summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xCommModule/client.pl6
-rw-r--r--README1
-rw-r--r--includes/about_menu.php2
-rw-r--r--includes/account.php174
-rw-r--r--includes/account_stuff.php359
-rw-r--r--includes/general.php30
-rw-r--r--includes/general_stuff.php2
-rw-r--r--includes/lib/general.php50
-rw-r--r--includes/loggedin.php16
-rw-r--r--includes/mysql.php.sample4
-rw-r--r--includes/notary.inc.php605
-rw-r--r--includes/wot.inc.php539
-rw-r--r--pages/account/12.php10
-rw-r--r--pages/account/14.php10
-rw-r--r--pages/account/16.php2
-rw-r--r--pages/account/18.php29
-rwxr-xr-x[-rw-r--r--]pages/account/22.php12
-rwxr-xr-x[-rw-r--r--]pages/account/25.php28
-rw-r--r--pages/account/30.php2
-rw-r--r--pages/account/31.php2
-rw-r--r--pages/account/34.php2
-rw-r--r--[-rwxr-xr-x]pages/account/39.php78
-rwxr-xr-xpages/account/40.php2
-rwxr-xr-x[-rw-r--r--]pages/account/43.php243
-rw-r--r--pages/account/5.php7
-rw-r--r--pages/help/0.php19
-rw-r--r--pages/help/2.php69
-rw-r--r--pages/help/3.php78
-rw-r--r--pages/help/4.php35
-rw-r--r--pages/help/5.php8
-rw-r--r--pages/help/6.php18
-rw-r--r--pages/help/7.php16
-rw-r--r--pages/help/8.php10
-rw-r--r--pages/help/9.php51
-rw-r--r--pages/index/1.php46
-rw-r--r--pages/index/10.php78
-rw-r--r--pages/index/11.php2
-rw-r--r--[-rwxr-xr-x]pages/index/16.php15
-rw-r--r--pages/index/19.php94
-rw-r--r--pages/index/3.php15
-rw-r--r--pages/index/6.php4
-rw-r--r--pages/index/8.php18
-rw-r--r--pages/wot/10.php23
-rw-r--r--pages/wot/15.php29
-rw-r--r--[-rwxr-xr-x]password.dat.sample0
-rw-r--r--scripts/31de-lt2011-berlin-email.txt20
-rw-r--r--scripts/31de-lt2011-berlin-mail.php.txt152
-rw-r--r--scripts/32de-ate-bonn-email.txt38
-rw-r--r--scripts/32de-ate-bonn-mail.php.txt151
-rw-r--r--scripts/33us-ate-wdc-email.txt40
-rw-r--r--scripts/33us-ate-wdc-mail.php.txt108
-rw-r--r--scripts/34us-ate-wdc-email.txt21
-rw-r--r--scripts/34us-ate-wdc-mail.php.txt108
-rw-r--r--scripts/35us-ate-ny-email.txt22
-rw-r--r--scripts/35us-ate-ny-mail.php.txt109
-rw-r--r--scripts/36us-ate-ny-email.txt34
-rw-r--r--scripts/36us-ate-ny-mail.php.txt109
-rw-r--r--scripts/37de-blit2011-email.txt18
-rw-r--r--scripts/37de-blit2011-mail.php.txt106
-rw-r--r--scripts/DumpWeakCerts.pl193
-rwxr-xr-xscripts/db_migrations/version1.sh164
-rw-r--r--scripts/mail-weak-keys.php161
-rw-r--r--scripts/mass-revoke.php89
-rw-r--r--scripts/oa01-allowance.php.txt93
-rw-r--r--scripts/oa01-allowance.txt159
-rw-r--r--scripts/perl_mysql.sample6
-rw-r--r--www/api/ccsr.php6
-rw-r--r--www/cap.html.php4
-rw-r--r--www/capnew.php10
-rw-r--r--www/certs/class3.crt73
-rw-r--r--www/certs/class3.derbin1548 -> 1885 bytes
-rw-r--r--www/certs/class3.txt152
-rw-r--r--www/coap.html.php4
-rw-r--r--www/coapnew.php14
-rw-r--r--www/index.php31
-rw-r--r--www/logos/CAcert-logo-colour-1000.pngbin0 -> 24317 bytes
-rw-r--r--www/logos/CAcert-logo-mono-1000.pngbin0 -> 19406 bytes
-rw-r--r--www/policy/CAcertCommunityAgreement.php2
-rw-r--r--www/policy/CertificationPracticeStatement.php6
-rw-r--r--www/policy/PrivacyPolicy.html114
-rw-r--r--www/policy/index.php5
-rw-r--r--www/wot.php12
82 files changed, 4440 insertions, 737 deletions
diff --git a/CommModule/client.pl b/CommModule/client.pl
index 7b417d1..323ee27 100755
--- a/CommModule/client.pl
+++ b/CommModule/client.pl
@@ -540,7 +540,7 @@ sub OpenPGPextractExpiryDate ($)
print OUT $_;
unless ($r)
{
- if ( /^\s*version \d+, created (\d+), md5len 0, sigclass \d+\s*$/ )
+ if ( /^\s*version \d+, created (\d+), md5len 0, sigclass (?:0x[0-9a-fA-F]+|\d+)\s*$/ )
{
SysLog "Detected CTS: $1\n";
$cts = int($1);
@@ -670,13 +670,13 @@ sub sendmail($$$$$$$)
SysLog "SMTP: ".<$smtp>;
print $smtp "HELO hlin.cacert.org\r\n";
SysLog "SMTP: ".<$smtp>;
- print $smtp "MAIL FROM: <returns\@cacert.org>\r\n";
+ print $smtp "MAIL FROM:<returns\@cacert.org>\r\n";
SysLog "MAIL FROM: ".<$smtp>;
@bits = split(",", $to);
foreach my $user (@bits)
{
- print $smtp "RCPT TO: <".trim($user).">\r\n";
+ print $smtp "RCPT TO:<".trim($user).">\r\n";
SysLog "RCPT TO: ".<$smtp>;
}
print $smtp "DATA\r\n";
diff --git a/README b/README
index 6e07b04..7f2ca78 100644
--- a/README
+++ b/README
@@ -9,6 +9,7 @@ PHP
GetText
UFPDF - PDF generation library from http://acko.net/node/56
OpenSSL - X.509 toolkit from http://www.openssl.org/
+openssl-vulnkey including blacklists for all common key sizes
GnuPG - OpenPGP toolkit from http://www.gnupg.org/
whois - whois client from http://www.linux.it/~md/software/
XEnroll - Enrollment Active-X control for IE5/6 from Microsoft (search for xenroll.cab)
diff --git a/includes/about_menu.php b/includes/about_menu.php
index 2f3080d..f34a274 100644
--- a/includes/about_menu.php
+++ b/includes/about_menu.php
@@ -4,7 +4,7 @@
<li><a href="http://blog.cacert.org/"><?=_("CAcert News")?></a></li>
<li><a href="http://wiki.CAcert.org/"><?=_("Wiki Documentation")?></a></li>
<li><a href="/policy/"><?=_("Policies")?></a></li>
- <li><a href="/index.php?id=19"><?=_("Point System")?></a></li>
+ <li><a href="//wiki.cacert.org/FAQ/Privileges"><?=_("Point System")?></a></li>
<li><a href="http://bugs.CAcert.org/"><?=_("Bug Database")?></a></li>
<? // <li><a href="/index.php?id=47">< = _ ("PR Materials" ) > </a></li> ?>
<? // <li><a href="/logos.php">< ? = _ ( " CAcert Logos " ) ? > </a></li> ?>
diff --git a/includes/account.php b/includes/account.php
index 685b53a..55c9f7a 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -35,6 +35,12 @@
exit;
}
+ if ($process == _("Cancel"))
+ {
+ // General reset CANCEL process requests
+ $process = "";
+ }
+
if($id == 45 || $id == 46 || $oldid == 45 || $oldid == 46)
{
@@ -299,6 +305,15 @@
$_SESSION['_config']['rootcert'] = 1;
$emails .= "SPKAC = $spkac";
+ if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
+ {
+ $id = 4;
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
$query = "insert into emailcerts set
`CN`='$defaultemail',
`keytype`='NS',
@@ -330,6 +345,16 @@
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
if($csr == "")
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
+
+ if (($weakKey = checkWeakKeyCSR($csr)) !== "")
+ {
+ $id = 4;
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
$tmpfname = tempnam("/tmp", "id4CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
@@ -613,17 +638,23 @@
if($process != "" && $oldid == 10)
{
$CSR = clean_csr($_REQUEST['CSR']);
- $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
- $fp = fopen($_SESSION['_config']['tmpfname'], "w");
if(strpos($CSR,"---BEGIN")===FALSE)
{
// In case the CSR is missing the ---BEGIN lines, add them automatically:
- fputs($fp,"-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n");
+ $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
}
- else
+
+ if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
- fputs($fp, $CSR);
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
}
+
+ $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
+ $fp = fopen($_SESSION['_config']['tmpfname'], "w");
+ fputs($fp, $CSR);
fclose($fp);
$CSR = $_SESSION['_config']['tmpfname'];
$_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
@@ -658,6 +689,23 @@
if($process != "" && $oldid == 11)
{
+ if(!file_exists($_SESSION['_config']['tmpfname']))
+ {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
+ showfooter();
+ exit;
+ }
+
+ if (($weakKey = checkWeakKeyCSR(file_get_contents(
+ $_SESSION['_config']['tmpfname']))) !== "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
$id = 11;
if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
{
@@ -731,13 +779,6 @@
mysql_query("insert into `domlink` set `certid`='$CSRid', `domid`='$dom'");
$CSRname=generatecertpath("csr","server",$CSRid);
- if(!file_exists($_SESSION['_config']['tmpfname']))
- {
- showheader(_("My CAcert.org Account!"));
- printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
- showfooter();
- exit;
- }
rename($_SESSION['_config']['tmpfname'], $CSRname);
chmod($CSRname,0644);
mysql_query("update `domaincerts` set `CSR_name`='$CSRname' where `id`='$CSRid'");
@@ -780,8 +821,17 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
continue;
}
- mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
+
$row = mysql_fetch_assoc($res);
+
+ if (($weakKey = checkWeakKeyX509(file_get_contents(
+ $row['crt_name']))) !== "")
+ {
+ echo $weakKey, "<br/>\n";
+ continue;
+ }
+
+ mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
$query = "insert into `domaincerts` set
`domid`='".$row['domid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
@@ -946,8 +996,17 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
+
$row = mysql_fetch_assoc($res);
+
+ if (($weakKey = checkWeakKeyX509(file_get_contents(
+ $row['crt_name']))) !== "")
+ {
+ echo $weakKey, "<br/>\n";
+ continue;
+ }
+
+ mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
$query = "insert into emailcerts set
`memid`='".$row['memid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
@@ -1237,6 +1296,8 @@
showheader(_("My CAcert.org Account!"));
if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
{
+ echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
+ '</h3>', "\n";
echo _("New Pass Phrases specified don't match or were blank.");
} else {
$score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
@@ -1253,14 +1314,21 @@
}
if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
+ echo '<h3 style="color:red">',
+ _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
echo _("The Pass Phrase you submitted was too short.");
} else if($score < 3) {
+ echo '<h3 style="color:red">',
+ _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
} else if($rc <= 0) {
+ echo '<h3 style="color:red">',
+ _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
echo _("You failed to correctly enter your current Pass Phrase.");
} else {
mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
where `id`='".$_SESSION['profile']['id']."'");
+ echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
$body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
$body .= _("You are receiving this email because you or someone else")."\n";
@@ -1378,6 +1446,15 @@
$_SESSION['_config']['rootcert'] = 1;
$emails .= "SPKAC = $spkac";
+ if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
+ {
+ $id = 17;
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
$query = "insert into `orgemailcerts` set
`CN`='$defaultemail',
`keytype`='NS',
@@ -1408,6 +1485,16 @@
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
+
+ if (($weakKey = checkWeakKeyCSR($csr)) !== "")
+ {
+ $id = 17;
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
$tmpfname = tempnam("/tmp", "id17CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
@@ -1514,8 +1601,17 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
+
$row = mysql_fetch_assoc($res);
+
+ if (($weakKey = checkWeakKeyX509(file_get_contents(
+ $row['crt_name']))) !== "")
+ {
+ echo $weakKey, "<br/>\n";
+ continue;
+ }
+
+ mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
@@ -1625,6 +1721,16 @@
if($process != "" && $oldid == 20)
{
$CSR = clean_csr($_REQUEST['CSR']);
+
+ if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
+ {
+ $id = 20;
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -1674,6 +1780,23 @@
if($process != "" && $oldid == 21)
{
$id = 21;
+
+ if(!file_exists($_SESSION['_config']['tmpfname']))
+ {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
+ showfooter();
+ exit;
+ }
+
+ if (($weakKey = checkWeakKeyCSR(file_get_contents(
+ $_SESSION['_config']['tmpfname']))) !== "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
{
@@ -1799,8 +1922,17 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
- mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
+
$row = mysql_fetch_assoc($res);
+
+ if (($weakKey = checkWeakKeyX509(file_get_contents(
+ $row['crt_name']))) !== "")
+ {
+ echo $weakKey, "<br/>\n";
+ continue;
+ }
+
+ mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
@@ -2072,7 +2204,7 @@
$orgid = 0;
}
- if($oldid == 31 && $process != _("Cancel"))
+ if($oldid == 31 && $process != "")
{
$query = "select * from `orgdomains` where `orgid`='".intval($_SESSION['_config']['orgid'])."'";
$dres = mysql_query($query);
@@ -2497,6 +2629,14 @@
showfooter();
exit;
}
+
+ if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo $weakKey;
+ showfooter();
+ exit;
+ }
$query = "insert into `domaincerts` set
`CN`='".$_SESSION['_config']['0.CN']."',
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index fa6757b..b6fdd7a 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -278,10 +278,367 @@ function hideall() {
</div>
</div>
<div id="siteInfo"><a href="account.php?id=37"><?=_("About Us")?></a> | <a href="account.php?id=38"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
- <a href="account.php?id=39"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a>
+ <a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a>
| &copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
</div>
</body>
</html><?
}
+
+ /**
+ * Produces a log entry with the error message with log level E_USER_WARN
+ * and a random ID an returns a message that can be displayed to the user
+ * including the generated ID
+ *
+ * @param $errormessage string
+ * The error message that should be logged
+ * @return string containing the generated ID that can be displayed to the
+ * user
+ */
+ function failWithId($errormessage) {
+ $errorId = rand();
+ trigger_error("$errormessage. ID: $errorId", E_USER_WARNING);
+ return sprintf(_("Something went wrong when processing your request. ".
+ "Please contact %s for help and provide them with the ".
+ "following ID: %d"),
+ "<a href='mailto:support@cacert.org?subject=System%20Error%20-%20".
+ "ID%3A%20$errorId'>support@cacert.org</a>",
+ $errorId);
+ }
+
+ /**
+ * Checks whether the given CSR contains a vulnerable key
+ *
+ * @param $csr string
+ * The CSR to be checked
+ * @param $encoding string [optional]
+ * The encoding the CSR is in (for the "-inform" parameter of OpenSSL,
+ * currently only "PEM" (default) or "DER" allowed)
+ * @return string containing the reason if the key is considered weak,
+ * empty string otherwise
+ */
+ function checkWeakKeyCSR($csr, $encoding = "PEM")
+ {
+ // non-PEM-encodings may be binary so don't use echo
+ $descriptorspec = array(
+ 0 => array("pipe", "r"), // STDIN for child
+ 1 => array("pipe", "w"), // STDOUT for child
+ );
+ $encoding = escapeshellarg($encoding);
+ $proc = proc_open("openssl req -inform $encoding -text -noout",
+ $descriptorspec, $pipes);
+
+ if (is_resource($proc))
+ {
+ fwrite($pipes[0], $csr);
+ fclose($pipes[0]);
+
+ $csrText = "";
+ while (!feof($pipes[1]))
+ {
+ $csrText .= fread($pipes[1], 8192);
+ }
+ fclose($pipes[1]);
+
+ if (($status = proc_close($proc)) !== 0 || $csrText === "")
+ {
+ return _("I didn't receive a valid Certificate Request, hit ".
+ "the back button and try again.");
+ }
+ } else {
+ return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
+ }
+
+
+ return checkWeakKeyText($csrText);
+ }
+
+ /**
+ * Checks whether the given X509 certificate contains a vulnerable key
+ *
+ * @param $cert string
+ * The X509 certificate to be checked
+ * @param $encoding string [optional]
+ * The encoding the certificate is in (for the "-inform" parameter of
+ * OpenSSL, currently only "PEM" (default), "DER" or "NET" allowed)
+ * @return string containing the reason if the key is considered weak,
+ * empty string otherwise
+ */
+ function checkWeakKeyX509($cert, $encoding = "PEM")
+ {
+ // non-PEM-encodings may be binary so don't use echo
+ $descriptorspec = array(
+ 0 => array("pipe", "r"), // STDIN for child
+ 1 => array("pipe", "w"), // STDOUT for child
+ );
+ $encoding = escapeshellarg($encoding);
+ $proc = proc_open("openssl x509 -inform $encoding -text -noout",
+ $descriptorspec, $pipes);
+
+ if (is_resource($proc))
+ {
+ fwrite($pipes[0], $cert);
+ fclose($pipes[0]);
+
+ $certText = "";
+ while (!feof($pipes[1]))
+ {
+ $certText .= fread($pipes[1], 8192);
+ }
+ fclose($pipes[1]);
+
+ if (($status = proc_close($proc)) !== 0 || $certText === "")
+ {
+ return _("I didn't receive a valid Certificate Request, hit ".
+ "the back button and try again.");
+ }
+ } else {
+ return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
+ }
+
+
+ return checkWeakKeyText($certText);
+ }
+
+ /**
+ * Checks whether the given SPKAC contains a vulnerable key
+ *
+ * @param $spkac string
+ * The SPKAC to be checked
+ * @param $spkacname string [optional]
+ * The name of the variable that contains the SPKAC. The default is
+ * "SPKAC"
+ * @return string containing the reason if the key is considered weak,
+ * empty string otherwise
+ */
+ function checkWeakKeySPKAC($spkac, $spkacname = "SPKAC")
+ {
+ /* Check for the debian OpenSSL vulnerability */
+
+ $spkac = escapeshellarg($spkac);
+ $spkacname = escapeshellarg($spkacname);
+ $spkacText = `echo $spkac | openssl spkac -spkac $spkacname`;
+ if ($spkacText === null) {
+ return _("I didn't receive a valid Certificate Request, hit the ".
+ "back button and try again.");
+ }
+
+ return checkWeakKeyText($spkacText);
+ }
+
+ /**
+ * Checks whether the given text representation of a CSR or a SPKAC contains
+ * a weak key
+ *
+ * @param $text string
+ * The text representation of a key as output by the
+ * "openssl <foo> -text -noout" commands
+ * @return string containing the reason if the key is considered weak,
+ * empty string otherwise
+ */
+ function checkWeakKeyText($text)
+ {
+ /* Which public key algorithm? */
+ if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text,
+ $algorithm))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't extract the ".
+ "public key algorithm used");
+ } else {
+ $algorithm = $algorithm[1];
+ }
+
+
+ if ($algorithm === "rsaEncryption")
+ {
+ if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text,
+ $keysize))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
+ "key size");
+ } else {
+ $keysize = intval($keysize[1]);
+ }
+
+ if ($keysize < 1024)
+ {
+ return sprintf(_("The keys that you use are very small ".
+ "and therefore insecure. Please generate stronger ".
+ "keys. More information about this issue can be ".
+ "found in %sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
+ "</a>");
+ } elseif ($keysize < 2048) {
+ // not critical but log so we have some statistics about
+ // affected users
+ trigger_error("checkWeakKeyText(): Certificate for small ".
+ "key (< 2048 bit) requested", E_USER_NOTICE);
+ }
+
+
+ $debianVuln = checkDebianVulnerability($text, $keysize);
+ if ($debianVuln === true)
+ {
+ return sprintf(_("The keys you use have very likely been ".
+ "generated with a vulnerable version of OpenSSL which ".
+ "was distributed by debian. Please generate new keys. ".
+ "More information about this issue can be found in ".
+ "%sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#DebianVulnerability'>",
+ "</a>");
+ } elseif ($debianVuln === false) {
+ // not vulnerable => do nothing
+ } else {
+ return failWithId("checkWeakKeyText(): Something went wrong in".
+ "checkDebianVulnerability()");
+ }
+
+ if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text,
+ $exponent))
+ {
+ return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
+ "exponent");
+ } else {
+ $exponent = $exponent[1]; // exponent might be very big =>
+ //handle as string using bc*()
+
+ if (bccomp($exponent, "3") === 0)
+ {
+ return sprintf(_("The keys you use might be insecure. ".
+ "Although there is currently no known attack for ".
+ "reasonable encryption schemes, we're being ".
+ "cautious and don't allow certificates for such ".
+ "keys. Please generate stronger keys. More ".
+ "information about this issue can be found in ".
+ "%sthe wiki%s"),
+ "<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>",
+ "</a>");
+ } elseif (!(bccomp($exponent, "65537") >= 0 &&
+ (bccomp($exponent, "100000") === -1 ||
+ // speed things up if way smaller than 2^256
+ bccomp($exponent, bcpow("2", "256")) === -1) )) {
+ // 65537 <= exponent < 2^256 recommended by NIST
+ // not critical but log so we have some statistics about
+ // affected users
+ trigger_error("checkWeakKeyText(): Certificate for ".
+ "unsuitable exponent '$exponent' requested",
+ E_USER_NOTICE);
+ }
+ }
+ }
+
+ /* No weakness found */
+ return "";
+ }
+
+ /**
+ * Reimplement the functionality of the openssl-vulnkey tool
+ *
+ * @param $text string
+ * The text representation of a key as output by the
+ * "openssl <foo> -text -noout" commands
+ * @param $keysize int [optional]
+ * If the key size is already known it can be provided so it doesn't
+ * have to be parsed again. This also skips the check whether the key
+ * is an RSA key => use wisely
+ * @return TRUE if key is vulnerable, FALSE otherwise, NULL in case of error
+ */
+ function checkDebianVulnerability($text, $keysize = 0)
+ {
+ $keysize = intval($keysize);
+
+ if ($keysize === 0)
+ {
+ /* Which public key algorithm? */
+ if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text,
+ $algorithm))
+ {
+ trigger_error("checkDebianVulnerability(): Couldn't extract ".
