSSL - CAcert web application
+# Copyright (C) 2004-2011 CAcert Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+
+# script to do database migrations
+
+# This particular version migrates from the preversioned state to version 1
+# If you want to reuse it for further migrations you probably should pay special
+# attention because you have to adjust it a bit
+
+set -e # script fails if any command fails
+
+STDIN=0
+STDOUT=1
+STDERR=2
+
+if [ "$1" = "--help" ]; then
+ cat >&$STDERR <<- USAGE
+ Usage: $0 [MYSQL_OPTIONS]
+ You have to specify all options needed by "mysql" as if you had started
+ the MySQL command line client directly (including the name of the
+ database to operate on). The MySQL user used has to have enough
+ privileges to do all necessary operations (among others CREATE, ALTER,
+ DROP, UPDATE, INSERT, DELETE).
+ You might need to enter the mysql password multiple times if you
+ specify the -p option.
+ USAGE
+ exit 1
+fi
+
+mysql_opt=" --batch --skip-column-names $@"
+
+schema_version=$( mysql $mysql_opt <<- 'SQL'
+
+ SELECT MAX(`version`) FROM `schema_version`;
+SQL
+)
+if [ $schema_version != 2 ]; then
+ cat >&$STDERR <<- ERROR
+ Error: database schema is not in the right version to do the migration!
+ Expected version: 2
+ ERROR
+ exit 2
+fi
+
+mysql $mysql_opt <<- 'SQL'
+
+
+-- alter table Admin log
+
+ALTER TABLE `adminlog` ADD `type` VARCHAR( 50 ) NOT NULL ,
+ ADD `information` VARCHAR( 50 ) NOT NULL;
+
+-- create new table OrgAdminLog
+
+CREATE TABLE IF NOT EXISTS `orgadminlog` (
+ `when` datetime NOT NULL,
+ `oid` int(11) NOT NULL,
+ `adminid` int(11) NOT NULL,
+ `type` varchar(50) NOT NULL,
+ `information` varchar(50) NOT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+-- alter table OrgDomainCerts
+ALTER TABLE `orgdomaincerts` ADD orgadminid int(11) NULL,
+ ADD revokeorgadminid int(11) NULL;
+
+-- alter table OrgEmailCerts
+ALTER TABLE `orgemailcerts` ADD orgadminid int(11) NULL,
+ ADD revokeorgadminid int(11) NULL;
+
+
+
+ -- Update schema version number
+ INSERT INTO `schema_version`
+ (`version`, `when`) VALUES
+ ('3' , NOW() );
+SQL
+
+
+echo "Database successfully migrated to version 3"
+exit 0
+
diff --git a/scripts/db_migrations/version4.sh b/scripts/db_migrations/version4.sh
new file mode 100755
index 0000000..9a8aded
--- /dev/null
+++ b/scripts/db_migrations/version4.sh
@@ -0,0 +1,100 @@
+#!/bin/sh
+# LibreSSL - CAcert web application
+# Copyright (C) 2004-2011 CAcert Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+
+# script to do database migrations
+
+# This particular version migrates from the preversioned state to version 1
+# If you want to reuse it for further migrations you probably should pay special
+# attention because you have to adjust it a bit
+
+set -e # script fails if any command fails
+
+STDIN=0
+STDOUT=1
+STDERR=2
+
+if [ "$1" = "--help" ]; then
+ cat >&$STDERR <<- USAGE
+ Usage: $0 [MYSQL_OPTIONS]
+ You have to specify all options needed by "mysql" as if you had started
+ the MySQL command line client directly (including the name of the
+ database to operate on). The MySQL user used has to have enough
+ privileges to do all necessary operations (among others CREATE, ALTER,
+ DROP, UPDATE, INSERT, DELETE).
+ You might need to enter the mysql password multiple times if you
+ specify the -p option.
+ USAGE
+ exit 1
+fi
+
+mysql_opt=" --batch --skip-column-names $@"
+
+schema_version=$( mysql $mysql_opt <<- 'SQL'
+
+ SELECT MAX(`version`) FROM `schema_version`;
+SQL
+)
+if [ $schema_version != 3 ]; then
+ cat >&$STDERR <<- ERROR
+ Error: database schema is not in the right version to do the migration!