+ "the public key algorithm used", E_USER_WARNING);
+ return null;
+ } else {
+ $algorithm = $algorithm[1];
+ }
+
+ if ($algorithm !== "rsaEncryption") return false;
+
+ /* Extract public key size */
+ if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text,
+ $keysize))
+ {
+ trigger_error("checkDebianVulnerability(): Couldn't parse the ".
+ "RSA key size", E_USER_WARNING);
+ return null;
+ } else {
+ $keysize = intval($keysize[1]);
+ }
+ }
+
+ // $keysize has been made sure to contain an int
+ $blacklist = "/usr/share/openssl-blacklist/blacklist.RSA-$keysize";
+ if (!(is_file($blacklist) && is_readable($blacklist)))
+ {
+ if (in_array($keysize, array(512, 1024, 2048, 4096)))
+ {
+ trigger_error("checkDebianVulnerability(): Blacklist for ".
+ "$keysize bit keys not accessible. Expected at ".
+ "$blacklist", E_USER_ERROR);
+ return null;
+ }
+
+ trigger_error("checkDebianVulnerability(): $blacklist is not ".
+ "readable. Unsupported key size?", E_USER_WARNING);
+ return false;
+ }
+
+
+ /* Extract RSA modulus */
+ if (!preg_match('/^\s*Modulus \(\d+ bit\):\n'.
+ '((?:\s*[0-9a-f][0-9a-f]:(?:\n)?)+[0-9a-f][0-9a-f])$/m',
+ $text, $modulus))
+ {
+ trigger_error("checkDebianVulnerability(): Couldn't extract the ".
+ "RSA modulus", E_USER_WARNING);
+ return null;
+ } else {
+ $modulus = $modulus[1];
+ // strip whitespace and colon leftovers
+ $modulus = str_replace(array(" ", "\t", "\n", ":"), "", $modulus);
+
+ // when using "openssl xxx -text" first byte was 00 in all my test
+ // cases but 00 not present in the "openssl xxx -modulus" output
+ if ($modulus[0] === "0" && $modulus[1] === "0")
+ {
+ $modulus = substr($modulus, 2);
+ } else {
+ trigger_error("checkDebianVulnerability(): First byte is not ".
+ "zero", E_USER_NOTICE);
+ }
+
+ $modulus = strtoupper($modulus);
+ }
+
+
+ /* calculate checksum and look it up in the blacklist */
+ $checksum = substr(sha1("Modulus=$modulus\n"), 20);
+
+ // $checksum and $blacklist should be safe, but just to make sure
+ $checksum = escapeshellarg($checksum);
+ $blacklist = escapeshellarg($blacklist);
+ exec("grep $checksum $blacklist", $dummy, $debianVuln);
+ if ($debianVuln === 0) // grep returned something => it is on the list
+ {
+ return true;
+ } elseif ($debianVuln === 1) { // grep returned nothing
+ return false;
+ } else {
+ trigger_error("checkDebianVulnerability(): Something went wrong ".
+ "when looking up the key with checksum $checksum in the ".
+ "blacklist $blacklist", E_USER_ERROR);
+ return null;
+ }
+
+ // Should not get here
+ return null;
+ }
?>
diff --git a/includes/general.php b/includes/general.php
index 30b0f72..8481018 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -249,8 +249,7 @@
}
}
- function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
- {
+ function checkpwlight($pwd) {
$points = 0;
if(strlen($pwd) > 15)
@@ -280,7 +279,19 @@
$points++;
//echo "Points due to length and charset: $points<br/>";
+
+ // check for historical password proposal
+ if ($pwd === "Fr3d Sm|7h") {
+ return 0;
+ }
+
+ return $points;
+ }
+ function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
+ {
+ $points = checkpwlight($pwd);
+
if(@strstr(strtolower($pwd), strtolower($email)))
$points--;
@@ -674,12 +685,12 @@
$line = fgets($fp, 4096);
if(substr($line, 0, 3) != "250")
continue;
- fputs($fp, "MAIL FROM: <returns@cacert.org>\r\n");
+ fputs($fp, "MAIL FROM:<returns@cacert.org>\r\n");
$line = fgets($fp, 4096);
if(substr($line, 0, 3) != "250")
continue;
- fputs($fp, "RCPT TO: <$email>\r\n");
+ fputs($fp, "RCPT TO:<$email>\r\n");
$line = trim(fgets($fp, 4096));
fputs($fp, "QUIT\r\n");
fclose($fp);
@@ -908,10 +919,13 @@
if($newlayout)
{
$name="../$type/$kind/".intval($id/1000)."/$kind-".intval($id).".$type";
- mkdir("../csr/$kind",0777);
- mkdir("../crt/$kind",0777);
- mkdir("../csr/$kind/".intval($id/1000));
- mkdir("../crt/$kind/".intval($id/1000));
+ if (!is_dir("../csr")) { mkdir("../csr",0777); }
+ if (!is_dir("../crt")) { mkdir("../crt",0777); }
+
+ if (!is_dir("../csr/$kind")) { mkdir("../csr/$kind",0777); }
+ if (!is_dir("../crt/$kind")) { mkdir("../crt/$kind",0777); }
+ if (!is_dir("../csr/$kind/".intval($id/1000))) { mkdir("../csr/$kind/".intval($id/1000)); }
+ if (!is_dir("../crt/$kind/".intval($id/1000))) { mkdir("../crt/$kind/".intval($id/1000)); }
}
return $name;
}
diff --git a/includes/general_stuff.php b/includes/general_stuff.php
index 6747c84..088c39e 100644
--- a/includes/general_stuff.php
+++ b/includes/general_stuff.php
@@ -132,7 +132,7 @@ if(!function_exists("showfooter"))
<? include("sponsorinfo.php") ?>
<div id="siteInfo">
<a href="/index.php?id=12"><?=_("About Us")?></a> | <a href="/index.php?id=13"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
- <a href="/index.php?id=10"><?=_("Privacy Policy")?></a> |
+ <a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> |
<a href="/index.php?id=51"><?=_("Mission Statement")?></a> | <a href="/index.php?id=11"><?=_("Contact Us")?></a> |
&copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
</div>
diff --git a/includes/lib/general.php b/includes/lib/general.php
new file mode 100644
index 0000000..25d2561
--- /dev/null
+++ b/includes/lib/general.php
@@ -0,0 +1,50 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+/**
+ * Checks if the user may log in and retrieve the user id
+ *
+ * Usually called with $_SERVER['SSL_CLIENT_M_SERIAL'] and
+ * $_SERVER['SSL_CLIENT_I_DN_CN']
+ *
+ * @param $serial string
+ * usually $_SERVER['SSL_CLIENT_M_SERIAL']
+ * @param $issuer_cn string
+ * usually $_SERVER['SSL_CLIENT_I_DN_CN']
+ * @return int
+ * the user id, -1 in case of error
+ */
+function get_user_id_from_cert($serial, $issuer_cn)
+{
+ $query = "select `memid` from `emailcerts` where
+ `serial`='".mysql_escape_string($serial)."' and
+ `rootcert`= (select `id` from `root_certs` where
+ `Cert_Text`='".mysql_escape_string($issuer_cn)."') and
+ `revoked`=0 and disablelogin=0 and
+ UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ $row = mysql_fetch_assoc($res);
+ return intval($row['memid']);
+ }
+
+ return -1;
+}
+
+?>
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 355527f..bf6b455 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -16,6 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+ include_once("../includes/lib/general.php");
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
{
@@ -41,14 +42,11 @@
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
{
- $query = "select * from `emailcerts` where `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and `revoked`=0 and disablelogin=0 and
- UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
- $res = mysql_query($query);
+ $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
+ $_SERVER['SSL_CLIENT_I_DN_CN']);
- if(mysql_num_rows($res) > 0)
+ if($user_id >= 0)
{
- $row = mysql_fetch_assoc($res);
-
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
foreach($_SESSION as $key)
@@ -61,7 +59,8 @@
session_unregister($key);
}
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['memid']."'"));
+ $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
+ "select * from `users` where `id`='".$user_id."'"));
if($_SESSION['profile']['locked'] == 0)
$_SESSION['profile']['loggedin'] = 1;
else
@@ -131,13 +130,12 @@
$normalhost=$_SESSION['_config']['normalhostname'];
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
unset($_SESSION[$key]);
unset($$key);
session_unregister($key);
}
- unset($_SESSION);
header("location: https://".$normalhost."/index.php");
exit;
diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample
index 1f477e4..ff5cfc3 100644
--- a/includes/mysql.php.sample
+++ b/includes/mysql.php.sample
@@ -55,11 +55,11 @@
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "HELO www.cacert.org\r\n");
$InputBuffer = fgets($smtp, 1024);
- fputs($smtp, "MAIL FROM: <returns@cacert.org>\r\n");
+ fputs($smtp, "MAIL FROM:<returns@cacert.org>\r\n");
$InputBuffer = fgets($smtp, 1024);
$bits = explode(",", $to);
foreach($bits as $user)
- fputs($smtp, "RCPT TO: <".trim($user).">\r\n");
+ fputs($smtp, "RCPT TO:<".trim($user).">\r\n");
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "DATA\r\n");
$InputBuffer = fgets($smtp, 1024);
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
new file mode 100644
index 0000000..cc0e0eb
--- /dev/null
+++ b/includes/notary.inc.php
@@ -0,0 +1,605 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+ function query_init ($query)
+ {
+ return mysql_query($query);
+ }
+
+ function query_getnextrow ($res)
+ {
+ $row1 = mysql_fetch_assoc($res);
+ return $row1;
+ }
+
+ function query_get_number_of_rows ($resultset)
+ {
+ return intval(mysql_num_rows($resultset));
+ }
+
+ function get_number_of_assurances ($userid)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
+ $row = query_getnextrow($res);
+
+ return intval($row['list']);
+ }
+
+ function get_number_of_assurees ($userid)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
+ $row = query_getnextrow($res);
+
+ return intval($row['list']);
+ }
+
+ function get_top_assurer_position ($no_of_assurances)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting'
+ GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
+ return intval(query_get_number_of_rows($res)+1);
+ }
+
+ function get_top_assuree_position ($no_of_assurees)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting'
+ GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
+ return intval(query_get_number_of_rows($res)+1);
+ }
+
+ function get_given_assurances ($userid)
+ {
+ $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
+ return $res;
+ }
+
+ function get_received_assurances ($userid)
+ {
+ $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
+ return $res;
+ }
+
+ function get_given_assurances_summary ($userid)
+ {
+ $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
+ return $res;
+ }
+
+ function get_received_assurances_summary ($userid)
+ {
+ $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
+ return $res;
+ }
+
+ function get_user ($userid)
+ {
+ $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
+ return mysql_fetch_assoc($res);
+ }
+
+ function get_cats_state ($userid)
+ {
+
+ $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
+ WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
+ return mysql_num_rows($res);
+ }
+
+ function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked)
+ {
+ $apoints = max($row['points'],$row['awarded']);
+ $points += $apoints;
+ $experience = "&nbsp;";
+ $revoked = false; # to be coded later (after DB-upgrade)
+ if ($row['method'] == "Face to Face Meeting")
+ {
+ $sum_experience = $sum_experience +2;
+ $experience = "2";
+ }
+ return $apoints;
+ }
+
+ function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded,&$revoked)
+ {
+ $awarded = calc_points($row);
+ $revoked = false;
+
+ if ($awarded > 100)
+ {
+ $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
+ $awarded = 100;
+ }
+ else
+ $experience = 0;
+
+ switch ($row['method'])
+ {
+ case 'Thawte Points Transfer':
+ case 'CT Magazine - Germany':
+ case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
+ $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
+ $experience=0;
+ $revoked=true;
+ break;
+ default:
+ $points += $awarded;
+ }
+ $sumexperience = $sumexperience + $experience;
+ }
+
+
+ function show_user_link ($name,$userid)
+ {
+ $name = trim($name);
+ if($name == "")
+ {
+ if ($userid == 0)
+ $name = _("System");
+ else
+ $name = _("Deleted account");
+ }
+ else
+ $name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>".sanitizeHTML($name)."</a>";
+ return $name;
+ }
+
+ function show_email_link ($email,$userid)
+ {
+ $email = trim($email);
+ if($email != "")
+ $email = "<a href='account.php?id=43&amp;userid=".intval($userid)."'>".sanitizeHTML($email)."</a>";
+ return $email;
+ }
+
+ function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
+ {
+ $num_of_assurances = get_number_of_assurances (intval($userid));
+ $rank_of_assurer = get_top_assurer_position($num_of_assurances);
+ }
+
+ function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
+ {
+ $num_of_assurees = get_number_of_assurees (intval($userid));
+ $rank_of_assuree = get_top_assuree_position($num_of_assurees);
+ }
+
+
+// ************* html table definitions ******************
+
+ function output_ranking($userid)
+ {
+ get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
+ get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
+
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="title"><?=_("Assurer Ranking")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
+ </tr>
+</table>
+<br/>
+<?
+ }
+
+ function output_assurances_header($title,$support)
+ {
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+<?
+ if ($support == "1")
+ {
+?>
+ <td colspan="10" class="title"><?=$title?></td>
+<?
+ } else {
+?>
+ <td colspan="7" class="title"><?=$title?></td>
+<? }
+?>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("ID")?></strong></td>
+ <td class="DataTD"><strong><?=_("Date")?></strong></td>
+<?
+ if ($support == "1")
+ {
+?>
+ <td class="DataTD"><strong><?=_("When")?></strong></td>
+ <td class="DataTD"><strong><?=_("Email")?></strong></td>
+<? } ?>
+ <td class="DataTD"><strong><?=_("Who")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Location")?></strong></td>
+ <td class="DataTD"><strong><?=_("Method")?></strong></td>
+ <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
+<?
+ if ($support == "1")
+ {
+?>
+ <td class="DataTD"><strong><?=_("Revoke")?></strong></td>
+<?
+ }
+?>
+ </tr>
+<?
+ }
+
+ function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support)
+ {
+?>
+ <tr>
+ <td class="DataTD" colspan="5"><strong><?=$points_txt?>:</strong></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD">&nbsp;</td>
+ <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
+ <td class="DataTD"><?=$sumexperience?></td>
+<?
+ if ($support == "1")
+ {
+?>
+ <td class="DataTD">&nbsp;</td>
+<?
+ }
+?>
+
+ </tr>
+</table>
+<br/>
+<?
+ }
+
+ function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
+ {
+
+ $tdstyle="";
+ $emopen="";
+ $emclose="";
+
+ if ($awarded == $points)
+ {
+ if ($awarded == "0")
+ {
+ if ($when < "2006-09-01")
+ {
+ $tdstyle="style='background-color: #ffff80'";
+ $emopen="<em>";
+ $emclose="</em>";
+ }
+ }
+ }
+?>
+ <tr>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
+<?
+ if ($support == "1")
+ {
+?>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
+<? }
+?>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
+<?
+ if ($support == "1")
+ {
+ if ($revoked == true)
+ {
+?>
+ <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
+<? } else {
+?>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a><?=$emclose?></td>
+<?
+ }
+ }
+?>
+ </tr>
+<?
+ }
+
+ function output_summary_header()
+ {
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("Description")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Remark")?></strong></td>
+ </tr>
+<?
+ }
+
+ function output_summary_footer()
+ {
+?>
+</table>
+<br/>
+<?
+ }
+
+ function output_summary_row($title,$points,$points_countable,$remark)
+ {
+?>
+ <tr>
+ <td class="DataTD"><strong><?=$title?></strong></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD"><?=$points_countable?></td>
+ <td class="DataTD"><?=$remark?></td>
+ </tr>
+<?
+ }
+
+
+// ************* output given assurances ******************
+
+ function output_given_assurances_content($userid,&$points,&$sum_experience,$support)
+ {
+ $points = 0;
+ $sumexperience = 0;
+ $res = get_given_assurances(intval($userid));
+ while($row = mysql_fetch_assoc($res))
+ {
+ $fromuser = get_user (intval($row['to']));
+ $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
+ $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
+ $email = show_email_link ($fromuser['email'],intval($row['to']));
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ }
+ }
+
+// ************* output received assurances ******************
+
+ function output_received_assurances_content($userid,&$points,&$sum_experience,$support)
+ {
+ $points = 0;
+ $sumexperience = 0;
+ $res = get_received_assurances(intval($userid));
+ while($row = mysql_fetch_assoc($res))
+ {
+ $fromuser = get_user (intval($row['from']));
+ calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked);
+ $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
+ $email = show_email_link ($fromuser['email'],intval($row['from']));
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ }
+ }
+
+// ************* output summary table ******************
+
+ function check_date_limit ($userid,$age)
+ {
+ $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
+ $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
+ return intval(query_get_number_of_rows($res));
+ }
+
+ function calc_points($row)
+ {
+ $awarded = intval($row['awarded']);
+ if ($awarded == "")
+ $awarded = 0;
+ if (intval($row['points']) < $awarded)
+ $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value
+ else
+ $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value
+ switch ($row['method'])
+ {
+ case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
+ case 'CT Magazine - Germany': // revoke c't (only one test-entry)
+ case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
+ $points = 0;
+ break;
+ case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
+ if ($points <= 2) // maybe limit to 35/50 pts in the future?
+ $points = 0;
+ break;
+ case 'Unknown': // to be revoked in the future? limit to max 50 pts?
+ case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
+ case '': // to be revoked in the future? limit to max 50 pts?
+ case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
+ break;
+ default: // should never happen ... ;-)
+ $points = 0;
+ }
+ if ($points < 0) // ignore negative points (bug needs to be fixed)
+ $points = 0;
+ return $points;
+ }
+
+ function max_points($userid)
+ {
+ return output_summary_content ($userid,0);
+ }
+
+ function output_summary_content($userid,$display_output)
+ {
+ $sum_points = 0;
+ $sum_experience = 0;
+ $sum_experience_other = 0;
+ $max_points = 100;
+ $max_experience = 50;
+
+ $experience_limit_reached_txt = _("Limit reached");
+
+ if (check_date_limit($userid,18) != 1)
+ {
+ $max_experience = 10;
+ $experience_limit_reached_txt = _("Limit given by PoJAM reached");
+ }
+ if (check_date_limit($userid,14) != 1)
+ {
+ $max_experience = 0;
+ $experience_limit_reached_txt = _("Limit given by PoJAM reached");
+ }
+
+ $res = get_received_assurances_summary($userid);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $points = calc_points ($row);
+
+ if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
+ {
+ $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
+ $points = $max_points;
+ }
+ $sum_points += $points*intval($row['number']);
+ }
+
+ $res = get_given_assurances_summary($userid);
+ while($row = mysql_fetch_assoc($res))
+ {
+ switch ($row['method'])
+ {
+ case 'Face to Face Meeting': // count Face to Face only
+ $sum_experience += 2*intval($row['number']);
+ break;
+ }
+
+ }
+
+ if ($sum_points > $max_points)
+ {
+ $sum_points_countable = $max_points;
+ $remark_points = _("Limit reached");
+ }
+ else
+ {
+ $sum_points_countable = $sum_points;
+ $remark_points = "&nbsp;";
+ }
+ if ($sum_experience > $max_experience)
+ {
+ $sum_experience_countable = $max_experience;
+ $remark_experience = $experience_limit_reached_txt;
+ }
+ else
+ {
+ $sum_experience_countable = $sum_experience;
+ $remark_experience = "&nbsp;";
+ }
+
+ if ($sum_experience_countable + $sum_experience_other > $max_experience)
+ {
+ $sum_experience_other_countable = $max_experience-$sum_experience_countable;
+ $remark_experience_other = $experience_limit_reached_txt;
+ }
+ else
+ {
+ $sum_experience_other_countable = $sum_experience_other;
+ $remark_experience_other = "&nbsp;";
+ }
+
+ if ($sum_points_countable < $max_points)
+ {
+ if ($sum_experience_countable != 0)
+ $remark_experience = _("Points on hold due to less assurance points");
+ $sum_experience_countable = 0;
+ if ($sum_experience_other_countable != 0)
+ $remark_experience_other = _("Points on hold due to less assurance points");
+ $sum_experience_other_countable = 0;
+ }
+
+ $issue_points = 0;
+ $cats_test_passed = get_cats_state ($userid);
+ if ($cats_test_passed == 0)
+ {
+ $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
+ if ($sum_points_countable < $max_points)
+ {
+ $issue_points_txt = "<strong style='color: red'>";
+ $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
+ $issue_points_txt .= "</strong>";
+ }
+ }
+ else
+ {
+ $experience_total = $sum_experience_countable+$sum_experience_other_countable;
+ $issue_points_txt = "";
+ if ($sum_points_countable == $max_points)
+ $issue_points = 10;
+ if ($experience_total >= 10)
+ $issue_points = 15;
+ if ($experience_total >= 20)
+ $issue_points = 20;
+ if ($experience_total >= 30)
+ $issue_points = 25;
+ if ($experience_total >= 40)
+ $issue_points = 30;
+ if ($experience_total >= 50)
+ $issue_points = 35;
+ if ($issue_points != 0)
+ $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
+ }
+ if ($display_output)
+ {
+ output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
+ output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
+ output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
+ output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
+ }
+ return $issue_points;
+ }
+
+ function output_given_assurances($userid,$support)
+ {
+ output_assurances_header(_("Assurance Points You Issued"),$support);
+ output_given_assurances_content($userid,$points,$sum_experience,$support);
+ output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support);
+ }
+
+ function output_received_assurances($userid,$support)
+ {
+ output_assurances_header(_("Your Assurance Points"),$support);
+ output_received_assurances_content($userid,$points,$sum_experience,$support);
+ output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience,$support);
+ }
+
+ function output_summary($userid)
+ {
+ output_summary_header();
+ output_summary_content($userid,1);
+ output_summary_footer();
+ }
+
+ function output_end_of_page()
+ {
+?>
+ <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
+<?
+ }
+?>
diff --git a/includes/wot.inc.php b/includes/wot.inc.php
new file mode 100644
index 0000000..884b97f
--- /dev/null
+++ b/includes/wot.inc.php
@@ -0,0 +1,539 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+ function query_init ($query)
+ {
+ return mysql_query($query);
+ }
+
+ function query_getnextrow ($res)
+ {
+ $row1 = mysql_fetch_assoc($res);
+ return $row1;
+ }
+
+ function query_get_number_of_rows ($resultset)
+ {
+ return intval(mysql_num_rows($resultset));
+ }
+
+ function get_number_of_assurances ($userid)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
+ $row = query_getnextrow($res);
+
+ return intval($row['list']);
+ }
+
+ function get_number_of_assurees ($userid)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
+ $row = query_getnextrow($res);
+
+ return intval($row['list']);
+ }
+
+ function get_top_assurer_position ($no_of_assurances)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting'
+ GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
+ return intval(query_get_number_of_rows($res)+1);
+ }
+
+ function get_top_assuree_position ($no_of_assurees)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting'
+ GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
+ return intval(query_get_number_of_rows($res)+1);
+ }
+
+ function get_given_assurances ($userid)
+ {
+ $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
+ return $res;
+ }
+
+ function get_received_assurances ($userid)
+ {
+ $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
+ return $res;
+ }
+
+ function get_given_assurances_summary ($userid)
+ {
+ $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
+ return $res;
+ }
+
+ function get_received_assurances_summary ($userid)
+ {
+ $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
+ return $res;
+ }
+
+ function get_user ($userid)
+ {
+ $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
+ return mysql_fetch_assoc($res);
+ }
+
+ function get_cats_state ($userid)
+ {
+
+ $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
+ WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
+ return mysql_num_rows($res);
+ }
+
+ function calc_experience ($row,&$points,&$experience,&$sum_experience)
+ {
+ $apoints = max($row['points'], $row['awarded']);
+
+ $points += $apoints;
+
+ $experience = "&nbsp;";
+ if ($row['method'] == "Face to Face Meeting")
+ {
+ $sum_experience = $sum_experience +2;
+ $experience = "2";
+ }
+ return $apoints;
+ }
+
+ function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded)
+ {
+ $awarded = calc_points($row);
+
+ if ($awarded > 100)
+ {
+ $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
+ $awarded = 100;
+ }
+ else
+ $experience = 0;
+
+ switch ($row['method'])
+ {
+ case 'Thawte Points Transfer':
+ case 'CT Magazine - Germany':
+ case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
+ $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
+ $experience=0;
+ break;
+ default:
+ $points += $awarded;
+ }
+ $sumexperience = $sumexperience + $experience;
+ }
+
+
+ function show_user_link ($name,$userid)
+ {
+ $name = trim($name);
+ if($name == "")
+ {
+ if ($userid == 0)
+ $name = _("System");
+ else
+ $name = _("Deleted account");
+ }
+ else
+ $name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>$name</a>";
+ return $name;
+ }
+
+ function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
+ {
+ $num_of_assurances = get_number_of_assurances (intval($userid));
+ $rank_of_assurer = get_top_assurer_position($num_of_assurances);
+ }
+
+ function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
+ {
+ $num_of_assurees = get_number_of_assurees (intval($userid));
+ $rank_of_assuree = get_top_assuree_position($num_of_assurees);
+ }
+
+
+// ************* html table definitions ******************
+
+ function output_ranking($userid)
+ {
+ get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
+ get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
+
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="title"><?=_("Assurer Ranking")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
+ </tr>
+</table>
+<br/>
+<?
+ }
+
+ function output_assurances_header($title)
+ {
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="7" class="title"><?=$title?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("ID")?></strong></td>
+ <td class="DataTD"><strong><?=_("Date")?></strong></td>
+ <td class="DataTD"><strong><?=_("Who")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Location")?></strong></td>
+ <td class="DataTD"><strong><?=_("Method")?></strong></td>
+ <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
+ </tr>
+<?
+ }
+
+ function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience)
+ {
+?>
+ <tr>
+ <td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD">&nbsp;</td>
+ <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
+ <td class="DataTD"><?=$sumexperience?></td>
+ </tr>
+</table>
+<br/>
+<?
+ }
+
+ function output_assurances_row($assuranceid,$date,$when,$name,$awarded,$points,$location,$method,$experience)
+ {
+
+ $tdstyle="";
+ $emopen="";
+ $emclose="";
+
+ if ($awarded == $points)
+ {
+ if ($awarded == "0")
+ {
+ if ($when < "2006-09-01")
+ {
+ $tdstyle="style='background-color: #ffff80'";
+ $emopen="<em>";
+ $emclose="</em>";
+ }
+ }
+ }
+
+?>
+ <tr>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
+ </tr>
+<?
+ }
+
+ function output_summary_header()
+ {
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("Description")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Remark")?></strong></td>
+ </tr>
+<?
+ }
+
+ function output_summary_footer()
+ {
+?>
+</table>
+<br/>
+<?
+ }
+
+ function output_summary_row($title,$points,$points_countable,$remark)
+ {
+?>
+ <tr>
+ <td class="DataTD"><strong><?=$title?></strong></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD"><?=$points_countable?></td>
+ <td class="DataTD"><?=$remark?></td>
+ </tr>
+<?
+ }
+
+
+// ************* output given assurances ******************
+
+ function output_given_assurances_content($userid,&$points,&$sum_experience)
+ {
+ $points = 0;
+ $sumexperience = 0;
+ $res = get_given_assurances(intval($userid));
+ while($row = mysql_fetch_assoc($res))
+ {
+ $fromuser = get_user (intval($row['to']));
+ $apoints = calc_experience ($row,$points,$experience,$sum_experience);
+ $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
+ }
+ }
+
+// ************* output received assurances ******************
+
+ function output_received_assurances_content($userid,&$points,&$sum_experience)
+ {
+ $points = 0;
+ $sumexperience = 0;
+ $res = get_received_assurances(intval($userid));
+ while($row = mysql_fetch_assoc($res))
+ {
+ $fromuser = get_user (intval($row['from']));
+ calc_assurances ($row,$points,$experience,$sum_experience,$awarded);
+ $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
+ }
+ }
+
+// ************* output summary table ******************
+
+ function check_date_limit ($userid,$age)
+ {
+ $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
+ $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
+ return intval(query_get_number_of_rows($res));
+ }
+
+ function calc_points($row)
+ {
+ $awarded = intval($row['awarded']);
+ if ($awarded == "")
+ $awarded = 0;
+ if (intval($row['points']) < $awarded)
+ $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value
+ else
+ $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value
+ switch ($row['method'])
+ {
+ case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
+ case 'CT Magazine - Germany': // revoke c't (only one test-entry)
+ case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
+ $points = 0;
+ break;
+ case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
+ if ($points <= 2) // maybe limit to 35/50 pts in the future?
+ $points = 0;
+ break;
+ case 'Unknown': // to be revoked in the future? limit to max 50 pts?
+ case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
+ case '': // to be revoked in the future? limit to max 50 pts?
+ case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
+ break;
+ default: // should never happen ... ;-)
+ $points = 0;
+ }
+ if ($points < 0) // ignore negative points (bug needs to be fixed)
+ $points = 0;
+ return $points;
+ }
+
+ function max_points($userid)
+ {
+ return output_summary_content ($userid,0);
+ }
+
+ function output_summary_content($userid,$display_output)
+ {
+ $sum_points = 0;
+ $sum_experience = 0;
+ $sum_experience_other = 0;
+ $max_points = 100;
+ $max_experience = 50;
+
+ $experience_limit_reached_txt = _("Limit reached");
+
+ if (check_date_limit($userid,18) != 1)
+ {
+ $max_experience = 10;
+ $experience_limit_reached_txt = _("Limit given by PoJAM reached");
+ }
+ if (check_date_limit($userid,14) != 1)
+ {
+ $max_experience = 0;
+ $experience_limit_reached_txt = _("Limit given by PoJAM reached");
+ }
+
+ $res = get_received_assurances_summary($userid);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $points = calc_points ($row);
+
+ if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
+ {
+ $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
+ $points = $max_points;
+ }
+ $sum_points += $points*intval($row['number']);
+ }
+
+ $res = get_given_assurances_summary($userid);
+ while($row = mysql_fetch_assoc($res))
+ {
+ switch ($row['method'])
+ {
+ case 'Face to Face Meeting': // count Face to Face only
+ $sum_experience += 2*intval($row['number']);
+ break;
+ }
+
+ }
+
+ if ($sum_points > $max_points)
+ {
+ $sum_points_countable = $max_points;
+ $remark_points = _("Limit reached");
+ }
+ else
+ {
+ $sum_points_countable = $sum_points;
+ $remark_points = "&nbsp;";
+ }
+ if ($sum_experience > $max_experience)
+ {
+ $sum_experience_countable = $max_experience;
+ $remark_experience = $experience_limit_reached_txt;
+ }
+ else
+ {
+ $sum_experience_countable = $sum_experience;
+ $remark_experience = "&nbsp;";
+ }
+
+ if ($sum_experience_countable + $sum_experience_other > $max_experience)
+ {
+ $sum_experience_other_countable = $max_experience-$sum_experience_countable;
+ $remark_experience_other = $experience_limit_reached_txt;
+ }
+ else
+ {
+ $sum_experience_other_countable = $sum_experience_other;
+ $remark_experience_other = "&nbsp;";
+ }
+
+ if ($sum_points_countable < $max_points)
+ {
+ if ($sum_experience_countable != 0)
+ $remark_experience = _("Points on hold due to less assurance points");
+ $sum_experience_countable = 0;
+ if ($sum_experience_other_countable != 0)
+ $remark_experience_other = _("Points on hold due to less assurance points");
+ $sum_experience_other_countable = 0;
+ }
+
+ $issue_points = 0;
+ $cats_test_passed = get_cats_state ($userid);
+ if ($cats_test_passed == 0)
+ {
+ $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
+ if ($sum_points_countable < $max_points)
+ {
+ $issue_points_txt = "<strong style='color: red'>";
+ $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
+ $issue_points_txt .= "</strong>";
+ }
+ }
+ else
+ {
+ $experience_total = $sum_experience_countable+$sum_experience_other_countable;
+ $issue_points_txt = "";
+ if ($sum_points_countable == $max_points)
+ $issue_points = 10;
+ if ($experience_total >= 10)
+ $issue_points = 15;
+ if ($experience_total >= 20)
+ $issue_points = 20;
+ if ($experience_total >= 30)
+ $issue_points = 25;
+ if ($experience_total >= 40)
+ $issue_points = 30;
+ if ($experience_total >= 50)
+ $issue_points = 35;
+ if ($issue_points != 0)
+ $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
+ }
+ if ($display_output)
+ {
+ output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
+ output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
+ output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
+ output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
+ }
+ return $issue_points;
+ }
+
+ function output_given_assurances($userid)
+ {
+ output_assurances_header(_("Assurance Points You Issued"));
+ output_given_assurances_content($userid,$points,$sum_experience);
+ output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience);
+ }
+
+ function output_received_assurances($userid)
+ {
+ output_assurances_header(_("Your Assurance Points"));
+ output_received_assurances_content($userid,$points,$sum_experience);
+ output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience);
+ }
+
+ function output_summary($userid)
+ {
+ output_summary_header();
+ output_summary_content($userid,1);
+ output_summary_footer();
+ }
+
+ function output_end_of_page()
+ {
+?>
+ <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
+<?
+ }
+?>
diff --git a/pages/account/12.php b/pages/account/12.php
index 40135be..44926ca 100644
--- a/pages/account/12.php
+++ b/pages/account/12.php
@@ -19,12 +19,13 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
</tr>
@@ -33,7 +34,7 @@
UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
`domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
- UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`id` as `id`
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`
from `domaincerts`,`domains`
where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` ";
if($viewall != 1)
@@ -48,7 +49,7 @@
{
?>
<tr>
- <td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td>
+ <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -74,12 +75,13 @@
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
+ <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
</tr>
<? } ?>
diff --git a/pages/account/14.php b/pages/account/14.php
index 342ab46..29aeb21 100644
--- a/pages/account/14.php
+++ b/pages/account/14.php
@@ -15,6 +15,16 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
+<?
+ if (intval($_REQUEST['force']) === 1)
+{
+?>
+
+<p style="border:dotted 1px #900;padding:0.3em;bold;color:#ffffff;background-color:#ff0000;"><strong><center>
+<?=_("For your own security you should change your pass phrase immediately!"); ?></center></strong>
+</p>
+<?}?>
+
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
diff --git a/pages/account/16.php b/pages/account/16.php
index 3e582e3..514ecfd 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -57,7 +57,7 @@
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Another Email")?>">
+ <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>">
<input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
diff --git a/pages/account/18.php b/pages/account/18.php
index 5ee1a3b..13dcc30 100644
--- a/pages/account/18.php
+++ b/pages/account/18.php
@@ -19,36 +19,38 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="5" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<?
- $query = "select UNIX_TIMESTAMP(`created`) as `created`,
- UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
- UNIX_TIMESTAMP(`expire`) as `expired`,
- `expire` as `expires`, `revoked` as `revoke`,
- UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `id`
- from `orgemailcerts`, `org`
- where `memid`='".intval($_SESSION['profile']['id'])."' and
- `org`.`orgid`=`orgemailcerts`.`orgid` ";
+ $query = "select UNIX_TIMESTAMP(`oemail`.`created`) as `created`,
+ UNIX_TIMESTAMP(`oemail`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
+ `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
+ `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`
+ from `orgemailcerts` as `oemail`, `org`
+ where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
+ `org`.`orgid`=`oemail`.`orgid` ";
if($viewall != 1)
{
- $query .= "AND `revoked`=0 AND `renewed`=0 ";
+ $query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 ";
$query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
}
- $query .= "ORDER BY `modified` desc";
+ $query .= "ORDER BY `oemail`.`modified` desc";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
?>
<tr>
- <td colspan="5" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+ <td colspan="6" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -78,12 +80,13 @@
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
<? } ?>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
+ <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
</tr>
<? } ?>
diff --git a/pages/account/22.php b/pages/account/22.php
index 565cb5f..9df8200 100644..100755
--- a/pages/account/22.php
+++ b/pages/account/22.php
@@ -19,12 +19,13 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
@@ -33,7 +34,9 @@
UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`,
`orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
- UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`id` as `id`
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
+ `orgdomaincerts`.`serial`,
+ `orgdomaincerts`.`id` as `id`
from `orgdomaincerts`,`org`
where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
if($viewall != 1)
@@ -48,7 +51,7 @@
{
?>
<tr>
- <td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td>
+ <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -74,12 +77,13 @@
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
</tr>
<? } ?>
<tr>
- <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
+ <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
</tr>
<? } ?>
diff --git a/pages/account/25.php b/pages/account/25.php
index ab0e6b2..a70f608 100644..100755
--- a/pages/account/25.php
+++ b/pages/account/25.php
@@ -19,6 +19,15 @@
<tr>
<td colspan="5" class="title"><?=_("Organisations")?></td>
</tr>
+
+<tr>
+ <td colspan="5" class="title"><?=_("Order by:")?>
+ <a href="account.php?id=25"><?=_("Id")?></a> -
+ <a href="account.php?id=25&amp;ord=1"><?=_("Country")?></a> -
+ <a href="account.php?id=25&amp;ord=2"><?=_("Name")?></a>
+ </td>
+</tr>
+
<tr>
<td class="DataTD" width="350"><?=_("Organisation")?></td>
<td class="DataTD"><?=_("Domains")?></td>
@@ -27,7 +36,24 @@
<td class="DataTD"><?=_("Delete")?></td>
</tr>
<?
- $query = "select * from `orginfo` ORDER BY `id`";
+ $order = 0;
+ if (array_key_exists('ord',$_REQUEST)) {
+ $order = intval($_REQUEST['ord']);
+ }
+
+ $order_by = "`id`";
+ switch ($order) {
+ case 1:
+ $order_by = "`C`,`O`";
+ break;
+ case 2:
+ $order_by = "`O`";
+ break;
+ // the 0 and default case are handled by the preset
+ }
+
+ // Safe because $order_by only contains fixed strings
+ $query = sprintf("select * from `orginfo` ORDER BY %s", $order_by);
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
diff --git a/pages/account/30.php b/pages/account/30.php
index 30c86f3..33eeca8 100644
--- a/pages/account/30.php
+++ b/pages/account/30.php
@@ -34,7 +34,7 @@
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this domain?"), sanitizeHTML($row['domain'])); ?></td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">
+ <td class="DataTD" colspan="2"><input type="submit" name="cancel" value="<?=_("Cancel")?>">
<input type="submit" name="process" value="<?=_("Delete")?>"></td>
</tr>
</table>
diff --git a/pages/account/31.php b/pages/account/31.php
index d91a77a..9f3d27e 100644
--- a/pages/account/31.php
+++ b/pages/account/31.php
@@ -29,7 +29,7 @@
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this organisation?"), sanitizeHTML($org['O'])); ?></td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">
+ <td class="DataTD" colspan="2"><input type="submit" name="cancel" value="<?=_("Cancel")?>">
<input type="submit" name="process" value="<?=_("Delete")?>"></td>
</tr>
</table>
diff --git a/pages/account/34.php b/pages/account/34.php
index 25ad1db..b11bc7d 100644
--- a/pages/account/34.php
+++ b/pages/account/34.php
@@ -35,7 +35,7 @@
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s from administering this organisation?"), sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])); ?></td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">
+ <td class="DataTD" colspan="2"><input type="submit" name="cancel" value="<?=_("Cancel")?>">
<input type="submit" name="process" value="<?=_("Delete")?>"></td>
</tr>
</table>
diff --git a/pages/account/39.php b/pages/account/39.php
index f89187d..9e09bb8 100755..100644
--- a/pages/account/39.php
+++ b/pages/account/39.php
@@ -15,76 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<h3><?=_("Privacy Policy")?></h3>
-
-<p>
-<?=_("This policy discloses what information we gather about you when you visit any of our Web site, and when you issue or use our certificates. It describes how we use that information and how you can control it.")?>
-</p>
-
-<h4>1. <?=_("Website information")?></h4>
-<p>
-<?=_("We collect two kinds of information about website users: 1) data that users volunteer by signing up to our website or when you send us an email via our contact form; and 2) aggregated tracking data we collect when users interact with our site.")?>
-</p>
-
-<h4>2. <?=_("Personal information")?></h4>
-<p>
-<?=_("When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address, date of birth and some lost pass phrase question and answers.")?>
-</p>
-<p>
-<?=_("We only share your information with any other organisation when so instructed by a CAcert arbitrator.")?>
-</p>
-
-<h4>3. <?=_("Aggregated tracking information")?></h4>
-<p>
-<?=_("We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user.")?>
-</p>
-
-<h4>4. <?=_("Cookies")?></h4>
-<p>
-<?=_("Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them.")?>
-</p>
-<p>
-<?=_("We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer.")?>
-</p>
-
-<h4>5. <?=_("Notification of changes")?></h4>
-<p>
-<?=_("If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information.")?>
-</p>
-
-<h4>6. <?=_("How to update, correct, or delete your information")?></h4>
-<p>
-<?=_("You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link")?>
-</p>
-
-<h4>7. <?=_("Privacy of certificates")?></h4>
-<p>
-<?=_("CAcert does not automatically publish the certificates through a directory service or the website to other people than the user who requested the certificate. In the future, the user might be able to opt-in for publication of the certificates through a directory server by CAcert.")?>
-</p>
-
-<h4>8. <?=_("Privacy of user data")?></h4>
-<p>
-<?=_("CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address. No other person related data is published by CAcert.")?>
-</p>
-
-<h4>9. <?=_("Exceptions")?></h4>
-<p>
-<?=_("A CAcert arbitrator may override this policy in a dispute.")?>
-<?=_("To obtain access to confidential data, a dispute has to be filed.")?>
-</p>
-
-<h4>10. <?=_("Legal mandates")?></h4>
-<p>
-<?=_("CAcert adopts the Australian privacy regulations.")?>
-<?=_("Please see <a href='http://www.privacy.gov.au/'>http://www.privacy.gov.au/</a> for further details.")?>
-<?=_("Governmental warrants and civil supoenas will be processed through the dispute resolution system, which ensures that valid authority is given to whoever complies with the supoena or the warrant.")?>
-</p>
-
-
-<p><?=_("If you need to contact us in writing, address your mail to:")?></p>
-<p>
-CAcert Inc.<br>
-P.O. Box 4107<br>
-Denistone East NSW 2112<br>
-Australia
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_('This page has been moved to the %spolicy directory%s. Please update '.