+ Expected version: 3
+ ERROR
+ exit 2
+fi
+
+mysql $mysql_opt <<- 'SQL'
+
+-- dump table AdminLog
+SELECT *
+ INTO OUTFILE "adminlog_table_backup_1135"
+ FIELDS TERMINATED BY ','
+ OPTIONALLY ENCLOSED BY '"'
+ LINES TERMINATED BY "\n"
+ FROM `adminlog`;
+SQL
+
+
+echo "Dump table create in adminlog_table_backup_1135"
+
+
+mysql $mysql_opt <<- 'SQL'
+-- update table admin log
+
+UPDATE `adminlog` SET `type` = 'old name or dob change',
+`information` = 'see adminlog_table_backup_1135';
+
+-- alter table admin log
+
+ALTER TABLE `adminlog`
+ DROP `old-lname`,
+ DROP `old-dob`,
+ DROP `new-lname`,
+ DROP `new-dob`;
+
+
+ -- Update schema version number
+ INSERT INTO `schema_version`
+ (`version`, `when`) VALUES
+ ('4' , NOW() );
+SQL
+
+
+echo "Database successfully migrated to version 4"
+exit 0
+
diff --git a/www/index.php b/www/index.php
index c7cc03e..bb71a63 100644
--- a/www/index.php
+++ b/www/index.php
@@ -125,7 +125,7 @@ require_once('../includes/lib/l10n.php');
showfooter();
exit;
}
- }
+ }
}
if($oldid == 5 && $process != "")
@@ -153,13 +153,13 @@ require_once('../includes/lib/l10n.php');
include_once("../includes/lib/general.php");
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
$_SERVER['SSL_CLIENT_I_DN_CN']);
-
+
if($user_id >= 0)
{
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
- "select * from `users` where
+ "select * from `users` where
`id`='$user_id' and `deleted`=0 and `locked`=0"));
-
+
if($_SESSION['profile']['id'] != 0)
{
$_SESSION['profile']['loggedin'] = 1;
@@ -319,7 +319,7 @@ require_once('../includes/lib/l10n.php');
L10n::set_translation($_SESSION['profile']['language']);
L10n::init_gettext();
}
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted`=0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
@@ -499,7 +499,7 @@ require_once('../includes/lib/l10n.php');
if($checkemail != "OK")
{
$id = 1;
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
$_SESSION['_config']['errmsg'] .= _("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.");
} else {
@@ -566,9 +566,9 @@ require_once('../includes/lib/l10n.php');
$subject = stripslashes($_REQUEST['subject']);
$message = stripslashes($_REQUEST['message']);
$secrethash = $_REQUEST['secrethash2'];
-
+
//check for spam via honeypot
- if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
+ if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
echo _("Form could not be sent.");
showfooter();
exit;
@@ -641,7 +641,7 @@ require_once('../includes/lib/l10n.php');
$newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
}
-
+
if ($id == 19)
{
$protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
@@ -655,7 +655,7 @@ require_once('../includes/lib/l10n.php');
$newUrl = $protocol . '://wiki.cacert.org/Board';
header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
}
-
+
showheader(_("Welcome to CAcert.org"));
includeit($id);
showfooter();
diff --git a/www/styles/default.css b/www/styles/default.css
index 424dcb8..a7f6f20 100644
--- a/www/styles/default.css
+++ b/www/styles/default.css
@@ -558,6 +558,19 @@ td.storyLeft {
border-right: 1px #cfcfcf solid;
}
+.DataTDError {
+ border-style: inset;
+ border-width: 1px;
+ font-size: 8pt;
+ color: #ff0000;
+ font-family: Arial, Tahoma, Verdana, Helvetica, sans-serif;
+
+ background: #ffffff;
+ padding: 1px 5px 1px 5px;
+ border: 1px #cfcfcf solid;
+ border-left: 1px #cfcfcf dotted;
+ border-right: 1px #cfcfcf dotted;
+}
.wrapper {
border-collapse: collapse;
font-family: verdana, sans-serif;
diff --git a/www/wot.php b/www/wot.php
index 8395a58..fb229b9 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -225,7 +225,7 @@ function send_reminder()
}
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
- `to`='".$_SESSION['_config']['notarise']['id']."'";
+ `deleted`=0 and `to`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -371,7 +371,8 @@ $iecho= "c";
`when`=NOW()";
//record active acceptance by Assurer
if (check_date_format(trim($_REQUEST['date']),2010)) {
- write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']);
+ write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);
+ write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']);
}
if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
$query .= ",\n`method`='TTP-Assisted'";
@@ -379,10 +380,6 @@ $iecho= "c";
mysql_query($query);
fix_assurer_flag($_SESSION['_config']['notarise']['id']);
include_once("../includes/notary.inc.php");
-/*to be activated after CCA accept option is implemented in form
- write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);}*/
-/* to be activated after the CCA recording is announced
- write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']); */
if($_SESSION['profile']['points'] < 150)
{