+ 'your bookmarks and report any broken links.'),
+ '<a href="/policy/PrivacyPolicy.html">', '</a>');
+?>
</p>
diff --git a/pages/account/40.php b/pages/account/40.php
index 1b76f9c..8391903 100755
--- a/pages/account/40.php
+++ b/pages/account/40.php
@@ -23,7 +23,7 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
<p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be over looked, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a reply quicker.")?></b></p>
<p><b><?=_("If you are contacting us about advertising, please use the form at the bottom of the website, the first contact form is not the correct place.")?></b></p>
<p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p>
-<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="http://www.CAcert.org/help.php"><?=_("Go here for more details.")?></a></p>
+<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="//wiki.cacert.org/HELP/"><?=_("Go here for more details.")?></a></p>
<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
<p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
diff --git a/pages/account/43.php b/pages/account/43.php
index a286ec6..f058770 100644..100755
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -16,6 +16,9 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
+include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+
+
if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
{
$assurance = mysql_escape_string(intval($_REQUEST['assurance']));
@@ -38,14 +41,26 @@
//if(!strstr($email, "%"))
// $emailsearch = "%$email%";
- if(intval($email) > 0)
- $emailsearch = "";
-
- $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
- where `users`.`id`=`email`.`memid` and
- (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
- `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
- group by `users`.`id` limit 100";
+ // bug-975 ted+uli changes --- begin
+ if(preg_match("/^[0-9]+$/", $email)) {
+ // $email consists of digits only ==> search for IDs
+ // Be defensive here (outer join) if primary mail is not listed in email table
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email`
+ from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
+ where (`email`.`id`='$email' or `users`.`id`='$email')
+ and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
+ } else {
+ // $email contains non-digits ==> search for mail addresses
+ // Be defensive here (outer join) if primary mail is not listed in email table
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email`
+ from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
+ where (`email`.`email` like '$emailsearch'
+ or `users`.`email` like '$emailsearch')
+ and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
+ }
+ // bug-975 ted+uli changes --- end
$res = mysql_query($query);
if(mysql_num_rows($res) > 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@@ -138,7 +153,7 @@
{
echo "<option";
if($day == $i)
- echo " selected='selected'";
+ echo " selected='selected'";
echo ">$i</option>";
}
?>
@@ -178,7 +193,7 @@
<td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
</tr>
<tr>
- <td class="DataTD"><?=_("Org Admin")?>:</td>
+ <td class="DataTD"><?=_("Org Assurer")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
</tr>
<tr>
@@ -317,16 +332,178 @@
</table>
<br>
<? } ?>
+<? // Begin - Debug infos ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Account State")?></td>
+ </tr>
-<?
- if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
+<?
+ // --- bug-975 begin ---
+ // potential db inconsistency like in a20110804.1
+ // Admin console -> don't list user account
+ // User login -> impossible
+ // Assurer, assure someone -> user displayed
+ /* regular user account search with regular settings
+
+ --- Admin Console find user query
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
+ where `users`.`id`=`email`.`memid` and
+ (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
+ `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
+ => requirements
+ 1. email.hash = ''
+ 2. email.deleted = 0
+ 3. users.deleted = 0
+ 4. email.email = primary-email (???) or'd
+ not covered by admin console find user routine, but may block users login
+ 5. users.verified = 0|1
+ further "special settings"
+ 6. users.locked (setting displayed in display form)
+ 7. users.assurer_blocked (setting displayed in display form)
+
+ --- User login user query
+ select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
+ `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
+ => requirements
+ 1. users.verified = 1
+ 2. users.deleted = 0
+ 3. users.locked = 0
+ 4. users.email = primary-email
+
+ --- Assurer, assure someone find user query
+ select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
+ and `deleted`=0
+ => requirements
+ 1. users.deleted = 0
+ 2. users.email = primary-email
+ Admin User Assurer
+ bit Console Login assure someone
+
+ 1. email.hash = '' Yes No No
+ 2. email.deleted = 0 Yes No No
+ 3. users.deleted = 0 Yes Yes Yes
+ 4. users.verified = 1 No Yes No
+ 5. users.locked = 0 No Yes No
+ 6. users.email = prim-email No Yes Yes
+ 7. email.email = prim-email Yes No No
+
+ full usable account needs all 7 requirements fulfilled
+ so if one setting isn't set/cleared there is an inconsistency either way
+ if eg email.email is not avail, admin console cannot open user info
+ but user can login and assurer can display user info
+ if user verified is not set to 1, admin console displays user record
+ but user cannot login, but assurer can search for the user and the data displays
+
+ consistency check:
+ 1. search primary-email in users.email
+ 2. search primary-email in email.email
+ 3. userid = email.memid
+ 4. check settings from table 1. - 5.
+
+ */
+
+ $inconsistency = 0;
+ $inconsistencydisp = "";
+ $inccause = "";
+ // current userid intval($row['id'])
+ $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
+ from `users` where `id`='".intval($row['id'])."' ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $uemail = $drow['uemail'];
+ $udeleted = $drow['udeleted'];
+ $uverified = $drow['verified'];
+ $ulocked = $drow['locked'];
+
+ $query = "select `hash`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."' and
+ `deleted` = 0";
+ $dres = mysql_query($query);
+ if ($drow = mysql_fetch_assoc($dres)) {
+ $drow['edeleted'] = 0;
+ } else {
+ // try if there are deleted entries
+ $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."'";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ }
+
+ if ($drow) {
+ $eemail = $drow['eemail'];
+ $edeleted = $drow['edeleted'];
+ $ehash = $drow['hash'];
+ if ($udeleted!=0) {
+ $inconsistency += 1;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
+ }
+ if ($uverified!=1) {
+ $inconsistency += 2;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
+ }
+ if ($ulocked!=0) {
+ $inconsistency += 4;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
+ }
+ if ($edeleted!=0) {
+ $inconsistency += 8;
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
+ }
+ if ($ehash!='') {
+ $inconsistency += 16;
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
+ }
+ } else {
+ $inconsistency = 32;
+ $inccause = _("Prim. email, Email record doesn't exist");
+ }
+ if ($inconsistency>0) {
+ // $inconsistencydisp = _("Yes");
?>
+ <tr>
+ <td class="DataTD"><?=_("Account inconsistency")?>:</td>
+ <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="DataTD" style="max-width: 75ex">
+ <?=_("Account inconsistency can cause problems in daily account ".
+ "operations and needs to be fixed manually through arbitration/critical ".
+ "team.")?>
+ </td>
+ </tr>
+<? }
+
+ // --- bug-975 end ---
+?>
+</table>
+<br>
+<?
+ // End - Debug infos
+?>
+
+<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
+<br />
+<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
+<br />
+
+<?
+// if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
+function showassuredto()
+{
+?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="7" class="title"><?=_("Assurance Points")?></td>
+ <td colspan="8" class="title"><?=_("Assurance Points")?></td>
</tr>
<tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
<td class="DataTD"><b><?=_("Date")?></b></td>
<td class="DataTD"><b><?=_("Who")?></b></td>
<td class="DataTD"><b><?=_("Email")?></b></td>
@@ -336,7 +513,7 @@
<td class="DataTD"><b><?=_("Revoke")?></b></td>
</tr>
<?
- $query = "select * from `notary` where `to`='".intval($row['id'])."'";
+ $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'";
$dres = mysql_query($query);
$points = 0;
while($drow = mysql_fetch_assoc($dres))
@@ -345,9 +522,10 @@
$points += $drow['points'];
?>
<tr>
+ <td class="DataTD"><?=$drow['id']?></td>
<td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
<td class="DataTD"><?=intval($drow['points'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
@@ -360,20 +538,18 @@
<td class="DataTD" colspan="3">&nbsp;</td>
</tr>
</table>
-<? } else { ?>
- <tr>
- <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;assuredto=yes"><?=_("Show Assurances the user got")?></a></td>
- </tr>
<? } ?>
-<br>
+
<?
- if(array_key_exists('assuredby',$_GET) && $_GET['assuredby'] == "yes") {
+function showassuredby()
+{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="7" class="title"><?=_("Assurance Points The User Issued")?></td>
+ <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
</tr>
<tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
<td class="DataTD"><b><?=_("Date")?></b></td>
<td class="DataTD"><b><?=_("Who")?></b></td>
<td class="DataTD"><b><?=_("Email")?></b></td>
@@ -383,7 +559,7 @@
<td class="DataTD"><b><?=_("Revoke")?></b></td>
</tr>
<?
- $query = "select * from `notary` where `from`='".$row['id']."' and `to`!='".$row['id']."'";
+ $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'";
$dres = mysql_query($query);
$points = 0;
while($drow = mysql_fetch_assoc($dres))
@@ -392,6 +568,7 @@
$points += $drow['points'];
?>
<tr>
+ <td class="DataTD"><?=$drow['id']?></td>
<td class="DataTD"><?=$drow['date']?></td>
<td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
@@ -407,11 +584,21 @@
<td class="DataTD" colspan="3">&nbsp;</td>
</tr>
</table>
-<? } else { ?>
- <tr>
- <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;assuredby=yes"><?=_("Show Assurances the user gave")?></a></td>
- </tr>
<? } ?>
<br><br>
-<? } } ?>
+<? } }
+switch ($_GET['shownotary'])
+ {
+ case 'assuredto': showassuredto();
+ break;
+ case 'assuredby': showassuredby();
+ break;
+ case 'assuredto15': output_received_assurances(intval($_GET['userid']),1);
+ break;
+ case 'assuredby15': output_given_assurances(intval($_GET['userid']),1);
+ break;
+ }
+
+
+?>
diff --git a/pages/account/5.php b/pages/account/5.php
index ee500c0..5c131ba 100644
--- a/pages/account/5.php
+++ b/pages/account/5.php
@@ -19,12 +19,13 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ <td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
<td class="DataTD"><?=_("Status")?></td>
<td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=_("Revoked")?></td>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=_("Login")?></td>
@@ -38,6 +39,7 @@
UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
`emailcerts`.`id`,
`emailcerts`.`CN`,
+ `emailcerts`.`serial`,
emailcerts.disablelogin as `disablelogin`
from `emailcerts`
where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
@@ -54,7 +56,7 @@
{
?>
<tr>
- <td colspan="5" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+ <td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
</tr>
<? } else {
while($row = mysql_fetch_assoc($res))
@@ -84,6 +86,7 @@
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
<? } ?>
+ <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD">
diff --git a/pages/help/0.php b/pages/help/0.php
index 83f97bd..7aa9d3b 100644
--- a/pages/help/0.php
+++ b/pages/help/0.php
@@ -15,15 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<h3><?=_("Help!")?></h3>
-<p><?=_("Following are several tips you may find useful.")?></p>
-
-<ul>
-<li><a href='help.php?id=3'><?=_("Generating a new key pair and CSR for IIS 5.0")?></a></li>
-<li><a href='help.php?id=4'><?=_("How do I generate a private key and CSR using OpenSSL?")?></a></li>
-<li><a href='logos.php'><?=_("How do I get a secured by CAcert emblem on my site?")?></a></li>
-<li><a href='help.php?id=6'><?=_("How do I get a server certificate from CAcert?")?></a></li>
-<li><a href='help.php?id=7'><?=_("How does CAcert protect its root private key?")?></a></li>
-<li><a href='help.php?id=9'><?=_("How can I do a single sign on similar to CAcert using client certificates?")?></a></li>
-<li><a href='http://wiki.cacert.org/'><?=_("Unofficial FAQ/Wiki")?></a></li>
-</ul>
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_("This page has been moved to the %swiki%s. Please update your ".
+ "bookmarks and report any broken links."),
+ '<a href="//wiki.cacert.org/HELP/0">', '</a>');
+?>
+</p>
diff --git a/pages/help/2.php b/pages/help/2.php
index 5dd86c4..a03a773 100644
--- a/pages/help/2.php
+++ b/pages/help/2.php
@@ -15,65 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<ul>
- <li><a href="#whatFor"><?=_("What is it for?")?></a></li>
- <li><a href="#whyEmails"><?=_("Why digitally sign your own emails?! (weirdo..)")?></a></li>
- <li><a href="#freedom"><?=_("How it prepares us to protect our freedom")?></a></li>
- <li><a href="#whyAdopt"><?=_("Why isn't it being adopted by everyone?")?></a></li>
- <li><a href="#whyAccept"><?=_("Why is the digital signature described as 'not valid/not trusted'?")?></a></li>
- <li><a href="#proof"><?=_("But, er, is this really proof of your email identity?")?></a></li>
- <li><a href="#gimme"><?=_("How do I create my own digital signature?!")?></a><br></li>
- <li><a href="#encrypt"><?=_("I can't wait to start sending encrypted emails!")?></a></li>
- <li><a href="#notes"><?=_("Notes for the strangely curious")?></a></li>
- <li><a href="#refs"><?=_("References")?></a></li>
-</ul>
-<br>
-<h3><a name="whatFor"></a><?=_("What is it for?")?></h3>
-<p><?=_("The purpose of digital signing is to prove, electronically, one's identity")?>. <?=_("You see this all the time on the Internet - every time you go to a secure page on a web site, for example to enter personal details, or to make a purchase, every day you browse web sites that have been digitally signed by a Certificate Authority that is accepted as having the authority to sign it. This is all invisible to the user, except that you may be aware that you are entering a secure zone (e.g. SSL and HTTPS).")?></p>
-<p><?=_("Your browser includes special digital (root) certificates from a number of these 'Certificate Authorities' by default, and all web sites use certificates that are validated by one of these companies, which you as a user implicitly trust every time you go to the secure part of a web site. (You might ask, who validates the security of the Certificate Authorities, and why should you trust them?!")?>.... <a href="#notes"><?=_("Good question")?></a>.)</p>
-<p><?=_("Digital signing thus provides security on the Internet.")?></p>
-
-<h3><a name="whyEmails"></a><?=_("Why digitally sign your own emails?! (weirdo..)")?></h3>
-<p><?=_("Emails are not secure. In fact emails are VERY not secure!")?></p>
-<p><?=_("To get from computer Internet User A to Internet User B an email may pass through tens of anonymous computers on the Internet. These 'Internet infrastructure' computers are all free to inspect and change the contents of your email as they see fit. Governments systematically browse the contents of all emails going in/out/within their country, e.g. the")?> <a href="http://www.cnn.com/2000/TECH/computing/07/28/uk.surveillance.idg/"><?=_("UK Government has done this since the year 2000")?></a>. (<a href="#freedom"><?=_("How it prepares us to protect our freedom")?></a>). <?=_("Ever requested a password that you lost to be emailed to you? That password was wide open to inspection by potential crackers.")?></p>
-<p><?=_("As anyone who has received an email containing a virus from a strange address knows, emails can be easily spoofed. The identity of the sender is very easy to forge via email. Thus a great advantage is that digital signing provides a means of ensuring that an email is really from the person you think it is. If everyone digitally signed their emails, it would be much easier to know whether an email is legitimate and unchanged and to the great relief of many, spamming would be much easier to control, and viruses that forge the sender's address would be obvious and therefore easier to control.")?></p>
-
-<h3><a name="freedom"></a><?=_("How it prepares us to protect our freedom")?></h3>
-<p><?=_("But perhaps, fundamentally, the most important reason for digital signing is awareness and privacy. It creates awareness of the (lack of) security of the Internet, and the tools that we can arm ourselves with to ensure our personal security. And in sensitising people to digital signatures, we become aware of the possibility of privacy and encryption.")?></p>
-<p><?=_("Most people would object if they found that all their postal letters are being opened, read and possibly recorded by the Government before being passed on to the intended recipient, resealed as if nothing had happened. And yet this is what happens every day with your emails (in the UK). There are some who have objected to this intrusion of privacy, but their voices are small and fall on deaf ears. However the most effective way to combat this intrusion is to seal the envelope shut in a miniature bank vault, i.e. encrypt your email. If all emails were encrypted, it would be very hard for Government, or other organisations/individual crackers, to monitor the general public. They would only realistically have enough resources to monitor those they had reason to suspect. Why? Because encryption can be broken, but it takes a lot of computing power and there wouldn't be enough to monitor the whole population of any given country.")?></p>
-<p><?=_("The reason digital signatures prepare us for encryption is that if everyone were setup to be able to generate their own digital signatures, it would be technically very easy to make the next step from digital signatures to encryption. And that would be great for privacy, the fight against spamming, and a safer Internet.")?></p>
-
-<h3><a name="whyAdopt"></a><?=_("Why isn't it being adopted by everyone?")?></h3>
-<p><?=_("Of the biggest reasons why most people haven't started doing this, apart from being slightly technical, the reason is financial. You need your own certificate to digitally sign your emails. And the Certificate Authorities charge money to provide you with your own certificate. Need I say more. Dosh = no thanks I'd rather walk home. But organisations are emerging to provide the common fool in the street with a free alternative. However, given the obvious lack of funding and the emphasis on money to get enrolled, these organisations do not yet have the money to get themselves established as trusted Certificate Authorities. Thus it is currently down to trust. The decision of the individual to trust an unknown Certificate Authority. However once you have put your trust in a Certificate Authority you can implicitly trust the digital signatures generated using their certificates. In other words, if you trust (and accept the certificate of) the Certificate Authority that I use, you can automatically trust my digital signature. Trust me!")?></p>
-
-<h3><a name="whyAccept"></a><?=_("Why is the digital signature described as 'not valid/not trusted'?")?></h3>
-<p><?=_("To fully understand, read the section directly above. I am using a free Certificate Authority to provide me with the ability to digitally sign my emails. As a result, this Certificate Authority is not (yet) recognised by your email software as it is a new organisation that is not yet fully established, although it is probably being included in the Mozilla browser. If you choose to, you can go the their site at CAcert.org to install the root certificate. You may be told that the certificate is untrusted - that is normal and I suggest that you continue installation regardless. Be aware that this implies your acceptance that you trust their secure distribution and storing of digital signatures, such as mine. (You already do this all the time). The CAcert.org root certificate will then automatically provide the safe validation of my digital signature, which I have entrusted to them. Or you can simply decide that you've wasted your time reading this and do nothing (humbug!). Shame on you! :-)")?></p>
-
-<h3><a name="proof"></a><?=_("But, er, is this really proof of your email identity?")?></h3>
-<p><?=_("Security is a serious matter. For a digital certificate with full rights to be issued to an individual by a Certificate Authority, stringent tests must be conducted, including meeting the physical person to verify their identity. At the current moment in time, my physical identity has not been verified by CAcert.org, but they have verified my email address. Installing their root certificate (see above) will thus automatically allow you to validate my digital signature. You can then be confident of the authenticity of my email address - only I have the ability to digitally sign my emails using my CAcert.org certificate, so if you get an email that I digitally signed and which is validated by your email software using the CAcert.org root certificate that you installed, you know it's from me. (Visually you get a simple indication that my email is signed and trusted). Technically, they haven't verified that I really am me! But you have the guarantee that emails from my address are sent by the person who physically administers that address, i.e. me! The only way that someone could forge my digital signature would be if they logged on to my home computer (using the password) and ran my email software (using the password) to send you a digitally signed email from my address. Although I have noticed the cats watching me logon...")?></p>
-
-<h3><a name="gimme"></a><?=_("Cool man! How do I create my own digital signature?!")?></h3>
-<p><?=_("Easy. Ish. Go to CAcert.org, install their root certificate and then follow their joining instructions. Once you have joined, request a certificate from the menu. You will receive an email with a link to the certificate. Click on the link from your email software, and hopefully it will be seamlessly installed. Next find the security section of the settings in your email software and configure digital signatures using the certificate you just downloaded. Hmm. Call me if you want, I'll guide you through it.")?></p>
-
-<h3><a name="encrypt"></a><?=_("I can't wait to start sending encrypted emails!")?></h3>
-<p><?=_("There's nothing to it. I mean literally, you can already start sending your emails encrypted. Assuming of course you have your own digital signature certificate (e.g. as per above), and the person you want to send an encrypted email to also has a digital signature certificate, and has recently sent you a digitally signed email with it. If all these conditions hold, you just have to change the settings in your email software to send the email encrypted and hey presto! Your email software (probably Outlook I guess) should suss out the rest.")?></p>
-
-<h3><a name="notes"></a><?=_("Notes for the strangely curious")?></h3>
-<p><?=_("You are putting your trust in people you don't know!")?><br><?=_("One assumes that if a site has an SSL certificate (that's what enables secure communication, for exchanging personal details, credit card numbers, etc. and gives the 'lock' icon in the browser) that they have obtained that certificate from a reliable source (a Certificate Authority), which has the appropriate stringent credentials for issuing something so vital to the security of the Internet, and the security of your communications. You have probably never even asked yourself the question of who decided to trust these Certificate Authorities, because your browser comes with their (root) certificates pre-installed, so any web site that you come across that has an SSL certificate signed by one of them, is automatically accepted (by your browser) as trustworthy.")?></p>
-<p><?=_("Thus, having now asked the question, you suppose that it's the people who make the browser software that have carefully decided who is a trustworthy Certificate Authority. Funnily enough, the mainstream browsers have not, historically, had public policies on how they decide whether a Certificate Authority gets added to their browser. All of the Certificate Authorities that have found themselves in the browser software, are big names, probably with big profits (so they must be doing a good job!).")?></p>
-<p><?=_("That situation has changed, and Internet Explorer, being the most obvious example, now insists that any Certificate Authorities are 'audited' by an 'independent' organisation, the American Institute for Certified Public Accountant's (AICPA). So now, if you have the money needed (from US$75000 up to US$250000 and beyond) you can get these accountants, who clearly know a lot about money, to approve you as having the required technical infrastructure and business processes to be a Certificate Authority. And they get a nice wad of money for the pleasure. And the Certificate Authorities, having a kind of monopoly as a result, charge a lot for certificates and also get a nice wad of money. And everyone's happy.")?></p>
-<p><?=_("But, with all this money, and all this responsibility, they must be taking a lot of care to ensure the Certificate Authorities do their jobs well, and keep doing their jobs well, right? Well right?!")?></p>
-<p><?=_("And they are making mistakes")?></p>
-<p><?=_("So if you don't pass the audit, you don't get to be a Certificate Authority. And to pass the audit, well, you've got to show that you can do a good job issuing certificates. That they're secure, you only give them to the right people, etc. So what happens when you make a mistake and you erroneously issue a certificate that risks the entire Internet browsing population, like Verisign did? Well, er, nothing actually. They already paid for their audit, and damn it, they're so big now, we couldn't possibly revoke their Certificate Authority status. (There's too much money at stake!)")?></p>
-
-<h3><?=_("So, dammit, what's the point of all this then?")?></h3>
-<p><?=_("The point is, as the current situation holds, you should be wary of anyone making decisions for you (i.e. pre-installed certificates in your browser), and you should be weary of anyone else's certificates that you install. But at the end of the day, it all boils down to trust. If an independent Certificate Authority seems to be reputable to you, and you can find evidence to support this claim, there's no reason why you shouldn't trust it any less than you implicitly trust the people who have already made mistakes.")?></p>
-<h3><a name="refs"></a><?=_("References")?></h3>
-<p><a href="http://www.schneier.com/paper-pki.pdf"><?=_("Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure")?></a> - http://www.counterpane.com/pki-risks.pdf</p>
-<p><a href="http://www.webtrust.org/certauth.htm"><?=_("WebTrust for Certification Authorities")?></a> - http://www.webtrust.org/certauth.htm</p>
-<p><a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-017.asp"><?=_("Erroneous Verisign Issued Digital Certificates Pose Spoofing Hazard")?></a> - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-017.asp</p>
-<p><a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/rootcert.asp"><?=_("Microsoft Root Certificate Program")?></a> - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/rootcert.asp</p>
-<p><a href="http://www.homeoffice.gov.uk/crimpol/crimreduc/regulation/index.html"><?=_("The Regulation of Investigational Powers Act (RIPA)</a> ('Snooping Bill' official gov site, UK)")?> - http://www.homeoffice.gov.uk/crimpol/crimreduc/regulation/index.html</p>
-<p><a href="http://www.cnn.com/2000/TECH/computing/07/28/uk.surveillance.idg/"><?=_("U.K. e-mail snooping bill passed")?></a> (UK) - http://www.cnn.com/2000/TECH/computing/07/28/uk.surveillance.idg/</p>
-<p><?=_("Disclaimer : These are the author's opinions, but they should not be considered 'truth' without personal verification. The author may have made mistakes and any mistakes will be willingly rectified by contacting the administrator of elucido.net, contact details available from the normal domain registration information services (e.g. whois.net).&nbsp; No recommendation to install a Certificate Authority's root certificate is either intended nor implied.")?></p>
-<p><? printf(_("The page has been reproduced on %s with explicit permission from %sthe author%s with the information being copyrighted to the author (name with held by request)"), "<a href='http://www.CAcert.org'>CAcert.org</a>", "<a href='http://elucido.net/'>", "</a>")?></p>
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_("This page has been moved to the %swiki%s. Please update your ".
+ "bookmarks and report any broken links."),
+ '<a href="//wiki.cacert.org/HELP/2">', '</a>');
+?>
+</p>
diff --git a/pages/help/3.php b/pages/help/3.php
index b56823e..8cdeb08 100644
--- a/pages/help/3.php
+++ b/pages/help/3.php
@@ -15,74 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<h3><?=_("Generating a Key Pair and Certificate Signing Request (CSR) for a Microsoft Internet Information Server (IIS) 5.0.")?></h3>
-<p><?=_("To generate a public and private key pair and CSR for a Microsoft IIS 5 Server:")?></p>
- <ol class="tutorial">
- <li><b><?=_("Key generation process")?></b><br />
- <?=_("Under 'Administrative Tools', open the 'Internet Services Manager'. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on the particular website will open up its properties.")?><br />
- <img src="iistutorial/image001.jpg" height="453" width="642" alt="<?=_("Screenshot of IIS 5.0")?>" /><br />
- <img src="iistutorial/image002.jpg" height="453" width="463" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Open Directory Security folder")?></b><br />
- <?=_("In the 'Directory Security' folder click on the 'Server Certificate' button in the 'Secure communications' section. If you have not used this option before the 'Edit' button will not be active.")?><br />
- <img src="iistutorial/image003.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Select 'Create a new certificate'")?></b><br />
- <?=_("Now 'Create a new certificate'.")?><br />
- <img src="iistutorial/image004.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Prepare the request")?></b><br />
- <?=_("You'll prepare the request now, but you can only submit the request via the online request forms. We do not accept CSRs via email.")?><br />
- <img src="iistutorial/image005.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Enter a certificate name and select Certificate strength")?></b><br />
- <?=_("Select 'Bit length'. We advise a key length of 1024 bits.")?><br />
- <img src="iistutorial/image006.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /><br />
- <br />
- <?=_("You have now created a public/private key pair. The private key is stored locally on your machine. The public portion is sent to CAcert in the form of a CSR.")?><br />
- <br />
- <?=_("You will now create a CSR. This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. The following characters must be excluded from your CSR fields, or your certificate may not work:")?> <p style="color: red;">! @ # $ % ^ * ( ) ~ ? &gt; &lt; &amp; / \</p>
- </li>
- <li><b><?=_("Enter your Organisation Information")?></b><br />
- <?=_("Enter the Organisation name: this must be the full legal name of the Organisation that is applying for the certificate.")?><br />
- <br />
- <?=_("The Organisational Unit field is the 'free' field. It is often the department or Server name for reference.")?><br />
- <img src="iistutorial/image007.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Enter your Common Name")?></b><br />
- <?=_("The Common Name is the fully qualified host and Domain Name or website address that you will be securing. Both 'www.CAcert.org' and 'secure.CAcert.com' are valid Common Names. IP addresses are usually not used.")?><br />
- <img src="iistutorial/image008.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Enter the geographical details")?></b><br />
- <?=_("Your country, state and city.")?><br />
- <img src="iistutorial/image009.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Choose a filename to save the request to")?></b><br />
- <?=_("Select an easy to locate folder. You'll have to open this file up with Notepad. The CSR must be copied and pasted into our online form. Once the CSR has been submitted, you won't need this CSR any more as IIS won't reuse old CSR to generate new certificates.")?><br />
- <img src="iistutorial/image010.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Confirm your request details")?></b></li>
- </ol>
-<p><?=_("Finish up and exit IIS Certificate Wizard")?></p>
-
-<h3><?=_("Certificate Installation process for IIS 5.0")?></h3>
-<p><?=_("After your certificate has been emailed to you, follow this process to install the certificate.")?></p>
- <ol class="tutorial">
- <li><b><?=_("Saving the certificate")?></b><br />
- <?=_("Copy the contents of the email including the")?>
- <code>-----BEGIN CERTIFICATE-----</code> <?=_("and")?>
- <code>-----END CERTIFICATE-----</code> <?=_("lines. Do not copy any extra line feeds or carriage returns at the beginning or end of the certificate. Save the certificate into a text editor like Notepad. Save the certificate with an extension of .cer and a meaningful name like certificate.cer")?><br /><br />
- <img src="iistutorial/image011b.png" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Installation steps")?></b><br />
- <?=_("Return to the 'Internet Information Services' screen in 'Administrative Tools' under 'Control Panel'. Right click on 'Default Web Site' and select 'Properties'.")?><br />
- <img src="iistutorial/image001.jpg" height="453" width="642" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Select the Directory Security tab")?></b><br />
- <?=_("Select 'Server Certificate' at the bottom of the tab in the 'Secure communications' section.")?><br />
- <img src="iistutorial/image002.jpg" height="453" width="463" alt="<?=_("Screenshot of IIS 5.0")?>" /><br /></li>
- <li><b><?=_("In the 'IIS Certificate Wizard' you should find a 'Pending Certificate Request'.")?></b><br />
- <?=_("Ensure 'Process the pending request and install the certificate' is selected and click on 'Next'.")?><br />
- <img src="iistutorial/image012.gif" height="388" width="506" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Browse to the location you saved the .cer file to in step 1")?></b><br />
- <?=_("Select the .cer file and click 'Next'.")?><br />
- <img src="iistutorial/image013.gif" height="388" width="505" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("Ensure that you are processing the correct certificate")?></b><br />
- <?=_("...then click 'Next'.")?><br />
- <img src="iistutorial/image014.jpg" height="390" width="506" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- <li><b><?=_("You will see a confirmation screen.")?></b><br />
- <?=_("When you have read this information, click 'Finish'.")?><br />
- <img src="iistutorial/image015.gif" height="390" width="507" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
- </ol>
- <p><b><?=_("And you're done!")?></b></p>
- <p><?=_("For more information, refer to your server documentation or visit")?> <a href="http://support.microsoft.com/support/"><?=_("Microsoft Support Online")?></a>.</p>
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_("This page has been moved to the %swiki%s. Please update your ".
+ "bookmarks and report any broken links."),
+ '<a href="//wiki.cacert.org/HELP/3">', '</a>');
+?>
+</p>
diff --git a/pages/help/4.php b/pages/help/4.php
index 428c934..248564c 100644
--- a/pages/help/4.php
+++ b/pages/help/4.php
@@ -15,31 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<p><?=_("Firstly you will need to run the following command, preferably in secured directory no one else can access, however protecting your private keys is beyond the scope of this document.")?></p>
-<p># openssl req -nodes -new -keyout private.key -out server.csr</p>
-<p><?=_("Then the system will try to generate some very random numbers to get a secure key.")?></p>
-<p><?=_("Generating a 1024 bit RSA private key")?><br>
- ...++++++<br>
- ....++++++<br>
-<?=_("writing new private key to 'private.key'")?></p>
-<p><?=_("You will then be asked to enter information about your company into the certificate. Below is a valid example:")?></p>
-<p><?=_("Country Name (2 letter code) [AU]:")?>AU<br>
- <?=_("State or Province Name (full name) [NSW]:")?>NSW<br>
- <?=_("Locality Name (eg, city) [Sydney]:")?>Sydney<br>
- <?=_("Organization Name (eg, company) [XYZ Corp]:")?>CAcert Inc.<br>
- <?=_("Organizational Unit Name (eg, section) [Server Administration]:.")?><br>
- <?=_("Common Name (eg, YOUR name) []:")?>www.cacert.org<br>
- <?=_("Email Address")?> []:no-returns@cacert.org</p>
-<p><?=_("Finally you will be asked information about 'extra' attribute, you simply hit enter to both these questions.")?></p>
-<p><?=_("Next step is that you submit the contents of server.csr to the CAcert website, it should look *EXACTLY* like the following example otherwise the server may reject your request because it appears to be invalid.")?></p>
-<p>-----BEGIN CERTIFICATE REQUEST-----<br>
- MIIBezCB5QIBADA8MRcwFQYDVQQDEw53d3cuY2FjZXJ0Lm9yZzEhMB8GCSqGSIb3<br>
- DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB<br>
- iQKBgQDQd1+ut4TJLWZf5A9r3D17Kob+CNwz/jfCOYrH0P6q1uw4jfSyrWUeSaVc<br>
- 59Xjpov8gRctlAuWM9KavkLSF6vcNdDEbvUYnL/+ixdmVE9tlXuSFEGz0GAF5faf<br>
- QZe30wk+2hnC6P+rwclypOhkTXtWgvSHPZg9Cos8xqDyv589QwIDAQABoAAwDQYJ<br>
- KoZIhvcNAQEEBQADgYEAJruzBZr4inqaeidn1m2q47lXZUWjgsrp3k3bFJ/HCb3S<br>
- 2SgVqHFrOisItrr7H0Dw2EcPhIrRokRdjIAwwlxG9v21eFaksZUiaP5Yrmf89Njk<br>
- HV+MZXxbC71NIKrnZsDhHibZslICh/XjdPP7zfKMlHuaaz1oVAmu9BlsS6ZXkVA=<br>
------END CERTIFICATE REQUEST----- </p>
-<p><?=_("Once you've submitted it the system will process your request and send an email back to you containing your server certificate.")?></p>
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_("This page has been moved to the %swiki%s. Please update your ".
+ "bookmarks and report any broken links."),
+ '<a href="//wiki.cacert.org/HELP/4">', '</a>');
+?>
+</p>
diff --git a/pages/help/5.php b/pages/help/5.php
index d59e3dc..604febc 100644
--- a/pages/help/5.php
+++ b/pages/help/5.php
@@ -15,4 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<?=_("To be completed")?>
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_("This page has been moved to the %swiki%s. Please update your ".
+ "bookmarks and report any broken links."),
+ '<a href="//wiki.cacert.org/HELP/5">', '</a>');
+?>
+</p>
diff --git a/pages/help/6.php b/pages/help/6.php
index adbd656..5308e93 100644
--- a/pages/help/6.php
+++ b/pages/help/6.php
@@ -15,14 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<p><?=_("Firstly you need to join CAcert to do that go:")?> <a href='https://www.cacert.org/index.php?id=1'><?=("here")?></a></p>
-
-<p><?=_("Then you need to generate a Certificate Signing Request, for more details go:")?> <a href=http://www.cacert.org/help.php><?=_("here")?></a></p>
-
-<p><?=_("You then need to add the domain you have control of to your account, which you can do:")?> <a href='https://www.cacert.org/account.php?id=7'><?=_("here")?></a></p>
-
-<p><?=_("System will send you an email with a link in it, you just open the link in a webbrowser.")?></p>
-
-<p><?=_("Then you need to submit the contents from the CSR file to CAcert, you need to go:")?> <a href='https://www.cacert.org/account.php?id=10'><?=_("here")?></a></p>
-
-<p><?=_("CAcert then sends you an email with a signed copy of your certificate. Hopefully the rest should be pretty straight forward.")?></p>
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_("This page has been moved to the %swiki%s. Please update your ".
+ "bookmarks and report any broken links."),
+ '<a href="//wiki.cacert.org/HELP/6">', '</a>');
+?>
+</p>
diff --git a/pages/help/7.php b/pages/help/7.php
index 842a4cf..73e18da 100644
--- a/pages/help/7.php
+++ b/pages/help/7.php
@@ -15,12 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<p><?=_("In light of a request on the bugzilla list for more information about how our root certificate is protected I've decided to do a write up here and see if there is anything more people suggest could be done, or a better way of handling things altogether.")?></p>
-<p><?=_("Currently there is 2 main servers, one for webserver, one for root store, with the root store only connected to the webserver via serial cable, with a daemon running as non-root processes on each end of the serial listening/sending requests/info.")?></p>
-<p><?=_("If the root store detects a bad request it assumes the webserver is compromised and shuts itself down.")?></p>
-<p><?=_("If the root store doesn't receive a 'ping' reply over the serial link within a determined amount of time it assumes the webserver is compromised or the root store itself has been stolen and shuts itself down.")?></p>
-<p><?=_("Apart from the boot stuff, all data resides on an encrypted partition on the root store server and only manual intervention in the boot up process by entering the password will start it again.")?></p>
-<p><?=_("The requests sent to the root store, are stored in a file for another process triggered by cron to parse and sign them, then stored in a reply file to be sent back to the webserver. Causing things to be separated into different users, basic privilege separation stuff. So being actually able to hack the serial daemons will only at the VERY worst cause fraudulent certificates, not the root to be revealed.")?></p>
-<p><?=_("Why use serial you ask? Well certificate requests are low bandwidth for starters, then of course simpler systems in security are less prone to exploits, and finally serial code is pretty mature and well tested and hopefully all exploits were found and fixed a long time ago.")?></p>
-<p><?=_("With the proposed root certificate changes, there would be a new root, this would sign at least 1 sub-root, then the private key stored offline in a bank vault, with the sub-root doing all the signing, or alternatively 2 sub-roots, 1 for client certificates, one for server, the thinking behind this, if any of the sub-roots are compromised they can be revoked and reissued.")?></p>
-<p><?=_("Alternatively as things progress we can add more layers of security with say 4 webservers talking to 2 intermediate servers, talking to the root store, and acting in a token ring fashion, anything happening out of sequence, and the server directly upstream shuts itself down, which if that were in place and there were multiple paths, any down time in this fashion would fall over to the servers not compromised, anyways just some food for thought.")?></p>
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_("This page has been moved to the %swiki%s. Please update your ".
+ "bookmarks and report any broken links."),
+ '<a href="//wiki.cacert.org/HELP/7">', '</a>');
+?>
+</p>
diff --git a/pages/help/8.php b/pages/help/8.php
index 8ee4974..41c4959 100644
--- a/pages/help/8.php
+++ b/pages/help/8.php
@@ -15,6 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<p><i><?=_("Question: I'm a software developer for linux and I want to use CAcert/openssl to distribute my packages with detached signatures, is this possible and why would I do this over PGP/GPG detached signatures?")?></i></p>
-<p><?=_("I'll anwser the why part first, as that's reasonably easy. The short answer is it takes most of the key handling responsibilty away from you and/or your group. If you need to revoke your key for any reason (such as a developer leaving the project) it won't effect your ability to revoke the existing key or keys, and issue new ones.")?></p>
-
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_("This page has been moved to the %swiki%s. Please update your ".
+ "bookmarks and report any broken links."),
+ '<a href="//wiki.cacert.org/HELP/8">', '</a>');
+?>
+</p>
diff --git a/pages/help/9.php b/pages/help/9.php
index 8a538fe..d6fdc39 100644
--- a/pages/help/9.php
+++ b/pages/help/9.php
@@ -15,53 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
+<p style="background-color: #FF8080; font-size: 150%">
<?
- function dotab($num)
- {
- $string="";
- for($i = 0; $i < $num; $i++)
- {
- for($j = 0; $j < 8; $j++)
- $string .= "&nbsp;";
- }
- return($string);
- }
+printf(_("This page has been moved to the %swiki%s. Please update your ".
+ "bookmarks and report any broken links."),
+ '<a href="//wiki.cacert.org/HELP/9">', '</a>');
?>
-<h3><?=_("How can I do a single sign on similar to CAcert using client certificates?")?></h3>
-
-<p><?=_("Firstly you need mod-ssl and apache setup (this is beyond the scope of this FAQ item and you will need to search on google etc for LAMP setup information). I recommend mod-ssl over apache-ssl because it means you need less resources to achieve the same result.")?></p>
-
-<p><?=_("Once you have everything setup and working you will need to add lines similar to below to your apache.conf")?></p>
-
-<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"><br>
-&lt;VirtualHost 127.0.0.1:443&gt;<br>
-SSLEngine on<br>
-SSLVerifyClient require<br>
-SSLVerifyDepth 2<br>
-SSLCACertificateFile /etc/ssl/cacert.crt<br>
-SSLCertificateFile /etc/ssl/certs/cacert.crt<br>
-SSLCertificateKeyFile /etc/ssl/private/cacert.pem<br>
-SSLOptions +StdEnvVars<br>
-<br>
-ServerName secure.cacert.org<br>
-DocumentRoot /www<br>
-&lt;/VirtualHost&gt;<br><br>
-</p>
-
-<p><?=_("Please note, you will need to alter the paths, hostname and IP of the above example, which is just that an example! The SSLCACertificateFile directive is supposed to point to a file with the root certificate you wish to verify your client certificates against, for the CAcert website we obviously only accept certificates issued by our own website and use our root certificate to initially verify this.")?></p>
-
-<p><?=_("Once you have everything working and you've tested sending a client certificate to your site and you're happy all is well you can start adding code to PHP (or any other language you like that can pull server environment information). At present I only have PHP code available and the example is in PHP")?></p>
-
-<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"><br>
-<?=dotab(1)?>if($_SERVER['HTTP_HOST'] == "secure.cacert.org")<br>
-<?=dotab(1)?>{<br>
-<?=dotab(2)?>$query = "select * from `users` where `email`='$_SERVER[SSL_CLIENT_S_DN_Email]'";<br>
-<?=dotab(2)?>$res = mysql_query($query);<br>
-<?=dotab(2)?>if(mysql_num_rows($res) > 0)<br>
-<?=dotab(2)?>{<br>
-<?=dotab(3)?>$_SESSION['profile']['loggedin'] = 1;<br>
-<?=dotab(3)?>header("location: https://secure.cacert.org/account.php");<br>
-<?=dotab(3)?>exit;<br>
-<?=dotab(2)?>}<br>
-<?=dotab(1)?>}<br><br>
</p>
diff --git a/pages/index/1.php b/pages/index/1.php
index d9ce8a8..a60a242 100644
--- a/pages/index/1.php
+++ b/pages/index/1.php
@@ -18,36 +18,40 @@
<p><?=_("By joining CAcert and becoming a Member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p>
<p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
-<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br>
-<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br>
-<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br>
+<?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br>
<b><?=_("Note: White spaces at the beginning and end of a password will be removed.")?></b>
</p>
<form method="post" action="index.php" autocomplete="off">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
- <td colspan="2" class="title"><?=_("My Details")?></td>
+ <td colspan="3" class="title"><?=_("My Details")?></td>
</tr>
+
<tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td>
<td class="DataTD" width="125"><input type="text" name="fname" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td>
+ <td rowspan="4" class="DataTD" width="125"><? printf(_("Help on Names %sin the wiki%s"),'<a href="//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm" target="_blank">','</a>')?></td>
</tr>
+
<tr>
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>)
</td>
<td class="DataTD"><input type="text" name="mname" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td>
</tr>
+
<tr>
<td class="DataTD"><?=_("Last Name")?>: </td>
<td class="DataTD"><input type="text" name="lname" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td>
</tr>
+
<tr>
<td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td>
- <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write %sName Suffixes%s into this field."),'<a href="http://en.wikipedia.org/wiki/Suffix_%28name%29" target="_blank">','</a>')?></td>
+ <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td>
</tr>
+
<tr>
<td class="DataTD"><?=_("Date of Birth")?><br>
(<?=_("dd/mm/yyyy")?>)</td>
@@ -75,49 +79,63 @@
</select>
<input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['signup']) ? sanitizeHTML($_SESSION['signup']['year']):""?>" size="4" autocomplete="off"></nobr>
</td>
+ <td class="DataTD">&nbsp;</td>
</tr>
+
<tr>
<td class="DataTD"><?=_("Email Address")?>: </td>
- <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"><br/><?=_("I own or am authorised to control this email address")?>
-</td>
+ <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"></td>
+ <td class="DataTD"><?=_("I own or am authorised to control this email address")?></td>
</tr>
+
<tr>
<td class="DataTD"><?=_("Pass Phrase")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="pword1" autocomplete="off"></td>
+ <td class="DataTD" rowspan="2">&nbsp;</td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td>
<td class="DataTD"><input type="password" name="pword2" autocomplete="off"></td>
</tr>
+
<tr>
- <td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td>
+ <td class="DataTD" colspan="3"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td>
</tr>
+
<tr>
- <td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions - Please enter five questions and your responses to be used for security verification.")?></td>
+ <td class="DataTD" colspan="3"><?=_("Lost Pass Phrase Questions - Please enter five questions and your responses to be used for security verification.")?></td>
</tr>
+
<tr>
<td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td>
<td class="DataTD"><input type="text" name="A1" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td>
+ <td class="DataTD" rowspan="5">&nbsp;</td>
</tr>
+
<tr>
<td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td>
<td class="DataTD"><input type="text" name="A2" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td>
</tr>
+
<tr>
<td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td>
<td class="DataTD"><input type="text" name="A3" value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td>
</tr>
+
<tr>
<td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td>
<td class="DataTD"><input type="text" name="A4" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td>
</tr>
+
<tr>
<td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td>
<td class="DataTD"><input type="text" name="A5" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td>
</tr>
+
<tr>
- <td class="DataTD" colspan="2"><?=_("It's possible to get notifications of up and coming events and even just general announcements, untick any notifications you don't wish to receive. For country, regional and radius notifications to work you must choose your location once you've verified your account and logged in.")?></td>
+ <td class="DataTD" colspan="3"><?=_("It's possible to get notifications of up and coming events and even just general announcements, untick any notifications you don't wish to receive. For country, regional and radius notifications to work you must choose your location once you've verified your account and logged in.")?></td>
</tr>
+
<tr>
<td class="DataTD" valign="top"><?=_("Alert me if")?>: </td>
<td class="DataTD" align="left">
@@ -125,16 +143,18 @@
<input type="checkbox" name="country" value="1" <?=array_key_exists('country',$_SESSION['signup'])? ($_SESSION['signup']['country'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Country Announcements")?><br>
<input type="checkbox" name="regional" value="1" <?=array_key_exists('regional',$_SESSION['signup'])? ($_SESSION['signup']['regional'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Regional Announcements")?><br>
<input type="checkbox" name="radius" value="1" <?=array_key_exists('radius',$_SESSION['signup'])? ($_SESSION['signup']['radius'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Within 200km Announcements")?></td>
+ <td class="DataTD">&nbsp;</td>
</tr>
+
<tr>
- <td class="DataTD" colspan="2"><?=_("When you click on next, we will send a confirmation email to the email address you have entered above.")?></td>
+ <td class="DataTD" colspan="3"><?=_("When you click on next, we will send a confirmation email to the email address you have entered above.")?></td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><input type="checkbox" name="cca_agree" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> ><?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.php">http://www.cacert.org/policy/CAcertCommunityAgreement.php</a></td>
+ <td class="DataTD" colspan="3"><input type="checkbox" name="cca_agree" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> ><?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.php">http://www.cacert.org/policy/CAcertCommunityAgreement.php</a></td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
diff --git a/pages/index/10.php b/pages/index/10.php
index f89187d..9e09bb8 100644
--- a/pages/index/10.php
+++ b/pages/index/10.php
@@ -15,76 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<h3><?=_("Privacy Policy")?></h3>
-
-<p>
-<?=_("This policy discloses what information we gather about you when you visit any of our Web site, and when you issue or use our certificates. It describes how we use that information and how you can control it.")?>
-</p>
-
-<h4>1. <?=_("Website information")?></h4>
-<p>
-<?=_("We collect two kinds of information about website users: 1) data that users volunteer by signing up to our website or when you send us an email via our contact form; and 2) aggregated tracking data we collect when users interact with our site.")?>
-</p>
-
-<h4>2. <?=_("Personal information")?></h4>
-<p>
-<?=_("When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address, date of birth and some lost pass phrase question and answers.")?>
-</p>
-<p>
-<?=_("We only share your information with any other organisation when so instructed by a CAcert arbitrator.")?>
-</p>
-
-<h4>3. <?=_("Aggregated tracking information")?></h4>
-<p>
-<?=_("We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user.")?>
-</p>
-
-<h4>4. <?=_("Cookies")?></h4>
-<p>
-<?=_("Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them.")?>
-</p>
-<p>
-<?=_("We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer.")?>
-</p>
-
-<h4>5. <?=_("Notification of changes")?></h4>
-<p>
-<?=_("If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information.")?>
-</p>
-
-<h4>6. <?=_("How to update, correct, or delete your information")?></h4>
-<p>
-<?=_("You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link")?>
-</p>
-
-<h4>7. <?=_("Privacy of certificates")?></h4>
-<p>
-<?=_("CAcert does not automatically publish the certificates through a directory service or the website to other people than the user who requested the certificate. In the future, the user might be able to opt-in for publication of the certificates through a directory server by CAcert.")?>
-</p>
-
-<h4>8. <?=_("Privacy of user data")?></h4>
-<p>
-<?=_("CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address. No other person related data is published by CAcert.")?>
-</p>
-
-<h4>9. <?=_("Exceptions")?></h4>
-<p>
-<?=_("A CAcert arbitrator may override this policy in a dispute.")?>
-<?=_("To obtain access to confidential data, a dispute has to be filed.")?>
-</p>
-
-<h4>10. <?=_("Legal mandates")?></h4>
-<p>
-<?=_("CAcert adopts the Australian privacy regulations.")?>
-<?=_("Please see <a href='http://www.privacy.gov.au/'>http://www.privacy.gov.au/</a> for further details.")?>
-<?=_("Governmental warrants and civil supoenas will be processed through the dispute resolution system, which ensures that valid authority is given to whoever complies with the supoena or the warrant.")?>
-</p>
-
-
-<p><?=_("If you need to contact us in writing, address your mail to:")?></p>
-<p>
-CAcert Inc.<br>
-P.O. Box 4107<br>
-Denistone East NSW 2112<br>
-Australia
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_('This page has been moved to the %spolicy directory%s. Please update '.
+ 'your bookmarks and report any broken links.'),
+ '<a href="/policy/PrivacyPolicy.html">', '</a>');
+?>
</p>
diff --git a/pages/index/11.php b/pages/index/11.php
index 1b76f9c..8391903 100644
--- a/pages/index/11.php
+++ b/pages/index/11.php
@@ -23,7 +23,7 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
<p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be over looked, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a reply quicker.")?></b></p>
<p><b><?=_("If you are contacting us about advertising, please use the form at the bottom of the website, the first contact form is not the correct place.")?></b></p>
<p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p>
-<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="http://www.CAcert.org/help.php"><?=_("Go here for more details.")?></a></p>
+<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="//wiki.cacert.org/HELP/"><?=_("Go here for more details.")?></a></p>
<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
<p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
diff --git a/pages/index/16.php b/pages/index/16.php
index ad493f2..c2cb391 100755..100644
--- a/pages/index/16.php
+++ b/pages/index/16.php
@@ -35,8 +35,12 @@ Class 3 <?=_("PKI Key")?><br>
<a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a><br/>
<a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a><br/>
<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a><br/>
-<?=_("Fingerprint")?> SHA1: DB:4C:42:69:07:3F:E9:C2:A3:7D:89:0A:5C:1B:18:C4:18:4E:2A:2D<br/>
-<?=_("Fingerprint")?> MD5: 73:3F:35:54:1D:44:C9:E9:5A:4A:EF:51:AD:03:06:B6<br/>
+<?php /*
+ class3 subroot fingerprint updated: 2011-05-23 class3 Re-sign project
+ https://wiki.cacert.org/Roots/Class3ResignProcedure/Migration
+*/ ?>
+<?=_("Fingerprint")?> SHA1: AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE<br/>
+<?=_("Fingerprint")?> MD5: F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42<br/>
</p>
<p>
@@ -79,3 +83,10 @@ TG1yj+lkktROGGyn0hJ5SbM=
-----END PGP SIGNATURE-----
</pre>
</p>
+
+<p>
+<? printf(_('An overview over all CA certificates ever issued can be found in '.
+ '%sthe wiki%s.'),
+ '<a href="//wiki.cacert.org/Roots/StateOverview">',
+ '</a>') ?>
+</p>
diff --git a/pages/index/19.php b/pages/index/19.php
index c58eb68..b44960d 100644
--- a/pages/index/19.php
+++ b/pages/index/19.php
@@ -15,90 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<span style="background-color: #FF8080; font-size: 150%">
-Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br>
-Until a subsidiary policy under AP is written, it is against AP rules.<br>
-</span>
-&nbsp;<br>
-<h3><?=_("Information")?></h3>
-<table border="0" align="center" cellspacing="0" cellpadding="0">
- <tr>
- <td class="title" colspan="2"><?=_("What can CAcert provide to you, to increase your privacy and security for free?")?></td>
- </tr>
- <tr>
- <td class="DataTD">
- <h4><?=_("Client certificates (un-assured)")?></h4>
- </td>
- <td class="DataTD">
- <u><?=_("Benefits")?>:</u> <?=_("You can send digitally signed/encrypted emails; others can send encrypted emails to you.")?><br /><br />
- <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 6 months. Only the email address itself can be entered into the certificate (not your full name)")?>.<br /><br />
- <u><?=_("Verification needed")?>:</u> <?=_("You must confirm it is your email address by responding to a 'ping' email sent to it.")?><br /><br />
- </td>
- </tr>
- <tr>
- <td class="DataTD">
- <h4><?=_("Assured client certificates")?></h4>
- </td>
- <td class="DataTD">
- <u><?=_("Benefits")?>:</u> <?=_("Same as above plus you can include your full name in the certificates.")?><br /><br />
- <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 24 months.")?><br /><br />
- <u><?=_("Verification needed")?>:</u> <?=_("Same as above, plus you must get a minimum of 50 assurance points by meeting with one or more assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br /><br />
- </td>
- </tr>
- <tr>
- <td class="DataTD">
- <h4><?=_("Code signing certificates")?></h4>
- </td>
- <td class="DataTD">
- <u><?=_("Benefits")?>:</u> <?=_("Digitally sign code, web applets, installers, etc. including your name and location in the certificates.")?><br><br>
- <u><?=_("Limitations")?>:</u> <?=sprintf(_("Certificates expire in 12 months. Certificates %s must%s include your full name."),"<u>","</u>")?><br /><br />
- <u><?=_("Verification needed")?>:</u> <?=_("Same as above plus get 100 assurance points by meeting with multiple assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br><br>
- </td>
- </tr>
- <tr>
- <td class="DataTD">
- <h4><?=_("Server certificates (un-assured)")?></h4>
- </td>
- <td class="DataTD">
- <u><?=_("Benefits")?>:</u> <?=_("Enable encrypted data transfer for users accessing your web, email, or other SSL enabled service on your server; wildcard certificates are allowed.")?><br><br>
- <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 6 months; only the domain name itself can be entered into the certificates (not your full name, company name, location, etc.).")?><br><br>
- <u><?=_("Verification needed")?>:</u> <?=_("You must confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address listed in the whois record, or one of the RFC-mandatory addresses (hostmaster/postmaster/etc).")?><br><br>
- </td>
- </tr>
- <tr>
- <td class="DataTD">
- <h4><?=_("Assured server certificates")?></h4>
- </td>
- <td class="DataTD">
- <u><?=_("Benefits")?>:</u> <?=_("Same as above.")?><br><br>
- <u><?=_("Limitations")?>:</u> <?=_("Same as above, except certificates expire in 24 months.")?><br><br>
- <u><?=_("Verification needed")?>:</u> <?=_("Same as above, plus get 50 assurance points by meeting with assurer(s) from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br><br>
- </td>
- </tr>
- <tr>
- <td class="DataTD">
- <h4><?=_("Become an assurer in CAcert Web of Trust")?></h4>
- </td>
- <td class="DataTD">
- <u><?=_("Benefits")?>:</u> <?=_("The ability to assure other new CAcert users; contribute to the strengthening and broadening of the CAcert Web of Trust.")?><br><br>
- <u><?=_("Limitations")?>:</u> <?=_("The number of assurance point you have will limit the maximum assurance points you can issue for people you assure.")?><br><br>
- <u><?=_("Verification needed")?>:</u> <?=_("You will need to be issued 100 points by meeting with existing assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents; OR if it is too difficult to meet up with existing assurers in your area, meet with two Trusted Third Party assurers (notary public, justice of the peace, lawyer, bank manager, accountant) to do the verifying.")?><br><br>
- </td>
- </tr>
- <tr>
- <td class="DataTD">
- <h4><?=_("Become a member of the CAcert Association")?></h4>
- </td>
- <td class="DataTD">
- <u><?=_("Benefits")?>:</u> <?=_("You get a vote in how CAcert (a non-profit association incorporated in Australia) is run; be eligible for positions on the CAcert board.")?><br><br>
- <u><?=_("Limitations")?>:</u> <?=_("None, the sky is the limit for CAcert.")?><br><br>
- <u><?=_("Verification needed")?>:</u> <?=_("None; $10 USD per year membership fee.")?><br><br>
- </td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2">
- (*) <?=_("Please note a general limitation is that, unlike long-time players like Verisign, CAcert's root certificate is not included by default in mainstream browsers, email clients, etc. This means people to whom you send encrypted email, or users who visit your SSL-enabled web server, will first have to import CAcert's root certificate, or they will have to agree to pop-up security warnings (which may look a little scary to non-techy users).")?>
- </td>
- </tr>
-</table>
-<br>
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_("This page has been moved to the %swiki%s. Please update your ".
+ "bookmarks and report any broken links."),
+ '<a href="//wiki.cacert.org/FAQ/Privileges">', '</a>');
+?>
+</p> \ No newline at end of file
diff --git a/pages/index/3.php b/pages/index/3.php
index ad493f2..c2cb391 100644
--- a/pages/index/3.php
+++ b/pages/index/3.php
@@ -35,8 +35,12 @@ Class 3 <?=_("PKI Key")?><br>
<a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a><br/>
<a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a><br/>
<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a><br/>
-<?=_("Fingerprint")?> SHA1: DB:4C:42:69:07:3F:E9:C2:A3:7D:89:0A:5C:1B:18:C4:18:4E:2A:2D<br/>
-<?=_("Fingerprint")?> MD5: 73:3F:35:54:1D:44:C9:E9:5A:4A:EF:51:AD:03:06:B6<br/>
+<?php /*
+ class3 subroot fingerprint updated: 2011-05-23 class3 Re-sign project
+ https://wiki.cacert.org/Roots/Class3ResignProcedure/Migration
+*/ ?>
+<?=_("Fingerprint")?> SHA1: AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE<br/>
+<?=_("Fingerprint")?> MD5: F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42<br/>
</p>
<p>
@@ -79,3 +83,10 @@ TG1yj+lkktROGGyn0hJ5SbM=
-----END PGP SIGNATURE-----
</pre>
</p>
+
+<p>
+<? printf(_('An overview over all CA certificates ever issued can be found in '.
+ '%sthe wiki%s.'),
+ '<a href="//wiki.cacert.org/Roots/StateOverview">',
+ '</a>') ?>
+</p>
diff --git a/pages/index/6.php b/pages/index/6.php
index 8eefa44..fe57d81 100644
--- a/pages/index/6.php
+++ b/pages/index/6.php
@@ -16,9 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
-<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br>
-<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br>
-<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?>
+<?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?>
</p>
<form method="post" action="index.php" autocomplete="off">
diff --git a/pages/index/8.php b/pages/index/8.php
index e45090d..4d515a6 100644
--- a/pages/index/8.php
+++ b/pages/index/8.php
@@ -15,16 +15,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<p><b><? printf(_("The current %s board, and roles."), "CAcert Inc."); ?></b></p>
-<p>
-Lambert Hofstra - <?=_("President")?><br/>
-Peter Yuill - <?=_("Vice President")?><br/>
-Alexander Prinsier - <?=_("Treasurer")?><br/>
-Mario Lipinski - <?=_("Secretary")?><br/>
-Piers Lauder - <?=_("member")?><br/>
-Ian Grigg - <?=_("member")?><br/>
-Dirk Astrath - <?=_("member")?><br/>
+<p style="background-color: #FF8080; font-size: 150%">
+<?
+printf(_("This page has been moved to the %swiki%s. Please update your ".
+ "bookmarks and report any broken links."),
+ '<a href="//wiki.cacert.org/Board">', '</a>');
+?>
</p>
-Kevin Dawson - <?=_("Public Officer")?><br />
-<br />
-More detailed informations can be found in the CAcert wiki under <a href="//wiki.cacert.org/Board"><?=_("CAcert Board")?></a>
diff --git a/pages/wot/10.php b/pages/wot/10.php
index 51ed019..bc76a86 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -16,6 +16,8 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
+ $thawte = false;
+
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -43,6 +45,11 @@
<td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($rc), intval($rank))?></td>
</tr>
</table>
+<center>
+<br>
+<?=sprintf(_("The calculation of points will be changed in the near future. Please check the %s new calculation %s"), "<a href='/wot.php?id=15'>", "</a>")?>
+<br>
+</center>
<br>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -71,13 +78,27 @@
<td class="DataTD"><?=$row['location']?></td>
<td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td>
</tr>
-<? } ?>
+<?
+ $thawte = ($row['method'] == "Thawte Points Transfer") || $thawte;
+} ?>
<tr>
<td class="DataTD" colspan="3"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD"><?=intval($_SESSION['profile']['points'])?></td>
<td class="DataTD" colspan="2">&nbsp;</td>
</tr>
</table>
+<?
+if ($thawte)
+{
+?>
+<br>
+<center>
+<strong style='color: red'>
+<?=_("Your Thawte-Points will be revoked in the near future. Please check new calculation!");?>
+<br>
+</strong>
+</center>
+<?}?>
<br>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
diff --git a/pages/wot/15.php b/pages/wot/15.php
new file mode 100644
index 0000000..8579588
--- /dev/null
+++ b/pages/wot/15.php
@@ -0,0 +1,29 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+ include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php");
+
+ $userid = intval($_SESSION['profile']['id']);
+
+ output_ranking($userid);
+ output_summary($userid);
+ output_given_assurances($userid);
+ output_received_assurances($userid);
+
+ output_end_of_page();
+?>
diff --git a/password.dat.sample b/password.dat.sample
index f9bbb55..f9bbb55 100755..100644
--- a/password.dat.sample
+++ b/password.dat.sample
diff --git a/scripts/31de-lt2011-berlin-email.txt b/scripts/31de-lt2011-berlin-email.txt
new file mode 100644
index 0000000..85b0ff5
--- /dev/null
+++ b/scripts/31de-lt2011-berlin-email.txt
@@ -0,0 +1,20 @@
+Hallo CAcert Assurers,
+
+Der diesjaehrige Linuxtag hat begonnen.
+
+Leider ohne CAcert Teilnahme mit einem leeren Stand ....
+
+Wir suchen noch haenderingend Assurer rund um Berlin die Donnerstag und Freitag noch auf dem Stand aushelfen koennen.
+
+Der Stand ist in bester Lage (Mozilla hatte abgesagt, und wir haben deren Stand bekommen). Der leere Stand wirft natuerlich kein gutes Licht auf CAcert.
+
+Aus dem Grund benoetigen wir jede Hilfe, die wir noch bekommen koennen. Auch wenn es vielleicht nur fuer einen halben Tag ist.
+
+Bis zu 7 Karten koennen wir noch zur Verfuegung stellen, sofern ihr eure Mithilfe angebietet.
+
+Hierzu eine kurze Rueckantwort an events@cacert.org
+
+Vielen Dank fuer Eure Unterstuetzung im Vorraus.
+
+
+Kontakt: events@cacert.org
diff --git a/scripts/31de-lt2011-berlin-mail.php.txt b/scripts/31de-lt2011-berlin-mail.php.txt
new file mode 100644
index 0000000..96a6241
--- /dev/null
+++ b/scripts/31de-lt2011-berlin-mail.php.txt
@@ -0,0 +1,152 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("31de-lt2011-berlin-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 50;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 520340; // Duesseldorf
+// $locid = 1260319; // Muenchen
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+
+// Software Freedom Day 19. Sept 2009
+// $locid = 715191; // Hamburg
+
+// LISA2009 Baltimore, 1.11.2009
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $city = "Baltimore, MD - Nov. 3rd 2009";
+
+// OpenSourceTreffen-Muenchen, 20.11.2009
+// $locid = 1260319; // Muenchen
+// $city = "Muenchen - 20. Nov 2009";
+
+// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
+// $locid = 1486658; // Potsdam
+// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
+// $city = "Potsdam - 21. Nov 2009";
+
+// ATE-Goteborg, 16.12.2009
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $eventname = "ATE-Goteborg";
+// $city = "Goteborg - Dec 16th 2009";
+
+// Assurance Event Mission Hills CA, 15.01.2010
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $eventname = "Assurance Event";
+// $city = "Mission Hills CA - Jan 15th 2010";
+
+// Assurance Event OSD Copenhagen DK, 5.03.2010
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $eventname = "Assurance Event OpenSource-Days 2010";
+// $city = "Copenhagen DK - March 5th/6th 2010";
+
+// SCALE 8x Los Angeles, CA, Feb 19-21 2010
+// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
+// $eventname = "SCALE 8x 2010";
+// $city = "Los Angeles, CA - February 19-21 2010";
+
+// ATE Sydney, AU, Mar 24 2010
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $eventname = "ATE-Sydney";
+// $city = "March 24, 2010";
+
+// ATE Essen, DE, Sept 28 2010
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $eventname = "ATE-Essen";
+// $city = "September 28, 2010";
+
+// ATE Aachen, DE, Oct 4th 2010
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $eventname = "ATE-Aachen";
+// $city = "October 4th, 2010";
+
+// ATE Muenchen, DE, Apr 2nd 2011
+// $locid = 1260319; // Muenchen
+// $eventname = "ATE-Muenchen";
+// $city = "2. April, 2011";
+
+
+// Linuxtag, Berlin, May 11, 2011,
+ $locid = 228950; // Berlin
+ $eventname = "Linuxtag Berlin";
+ $city = "11.-14. Mai, 2011";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ echo "invitation sent to $xrows recipients.\n";
+?>
diff --git a/scripts/32de-ate-bonn-email.txt b/scripts/32de-ate-bonn-email.txt
new file mode 100644
index 0000000..5c830a6
--- /dev/null
+++ b/scripts/32de-ate-bonn-email.txt
@@ -0,0 +1,38 @@
+Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen:
+
+Ein ATE ist eine Veranstaltung zur Qualitaetssicherung des CAcert Web-of-Trusts, denn im Gegensatz zu vielen kommerziellen Zertifikats-Ausstellern findet bei CAcert keine zentralisierte Identitaetsueberpruefung beim Aussteller statt.
+
+Statt dessen gibt es ein Netzwerk aus Freiwilligen (Assurern), gegenueber denen sich ein Interessent (Assuree) ausweisen kann, um sich seine Identitaet bestaetigen zu lassen.
+Diese Bestaetigung ist Voraussetzung dafuer, dass sich der Interessent spaeter Zertifikate generieren lassen kann, die seinen Namen enthalten.
+
+Fuer das Web-of-Trust gibt es ein Regelwerk, CAcert Community Agreement (CCA), Assurance Policy und Assurance Handbook seien beispielhaft genannt.
+
+Das ATE schult die CAcert Assurer ueber Neuerungen im Regelwerk und hilft, Kenntnisse aufzufrischen:
+
+- Was hast du auf dem CAP Formular hinzuzufuegen, wenn du Minderjaehrige ueberpruefst ?
+- Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln koennen sollst ?
+- Unter welchen Umstaenden koennen z.Bsp. niederlaendische Rufnamen akzeptiert werden?
+
+Antworten auf diese und weitere Fragen erhaelst du bei den Assurer Training Events (ATEs).
+
+Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung trainiert und auditiert, um die Qualitaet der Assurances in der taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, wie diese vermieden werden koennen.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally recommended for all Assurers, and include parts which contribute directly to our audit. Come and find out how you can also contribute.
+
+Die kommende Veranstaltung in deiner Naehe findet statt am:
+
+- Mittwoch den 08. Juni 2011
+- in der Zeit von: 19:00 - ca. 22:00 Uhr
+- im Jugendzentrum St. Martin
+- Heilsbachstr. 4
+- 53123 Bonn
+
+Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
+Wiki [http://wiki.cacert.org/Events/2011-06-08-ATE-Bonn]
+Blog [http://blog.cacert.org/2011/05/514.html]
+
+Teilnehmer Registrierung mit Rueckantwort: 'Ich moechte am ATE-Bonn teilnehmen'
+
+Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
+
+Kontakt: events@cacert.org
diff --git a/scripts/32de-ate-bonn-mail.php.txt b/scripts/32de-ate-bonn-mail.php.txt
new file mode 100644
index 0000000..ea8c579
--- /dev/null
+++ b/scripts/32de-ate-bonn-mail.php.txt
@@ -0,0 +1,151 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("32de-ate-bonn-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 520340; // Duesseldorf
+// $locid = 1260319; // Muenchen
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+
+// Software Freedom Day 19. Sept 2009
+// $locid = 715191; // Hamburg
+
+// LISA2009 Baltimore, 1.11.2009
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $city = "Baltimore, MD - Nov. 3rd 2009";
+
+// OpenSourceTreffen-Muenchen, 20.11.2009
+// $locid = 1260319; // Muenchen
+// $city = "Muenchen - 20. Nov 2009";
+
+// BLIT2009, Brandenburger Linux-Infotag, 21.11.2009
+// $locid = 1486658; // Potsdam
+// $eventname = "Brandenburger Linux-Infotag (BLIT2009)";
+// $city = "Potsdam - 21. Nov 2009";
+
+// ATE-Goteborg, 16.12.2009
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $eventname = "ATE-Goteborg";
+// $city = "Goteborg - Dec 16th 2009";
+
+// Assurance Event Mission Hills CA, 15.01.2010
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $eventname = "Assurance Event";
+// $city = "Mission Hills CA - Jan 15th 2010";
+
+// Assurance Event OSD Copenhagen DK, 5.03.2010
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $eventname = "Assurance Event OpenSource-Days 2010";
+// $city = "Copenhagen DK - March 5th/6th 2010";
+
+// SCALE 8x Los Angeles, CA, Feb 19-21 2010
+// $locid = 2093625; // Copenhagen, Kobenhavn*, Denmark
+// $eventname = "SCALE 8x 2010";
+// $city = "Los Angeles, CA - February 19-21 2010";
+
+// ATE Sydney, AU, Mar 24 2010
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $eventname = "ATE-Sydney";
+// $city = "March 24, 2010";
+
+// ATE Essen, DE, Sept 28 2010
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $eventname = "ATE-Essen";
+// $city = "September 28, 2010";
+
+// ATE Aachen, DE, Oct 4th 2010
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $eventname = "ATE-Aachen";
+// $city = "October 4th, 2010";
+
+// ATE Muenchen, DE, Apr 2nd 2011
+// $locid = 1260319; // Muenchen
+// $eventname = "ATE-Muenchen";
+// $city = "2. April, 2011";
+
+// ATE Bonn, DE, Jun 8th 2011
+ $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+ $eventname = "ATE-Bonn";
+ $city = "8. Juni, 2011";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/33us-ate-wdc-email.txt b/scripts/33us-ate-wdc-email.txt
new file mode 100644
index 0000000..6547347
--- /dev/null
+++ b/scripts/33us-ate-wdc-email.txt
@@ -0,0 +1,40 @@
+CAcert Assurer Training Event -- Washington DC / Chantilly
+::::::::::::::::::::::::::::::::::::::::::::::::::
+
+Dear Member of the CAcert Community,
+
+Much has happened during recent years. The old way of orally-transmitted
+procedures has now gone, and our rules have been cast into formal
+policies. New procedures (e.g. the Assurer Challenge) and obligations
+(e.g. in the CAcert Community Agreement) have been approved.
+
+The Assurer Training Events bring all this to you, the Assurer, and the
+Community:
+
+- What do you have to add onto the CAP form if you assure minors ?
+- What are the 2 essential CCA points you have to present an Assuree ?
+- Who can access the Member's privacy information?
+
+Answers to these and many other questions typically faced by Assurers
+are given at the Assurer Training Events (ATEs). Bring your ID for
+assurances. Especially note that Tverify/Thawte people need to boost up
+their Assurance Points.
+
+ATE-WDC takes place at:
+* Saturday, June 18th, 2011
+* Eggspectations Restaurant, Westone Plaza, Chantilly VA.
+* 12:00 - 16:30
+
+For Registration please reply: 'I will attend ATE-Washington'
+
+Don't forget your ID!
+
+We are looking forward to hearing from you.
+
+
+- Best regards from the Event Team!
+
+
+PS: Contact: events@cacert.org
+Location, Transportation and other event details at
+[https://wiki.cacert.org/Events/20110618ATE-WashingtonDC]
diff --git a/scripts/33us-ate-wdc-mail.php.txt b/scripts/33us-ate-wdc-mail.php.txt
new file mode 100644
index 0000000..117fadb
--- /dev/null
+++ b/scripts/33us-ate-wdc-mail.php.txt
@@ -0,0 +1,108 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("33us-ate-wdc-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 520340; // Duesseldorf
+// $locid = 1260319; // Muenchen
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, US
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+
+// ATE Bonn, DE, Jun 8th 2011
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $eventname = "ATE-Bonn";
+// $city = "8. Juni, 2011";
+
+// ATE Washington DC, US, Jun 18th 2011
+ $locid = 2102723; // Washington (District of Columbia, ..., US
+ $eventname = "ATE-Washington-DC";
+ $city = "June 18th, 2011";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/34us-ate-wdc-email.txt b/scripts/34us-ate-wdc-email.txt
new file mode 100644
index 0000000..7735ed8
--- /dev/null
+++ b/scripts/34us-ate-wdc-email.txt
@@ -0,0 +1,21 @@
+Dear Member of the CAcert Community,
+
+Just a quick final reminder that we will hold an ATE - Assurer Training Event - in Chantilly, VA this coming Saturday, 12:00.
+
+It's a lunch time event in a private room, so come hungry to the Eggspectations Restaurant in Westone Plaza.
+
+Assurers and prospective Assurers are the intended audience. We also invite those who just want the chance to get assured. (Note that old Tverify / Thawte points are gone, and if you haven't done our fabulously entertaining *Assurer Challenge* you are not an Assurer anymore.)
+
+Bring your ID documents and some CAP forms!
+
+- Best regards from the Event Team!
+
+ATE-WDC takes place at:
+* Saturday, June 18th, 2011
+* Eggspectations Restaurant, Westone Plaza, Chantilly VA.
+* 12:00 - 16:30
+* more: [http://wiki.cacert.org/Events/20110618ATE-WashingtonDC]
+
+For Registration please reply: 'I will attend ATE-Washington'
+
+Contact: events@cacert.org
diff --git a/scripts/34us-ate-wdc-mail.php.txt b/scripts/34us-ate-wdc-mail.php.txt
new file mode 100644
index 0000000..6478d45
--- /dev/null
+++ b/scripts/34us-ate-wdc-mail.php.txt
@@ -0,0 +1,108 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("34us-ate-wdc-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 520340; // Duesseldorf
+// $locid = 1260319; // Muenchen
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, US
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+
+// ATE Bonn, DE, Jun 8th 2011
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $eventname = "ATE-Bonn";
+// $city = "8. Juni, 2011";
+
+// ATE Washington DC, US, Jun 18th 2011
+ $locid = 2102723; // Washington (District of Columbia, ..., US
+ $eventname = "ATE-Washington-DC getting closer";
+ $city = "June 18th, 2011";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/35us-ate-ny-email.txt b/scripts/35us-ate-ny-email.txt
new file mode 100644
index 0000000..7ee95bf
--- /dev/null
+++ b/scripts/35us-ate-ny-email.txt
@@ -0,0 +1,22 @@
+Dear Member of the CAcert Community,
+
+We have a possibility to run an Assurer Training Event in New York in the period June 20th to 26. One of our co-auditor-presenters is in Washington DC for the ATE on the 18th, and is willing to make the trip.
+
+ - Can you help? Can you attend?
+
+If you are interested in attending, please reply to this email with "I want to attend an ATE in New York, I prefer XXXXX dates."
+
+*If you can help then please contact us*. We need some combination of these things:
+
+ * on-ground contact person
+ * venue good for everyone to get to, about 3 hours access
+ * accomodation
+
+To read more about our popular tour of ATEs:
+ * https://wiki.cacert.org/ATE
+ * https://wiki.cacert.org/Events/20110618ATE-WashingtonDC
+
+- Best regards from the Event Team!
+
+
+PS: Contact: events@cacert.org
diff --git a/scripts/35us-ate-ny-mail.php.txt b/scripts/35us-ate-ny-mail.php.txt
new file mode 100644
index 0000000..01b2d5d
--- /dev/null
+++ b/scripts/35us-ate-ny-mail.php.txt
@@ -0,0 +1,109 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("35us-ate-ny-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 520340; // Duesseldorf
+// $locid = 1260319; // Muenchen
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, US
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+
+// ATE Washington DC, US, Jun 18th 2011
+// $locid = 2102723; // Washington (District of Columbia, ..., US
+// $eventname = "ATE-Washington-DC getting closer";
+// $city = "June 18th, 2011";
+
+// ATE Washington DC, US, Jun 18th 2011
+ $locid = 2177566; // New York (Bronx), New York, United States
+ $eventname = "ATE-New York";
+ $city = "period June 20th to 26, 2011";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/36us-ate-ny-email.txt b/scripts/36us-ate-ny-email.txt
new file mode 100644
index 0000000..6cd1ef1
--- /dev/null
+++ b/scripts/36us-ate-ny-email.txt
@@ -0,0 +1,34 @@
+CAcert Assurer Training Event -- New York / Rutgers / Piscataway, NJ
+::::::::::::::::::::::::::::::::::::::::::::::::::
+
+Dear Member of the CAcert Community,
+
+Much has happened during recent years. The old way of orally-transmitted procedures has now gone, and our rules have been cast into formal policies. New procedures (e.g. the Assurer Challenge) and obligations (e.g. in the CAcert Community Agreement) have been approved.
+
+The Assurer Training Events bring all this to you, the Assurer, and the Community:
+
+- What do you have to add onto the CAP form if you assure minors ?
+- What are the 2 essential CCA points you have to present an Assuree ?
+- Who can access the Member's privacy information?
+
+Answers to these and many other questions typically faced by Assurers are given at the Assurer Training Events (ATEs). Bring your ID for assurances. Especially note that Tverify/Thawte people need to boost up their Assurance Points.
+
+ATE-NY takes place at:
+* Monday, June 20th, 2011
+* Rutgers Department of Computer Science, Piscataway, NJ
+* 1pm - 4pm
+
+For Registration please reply: 'I will attend ATE-NY'
+
+Don't forget your ID!
+
+We are looking forward to hearing from you.
+
+
+- Best regards from the Event Team!
+
+
+PS: Contact: events@cacert.org
+Location, Transportation and other event details at
+[https://wiki.cacert.org/Events/20110620ATE-NewYork]
+
diff --git a/scripts/36us-ate-ny-mail.php.txt b/scripts/36us-ate-ny-mail.php.txt
new file mode 100644
index 0000000..1f75bb1
--- /dev/null
+++ b/scripts/36us-ate-ny-mail.php.txt
@@ -0,0 +1,109 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("36us-ate-ny-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 520340; // Duesseldorf
+// $locid = 1260319; // Muenchen
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, US
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+
+// ATE Washington DC, US, Jun 18th 2011
+// $locid = 2102723; // Washington (District of Columbia, ..., US
+// $eventname = "ATE-Washington-DC getting closer";
+// $city = "June 18th, 2011";
+
+// ATE Washington DC, US, Jun 18th 2011
+ $locid = 2177566; // New York (Bronx), New York, United States
+ $eventname = "ATE-New York / Rutgers / Piscataway, NJ";
+ $city = "June 20th, 2011";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/37de-blit2011-email.txt b/scripts/37de-blit2011-email.txt
new file mode 100644
index 0000000..365bd5b
--- /dev/null
+++ b/scripts/37de-blit2011-email.txt
@@ -0,0 +1,18 @@
+8. Brandenburger Linux-Infotag 2011 -- Helfer Gesucht
+:::::::::::::::::::::::::::::::::::::::::::::::::::::
+
+Hallo CAcerties,
+
+am Samstag, dem 5. November 2011 moechte sich CAcert mit einem Stand auf dem 8. Brandenburger Linux-Infotag 2011 (Motto: "Freie Gedanken - Freie Systeme") praesentieren. Hierzu wurde nun im Wiki eine Organisationsseite eingerichtet, auf der Ihr Euch als Helfer eintragen koennt
+ http://wiki.cacert.org/events/BLIT2011
+Sofern Ihr aus Berlin, Potsdam sowie Umgebung oder von woanders kommt und Zeit wie auch Lust habt, dann tragt Euch bitte, gerne auch nur fuer einen
+bestimmten Zeitraum, ein. Wer in den vergangenen Jahren dabei war, weiss vieviel Spass es allen gemacht hat!
+
+Auf der Veranstaltung sind Professoren, wissenschaftliche Mitarbeiter und in jedem Fall viele Studenten zu erwarten. Es waere daher super, wenn wir dort moeglichst viele von CAcert ueberzeugen koennen, um dort eine neue Keimzelle entstehen lassen zu koennen. Daher benoetigen wir mindestens drei Assurer, um 100 Punkte vergeben zu koennen.
+
+Wir freuen uns auf Eure Mithilfe.
+
+
+Wiki Organisationsseite: [http://wiki.cacert.org/events/BLIT2011]
+
+Kontakt: events@cacert.org
diff --git a/scripts/37de-blit2011-mail.php.txt b/scripts/37de-blit2011-mail.php.txt
new file mode 100644
index 0000000..e0ecead
--- /dev/null
+++ b/scripts/37de-blit2011-mail.php.txt
@@ -0,0 +1,106 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("37de-blit2011-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 520340; // Duesseldorf
+// $locid = 1260319; // Muenchen
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, US
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 2102723; // Washington (District of Columbia, ..., US
+// $locid = 2177566; // New York (Bronx), New York, United States
+
+// BLIT2011
+ $locid = 1486658; // Potsdam
+ $eventname = "8. Brandenburger Linux-Infotag 2011 - Potsdam";
+ $city = "5. Nov 2011";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/DumpWeakCerts.pl b/scripts/DumpWeakCerts.pl
new file mode 100644
index 0000000..580390e
--- /dev/null
+++ b/scripts/DumpWeakCerts.pl
@@ -0,0 +1,193 @@
+#!/usr/bin/perl
+# Script to dump weak RSA certs (Exponent 3 or Modulus size < 1024) according to https://bugs.cacert.org/view.php?id=918
+# and https://wiki.cacert.org/Arbitrations/a20110312.1
+# Extended to be used for https://bugs.cacert.org/view.php?id=954
+
+use strict;
+use warnings;
+
+use DBI;
+
+my $cacert_db_config;
+my $cacert_db_user;
+my $cacert_db_password;
+
+# Read database access data from the config file
+eval `cat perl_mysql`;
+
+my $dbh = DBI->connect($cacert_db_config, $cacert_db_user, $cacert_db_password, { RaiseError => 1, AutoCommit => 0 } ) || die "Cannot connect database: $DBI::errstr";
+
+my $sth_certs;
+my $sth_userdata;
+
+my $cert_domid;
+my $cert_userid;
+my $cert_orgid;
+my $cert_CN;
+my $cert_expire;
+my $cert_filename;
+my $cert_serial;
+my $cert_recid;
+
+my $user_email;
+my $user_firstname;
+
+my $reason;
+
+my $grace_time_days = 0; # 14 used for bug#918
+
+my @row;
+
+sub IsWeak($) {
+ my ($CertFileName) = @_;
+
+ my $ModulusSize = 0;
+ my $Exponent = 0;
+ my $result = 0;
+
+
+# Code for Testing only! Hardcoding some filenames to fail the tests.
+#
+# if ($CertFileName eq '../crt/server/301/server-301988.crt' ||
+# $CertFileName eq '../crt/client/258/client-258856.crt' ||
+# $CertFileName eq '../crt/orgserver/2/orgserver-2635.crt' ||
+# $CertFileName eq '../crt/orgclient/0/orgclient-808.crt') {
+# return "Test";
+# }
+
+ # Do key size and exponent checking for RSA keys
+ open(CERTTEXT, '-|', "openssl x509 -in $CertFileName -noout -text") || die "Cannot start openssl";
+ while (<CERTTEXT>) {
+ if (/^ +([^ ]+) Public Key:/) {
+ last if ($1 ne "RSA");
+ }
+ if (/^ +Modulus \((\d+) bit\)/) {
+ $ModulusSize = $1;
+ }
+ if (/^ +Exponent: (\d+)/) {
+ $Exponent = $1;
+ last;
+ }
+ }
+ close(CERTTEXT);
+ if ($ModulusSize > 0 && $Exponent > 0) {
+ if ($ModulusSize < 1024 || $Exponent==3) {
+ $result = "SmallKey";
+ }
+ }
+
+ if (!$result) {
+ # Check with openssl-vulnkey
+ # This is currently not tested, if you don't know what you are doing leave it commented!
+ if (system("openssl-vulnkey -q $CertFileName") != 0) {
+ $result = "openssl-vulnkey";
+ }
+ }
+
+ return $result;
+}
+
+# Select only certificates expiring in more than two weeks, since two weeks will probably be needed as turnaround time
+# Get all domain certificates
+$sth_certs = $dbh->prepare(
+ "SELECT `dc`.`domid`, `dc`.`CN`, `dc`.`expire`, `dc`.`crt_name`, `dc`.`serial`, `dc`.`id` ".
+ " FROM `domaincerts` AS `dc` ".
+ " WHERE `dc`.`revoked`=0 AND `dc`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)");
+$sth_certs->execute();
+
+$sth_userdata = $dbh->prepare(
+ "SELECT `u`.`email`, `u`.`fname` ".
+ " FROM `domains` AS `d`, `users` AS `u` ".
+ " WHERE `d`.`memid`=`u`.`id` AND `d`.`id`=?");
+
+while(($cert_domid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) {
+ if (-f $cert_filename) {
+ $reason = IsWeak($cert_filename);
+ if ($reason) {
+ $sth_userdata->execute($cert_domid);
+ ($user_email, $user_firstname) = $sth_userdata->fetchrow_array();
+ print join("\t", ('DomainCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n";
+ $sth_userdata->finish();
+ }
+ }
+}
+$sth_certs->finish();
+
+# Get all email certificates
+$sth_certs = $dbh->prepare(
+ "SELECT `ec`.`memid`, `ec`.`CN`, `ec`.`expire`, `ec`.`crt_name`, `ec`.`serial`, `ec`.`id` ".
+ " FROM `emailcerts` AS `ec` ".
+ " WHERE `ec`.`revoked`=0 AND `ec`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)");
+$sth_certs->execute();
+
+$sth_userdata = $dbh->prepare(
+ "SELECT `u`.`email`, `u`.`fname` ".
+ " FROM `users` AS `u` ".
+ " WHERE `u`.`id`=?");
+
+while(($cert_userid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) {
+ if (-f $cert_filename) {
+ $reason = IsWeak($cert_filename);
+ if ($reason) {
+ $sth_userdata->execute($cert_userid);
+ ($user_email, $user_firstname) = $sth_userdata->fetchrow_array();
+ print join("\t", ('EmailCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n";
+ $sth_userdata->finish();
+ }
+ }
+}
+$sth_certs->finish();
+
+# Get all Org Server certificates, notify all admins of the Org!
+$sth_certs = $dbh->prepare(
+ "SELECT `dc`.`orgid`, `dc`.`CN`, `dc`.`expire`, `dc`.`crt_name`, `dc`.`serial`, `dc`.`id` ".
+ " FROM `orgdomaincerts` AS `dc` ".
+ " WHERE `dc`.`revoked`=0 AND `dc`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)");
+$sth_certs->execute();
+
+$sth_userdata = $dbh->prepare(
+ "SELECT `u`.`email`, `u`.`fname` ".
+ " FROM `users` AS `u`, `org` ".
+ " WHERE `u`.`id`=`org`.`memid` and `org`.`orgid`=?");
+
+while(($cert_orgid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) {
+ if (-f $cert_filename) {
+ $reason = IsWeak($cert_filename);
+ if ($reason) {
+ $sth_userdata->execute($cert_orgid);
+ while(($user_email, $user_firstname) = $sth_userdata->fetchrow_array()) {
+ print join("\t", ('OrgServerCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n";
+ }
+ $sth_userdata->finish();
+ }
+ }
+}
+$sth_certs->finish();
+
+# Get all Org Email certificates, notify all admins of the Org!
+$sth_certs = $dbh->prepare(
+ "SELECT `ec`.`orgid`, `ec`.`CN`, `ec`.`expire`, `ec`.`crt_name`, `ec`.`serial`, `ec`.`id` ".
+ " FROM `orgemailcerts` AS `ec` ".
+ " WHERE `ec`.`revoked`=0 AND `ec`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)");
+$sth_certs->execute();
+
+$sth_userdata = $dbh->prepare(
+ "SELECT `u`.`email`, `u`.`fname` ".
+ " FROM `users` AS `u`, `org` ".
+ " WHERE `u`.`id`=`org`.`memid` and `org`.`orgid`=?");
+
+while(($cert_orgid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) {
+ if (-f $cert_filename) {
+ $reason = IsWeak($cert_filename);
+ if ($reason) {
+ $sth_userdata->execute($cert_orgid);
+ while(($user_email, $user_firstname) = $sth_userdata->fetchrow_array()) {
+ print join("\t", ('OrgEmailCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n";
+ }
+ $sth_userdata->finish();
+ }
+ }
+}
+$sth_certs->finish();
+
+$dbh->disconnect();
diff --git a/scripts/db_migrations/version1.sh b/scripts/db_migrations/version1.sh
new file mode 100755
index 0000000..48e24f9
--- /dev/null
+++ b/scripts/db_migrations/version1.sh
@@ -0,0 +1,164 @@
+#!/bin/sh
+# LibreSSL - CAcert web application
+# Copyright (C) 2004-2011 CAcert Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+
+# script to do database migrations
+
+# This particular version migrates from the preversioned state to version 1
+# If you want to reuse it for further migrations you probably should pay special
+# attention because you have to adjust it a bit
+
+set -e # script fails if any command fails
+
+STDIN=0
+STDOUT=1
+STDERR=2
+
+if [ "$1" = "--help" ]; then
+ cat >&$STDERR <<- USAGE
+ Usage: $0 [MYSQL_OPTIONS]
+ You have to specify all options needed by "mysql" as if you had started
+ the MySQL command line client directly (including the name of the
+ database to operate on). The MySQL user used has to have enough
+ privileges to do all necessary operations (among others CREATE, ALTER,
+ DROP, UPDATE, INSERT, DELETE).
+ You might need to enter the mysql password multiple times if you
+ specify the -p option.
+ USAGE
+ exit 1
+fi
+
+mysql_opt=" --batch --skip-column-names $@"
+
+schema_version=$( mysql $mysql_opt <<- 'SQL'
+ CREATE TABLE IF NOT EXISTS `schema_version` (
+ `id` int(11) PRIMARY KEY auto_increment,
+ `version` int(11) NOT NULL UNIQUE,
+ `when` datetime NOT NULL
+ ) DEFAULT CHARSET=latin1;
+
+ SELECT MAX(`version`) FROM `schema_version`;
+SQL
+)
+
+if [ $schema_version != "NULL" ]; then
+ cat >&$STDERR <<- ERROR
+ Error: database schema is not in the right version to do the migration!
+ Expected version: 0 (i.e. the version before there was versioning)
+ ERROR
+ exit 2
+fi
+
+
+mysql $mysql_opt <<- 'SQL'
+ -- CCA agreements and such
+ CREATE TABLE `user_agreements` (
+ `id` int(11) PRIMARY KEY auto_increment,
+
+ -- the user that agrees
+ `memid` int(11) NOT NULL,
+
+ -- user that is involved in the agreement (e.g. Assurer)
+ `secmemid` int(11) DEFAULT NULL,
+
+ -- what is being agreed to? e.g. CCA
+ `document` varchar(50) DEFAULT NULL,
+
+ -- when did the agreement take place?
+ `date` datetime DEFAULT NULL,
+
+ -- whether the user actively agreed or if the agreement took place via
+ -- an indirect process (e.g. Assurance)
+ `active` int(1) NOT NULL,
+
+ -- in which process did the agreement take place (e.g. certificate
+ -- issuance, account creation, assurance)
+ `method` varchar(100) NOT NULL,
+
+ -- user comment
+ `comment` varchar(100) DEFAULT NULL
+ ) DEFAULT CHARSET=latin1;
+
+
+ -- description for all certs to make identifying a cert easier
+ ALTER TABLE `domaincerts` ADD `description` varchar(100) NOT NULL
+ DEFAULT '';
+ ALTER TABLE `emailcerts` ADD `description` varchar(100) NOT NULL
+ DEFAULT '';
+ ALTER TABLE `gpg` ADD `description` varchar(100) NOT NULL
+ DEFAULT '';
+ ALTER TABLE `orgdomaincerts` ADD `description` varchar(100) NOT NULL
+ DEFAULT '';
+ ALTER TABLE `orgemailcerts` ADD `description` varchar(100) NOT NULL
+ DEFAULT '';
+
+
+ -- Bugs #855, #863, #864, #888
+ ALTER TABLE `notary`
+ -- allow for marking as deleted instead of really deleting
+ ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+
+ -- add "TOPUP" as method for point transfers (for TTP)
+ MODIFY `method`
+ enum(
+ 'Face to Face Meeting',
+ 'Trusted Third Parties',
+ 'Thawte Points Transfer',
+ 'Administrative Increase',
+ 'CT Magazine - Germany',
+ 'Temporary Increase',
+ 'Unknown',
+ 'TOPUP'
+ ) NOT NULL DEFAULT 'Face to Face Meeting';
+
+
+
+ -- Organisation Assurance
+ ALTER TABLE `orginfo`
+ -- which Organisation Assurer entered the organisation?
+ ADD `creator_id` int(11) NOT NULL DEFAULT '0',
+
+ -- when was the organisation entered?
+ ADD `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+
+ -- allow for marking as deleted instead of really deleting
+ ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00';
+
+ ALTER TABLE `org`
+ -- which Organisation Assurer assigned the Organisation Admin?
+ ADD `creator_id` int(11) NOT NULL DEFAULT '0',
+
+ -- when was the Organisation Admin assigned?
+ ADD `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+
+ -- allow for marking as deleted instead of really deleting
+ ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00';
+
+
+
+
+ -- Update schema version number
+ INSERT INTO `schema_version`
+ (`version`, `when`) VALUES
+ ('1' , NOW() );
+SQL
+
+
+echo "Database successfully migrated to version 1"
+exit 0
+
diff --git a/scripts/mail-weak-keys.php b/scripts/mail-weak-keys.php
new file mode 100644
index 0000000..95c0e4f
--- /dev/null
+++ b/scripts/mail-weak-keys.php
@@ -0,0 +1,161 @@
+#!/usr/bin/php -q
+<? # Companion script to DumpWeakCerts.pl, takes output and sends a mail to each owner of a weak cert
+
+ function SendServerCertMail($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial, $action_date) {
+ $mail_text =
+"Dear $owner_name,
+
+CAcert recently became aware that some of the certificates signed by CAcert pose a security
+risk because they are backed by private keys that are vulnerable to attack.
+
+The security issues identified are:
+Private keys with a small key size. These keys are vulnerable to brute force attack.
+Private keys with an unsafe exponent. These keys are vulnerable to some specialised attacks.
+Private keys generated by a compromised version of OpenSSL distributed by Debian.
+
+You received this email because a certificate issued to you is vulnerable:
+
+Server Certificate, Serial $cert_serial, expiring $cert_expire, CN $cert_CN
+
+To rectify the problem CAcert will revoke all vulnerable certificates (including yours) on $action_date.
+CAcert will no longer accept vulnerable certificate requests for signing. In future all Certficate
+Signing Requests must be backed by private keys with a key length at least 2048 bits and no other known vulnerabilities.
+
+You should submit a new Certificate Signing Request of acceptable strength as soon as possible
+and replace your existing certificate.
+
+If you are interested in background information on this change please refer to this document:
+http://csrc.nist.gov/publications/nistpubs/800-78-3/sp800-78-3.pdf
+
+Kind regards
+CAcert Suport Team
+";
+ mail($cert_email, "[CAcert.org]CAcert Server Certificate - Urgent Action Required", $mail_text, "From: CAcert Support <support@cacert.org>\nReply-To: returns@cacert.org");
+ }
+
+ function SendClientMail($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial, $action_date) {
+ $mail_text =
+"Dear $owner_name,
+
+CAcert recently became aware that some of the certificates signed by CAcert pose a security
+risk because they are backed by private keys that are vulnerable to attack.
+
+The security issues identified are:
+Private keys with a small key size. These keys are vulnerable to brute force attack.
+Private keys with an unsafe exponent. These keys are vulnerable to some specialised attacks.
+Private keys generated by a compromised version of OpenSSL distributed by Debian.
+
+You received this email because a certificate issued to you is vulnerable:
+
+Client Certificate, Serial $cert_serial, expiring $cert_expire, CN $cert_CN
+
+To rectify the problem CAcert will revoke all vulnerable certificates (including yours) on $action_date.
+CAcert will no longer accept vulnerable certificate requests for signing. In future all
+client certficates must be backed by private keys with a key length at least 1024 bits
+and no other known vulnerabilities.
+
+This means that you should replace your current certificate with a new one of acceptable strength.
+If you use Firefox or Chrome, select 'Keysize: High Grade' before 'Create Certificate Request'.
+If you use Internet Explorer, select 'Microsoft Strong Cryptographic Provider'. If you select an
+option that generates a weak key (eg 'Microsoft Base Cryptographic Provider v1.0') your certficate
+request will be rejected.
+
+Kind regards
+CAcert Suport Team
+";
+ mail($cert_email, "[CAcert.org]CAcert Client Certificate - Urgent Action Required", $mail_text, "From: CAcert Support <support@cacert.org>\nReply-To: returns@cacert.org");
+ }
+
+ function SendOrgServerCertMail($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial, $action_date) {
+ $mail_text =
+"Dear $owner_name,
+
+CAcert recently became aware that some of the certificates signed by CAcert pose a security
+risk because they are backed by private keys that are vulnerable to attack.
+
+The security issues identified are:
+Private keys with a small key size. These keys are vulnerable to brute force attack.
+Private keys with an unsafe exponent. These keys are vulnerable to some specialised attacks.
+Private keys generated by a compromised version of OpenSSL distributed by Debian.
+
+You received this email because a certificate issued to you is vulnerable:
+
+Organisation Server Certificate, Serial $cert_serial, expiring $cert_expire, CN $cert_CN
+
+To rectify the problem CAcert will revoke all vulnerable certificates (including yours) on $action_date.
+CAcert will no longer accept vulnerable certificate requests for signing. In future all Certficate
+Signing Requests must be backed by private keys with a key length at least 2048 bits and no other known vulnerabilities.
+
+You should submit a new Certificate Signing Request of acceptable strength as soon as possible
+and replace your existing certificate.
+
+If you are interested in background information on this change please refer to this document:
+http://csrc.nist.gov/publications/nistpubs/800-78-3/sp800-78-3.pdf
+
+Kind regards
+CAcert Suport Team
+";
+ mail($cert_email, "[CAcert.org]CAcert Organisation Server Certificate - Urgent Action Required", $mail_text, "From: CAcert Support <support@cacert.org>\nReply-To: returns@cacert.org");
+ }
+
+ function SendOrgClientMail($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial, $action_date) {
+ $mail_text =
+"Dear $owner_name,
+
+CAcert recently became aware that some of the certificates signed by CAcert pose a security
+risk because they are backed by private keys that are vulnerable to attack.
+
+The security issues identified are:
+Private keys with a small key size. These keys are vulnerable to brute force attack.
+Private keys with an unsafe exponent. These keys are vulnerable to some specialised attacks.
+Private keys generated by a compromised version of OpenSSL distributed by Debian.
+
+You received this email because a certificate issued to you is vulnerable:
+
+Organisation Client Certificate, Serial $cert_serial, expiring $cert_expire, CN $cert_CN
+
+To rectify the problem CAcert will revoke all vulnerable certificates (including yours) on $action_date.
+CAcert will no longer accept vulnerable certificate requests for signing. In future all
+client certficates must be backed by private keys with a key length at least 1024 bits
+and no other known vulnerabilities.
+
+This means that you should replace your current certificate with a new one of acceptable strength.
+If you use Firefox or Chrome, select 'Keysize: High Grade' before 'Create Certificate Request'.
+If you use Internet Explorer, select 'Microsoft Strong Cryptographic Provider'. If you select an
+option that generates a weak key (eg 'Microsoft Base Cryptographic Provider v1.0') your certficate
+request will be rejected.
+
+Kind regards
+CAcert Suport Team
+";
+ mail($cert_email, "[CAcert.org]CAcert Organisation Client Certificate - Urgent Action Required", $mail_text, "From: CAcert Support <support@cacert.org>\nReply-To: returns@cacert.org");
+ }
+
+ # Main
+
+ $num_domain = 0;
+ $num_client = 0;
+ $num_orgdomain = 0;
+ $num_orgclient = 0;
+ $action_date = '2011-07-15';
+ $in = fopen("php://stdin", "r");
+ while($in_string = rtrim(fgets($in, 255))) {
+ list($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial) = explode("\t", $in_string);
+
+ if ($cert_type == "DomainCert") {
+ SendServerCertMail($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial, $action_date);
+ $num_domain++;
+ } else if ($cert_type == "EmailCert") {
+ SendClientMail($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial, $action_date);
+ $num_client++;
+ } else if ($cert_type == "OrgServerCert") {
+ SendOrgServerCertMail($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial, $action_date);
+ $num_orgdomain++;
+ } else if ($cert_type == "OrgEmailCert") {
+ SendOrgClientMail($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial, $action_date);
+ $num_orgclient++;
+ }
+ }
+ fclose($in);
+ echo "Mails sent: $num_domain server certs, $num_client client certs, $num_orgdomain Org server certs, $num_orgclient Org client certs.\n";
+?>
diff --git a/scripts/mass-revoke.php b/scripts/mass-revoke.php
new file mode 100644
index 0000000..18c036b
--- /dev/null
+++ b/scripts/mass-revoke.php
@@ -0,0 +1,89 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+# Companion script to DumpWeakCerts.pl, takes output and revokes weak certs
+# Only first and last column ($cert_type and $cert_recid) are used, the others
+# are ignored
+
+include_once("../includes/mysql.php");
+# Main
+
+$num_domain = 0;
+$num_client = 0;
+$num_orgdomain = 0;
+$num_orgclient = 0;
+
+$num_failures = 0;
+
+$in = fopen("php://stdin", "r");
+
+# The restriction on revoked timestamp os only "to be sure" for non-Org certs,
+# but Org certs (email and serer) may be included multiple times in the output
+# of DumpWeakCerts.pl (once for each OrgAdmin).
+while($in_string = rtrim(fgets($in))) {
+ list($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason,
+ $cert_serial, $cert_recid) = explode("\t", $in_string);
+
+ if ($cert_type == "DomainCert") {
+ $query = "UPDATE `domaincerts` SET `revoked`='1970-01-01 10:00:01'
+ where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_domain+=mysql_affected_rows();
+
+ } else if ($cert_type == "EmailCert") {
+ $query = "UPDATE `emailcerts` SET `revoked`='1970-01-01 10:00:01'
+ where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_client+=mysql_affected_rows();
+
+ } else if ($cert_type == "OrgServerCert") {
+ $query = "UPDATE `orgdomaincerts` SET `revoked`='1970-01-01 10:00:01'
+ where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_orgdomain+=mysql_affected_rows();
+
+ } else if ($cert_type == "OrgEmailCert") {
+ $query = "UPDATE `orgemailcerts` SET `revoked`='1970-01-01 10:00:01'
+ where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_orgclient+=mysql_affected_rows();
+ }
+}
+
+fclose($in);
+
+echo "Certificates revoked: ".
+ "$num_domain server certs, ".
+ "$num_client client certs, ".
+ "$num_orgdomain Org server certs, ".
+ "$num_orgclient Org client certs.\n";
+echo "Update failures: $num_failures\n";
+?>
diff --git a/scripts/oa01-allowance.php.txt b/scripts/oa01-allowance.php.txt
new file mode 100644
index 0000000..50374e3
--- /dev/null
+++ b/scripts/oa01-allowance.php.txt
@@ -0,0 +1,93 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("oa01-allowance.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+// --- Variable parameters --- begin
+
+// $country
+// "" (empty) email to _all_ countries
+// "DE" 2-digit country code, eg. email to Germany Org's only
+
+// $status
+// Status: 1 mails to org contacts only
+// 2 mails to org admins only
+// 3 mails to org contacts + org admins
+
+// $subject
+// sample:
+// with
+// mailing subject results in
+// a) $country = ""
+// "[CAcert.org] Allowance to publish Organisation Assurance on CAcert website"
+// b) $country = "DE"
+// "[CAcert.org] Allowance to publish Organisation Assurance on CAcert website (DE)"
+
+
+//OA Allowance
+$country = ""; // "DE" or ""
+$status = 3; // 1, 2 or 3 3 = 1+2
+$subject = "Allowance to publish Organisation Assurance on CAcert website";
+
+
+// --- Variable parameters --- end
+
+$query = "SELECT orginfo.contact as email, orginfo.O, 1 as status
+ FROM orginfo
+ WHERE (orginfo.C like '$country%' and (1=$status or 3=$status))
+ UNION
+ Select users.email, orginfo.O, 2 as status
+ FROM users
+ inner join org on users.id = org.memid
+ inner join orginfo on org.orgid=orginfo.id
+ WHERE (orginfo.C like '$country%' and (2=$status or 3=$status))
+ ORDER BY O";
+
+
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")") , $lines, "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+ }
+ // 1x cc to oao.cacert.org
+ sendmail("oao@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")"), $lines, "oao@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+ // 1x mailing report to oao.cacert.org
+ sendmail("oao@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")")." - Report", "oa-mailing sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20110608.1
+ sendmail("bernhard@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")")." - Report", "oa-mailing sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+
+ echo "oa-mailing sent to $xrows recipients.\n";
+?>
diff --git a/scripts/oa01-allowance.txt b/scripts/oa01-allowance.txt
new file mode 100644
index 0000000..ea23fa4
--- /dev/null
+++ b/scripts/oa01-allowance.txt
@@ -0,0 +1,159 @@
+(Dutch, German and French version see below)
+
+Dear sir or madam,
+
+CAcert plans to add a new section to its homepage. This section will contain
+a listing of companies and organisations assured by
+CAcert's Organisation Assurance.
+
+You, as a representative or an Organisation Administrator of such an
+organisation, are asked for your approval to give us the name, the logo and
+the location of your company. The reference will be listed on
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList. This listing
+is a resource for other companies planning to use CAcert Certificates.
+
+We kindly ask you to tell us for what purpose you use your CAcert certificate.
+Please check the specific items:
+
+ [ ] - Client Certs
+ [ ] - E-mail Certs
+ [ ] - Server Certs
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+"If you are satisfied with our services, tell others. If not, come back to us."
+
+Additionally, we plan a testimonial page in the future where you are able to
+tell about your experience with CAcert.
+
+If you have any questions, suggestions or criticisms please do not hesitate to
+contact us on mailto:support@cacert.org,
+mailto:cacert-orga-assurer@lists.cacert.org or contact the Organisation Assurer
+who originaly assured you organisation. You can revoke your assent any time.
+
+Thank you for your support.
+
+For the Organisation Assurance Team
+
+---------------------------------------------------
+
+[German Version]
+
+Sehr geehrte Damen und Herren,
+
+CAcert plant eine Umgestaltung des Internetauftritts. Dazu gehoert auch die
+Auflistung von Unternehmen und Organisationen, die durch CAcert im Rahmen der
+Organisation Assurance geprueft wurden.
+
+Wir wuerden gerne Ihre Organisation (Name, Sitz und Logo) als Referenz auf der
+Seite http://wiki.cacert.org/OrganisationAssurance/OrganisationList nennen.
+Als Ansprechpartner oder Organisationsadministrator einer solchen Organisation
+benoetigen wir dazu Ihr Einverstaendnis.
+
+Ueber Informationen, wie in welcher Weise Ihre Organisation CAcert-Zertifikate
+einsetzt, wuerden wir und sehr freuen. Wählen Sie einfach die verwendeten
+Einsatzgebiete aus dieser Liste aus:
+
+ [ ] - Client Certs
+ [ ] - E-Mail Certs
+ [ ] - Server Certs
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+"Wenn Sie zufrieden sind mit unserem Service, sagen Sie es weiter. Wenn Sie
+nicht zufrieden sind, sagen Sie es uns."
+
+In diesem Zusammenhang planen wir auch eine Testimonal Seite, auf der Sie
+selbst ueber ihre Erfahrungen berichten koennen.
+
+Bei Fragen, Anregungen oder Kritik erreichen Sie uns jederzeit unter
+mailto:support@cacert.org und mailto:cacert-orga-assurer@lists.cacertg.org oder
+kontaktieren Sie den Organisations Assurer, der Ihre Organisation ueberprueft
+hat. Sie haben jederzeit das Recht, Ihr Einverstaendnis zu widerrufen.
+
+Im Name von CAcert bedanke sich das Organisation Assurance Team herzlich
+fuer Ihre Unterstuetzung.
+
+---------------------------------------------------
+
+[French Version]
+
+Madame, Monsieur,
+
+CAcert a decide d'ajouter une nouvelle section a son site internet. Cette
+section contient une liste des entreprises et organisations accreditees
+par CAcert.
+
+Vous, en tant que representant ou administrateur d'une telle organisation,
+il vous est demande votre approbation pour nous donner le nom, le logo et le
+lieu de votre entreprise. La reference sera ajoutee sur
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList. Cette
+inscription serait utile pour encourager d'autres organisations a utiliser
+des certificats CAcert.
+
+Nous vous prions de nous dire a quelles fins vous utilisez vos certificats
+CAcert. S'il vous plaît, precisez les elements suivants :
+
+ [ ] - Certificats client (SSL)
+ [ ] - Certificats pour courriel (email)
+ [ ] - Certificats Serveur (SSL)
+ [ ] - Signature de document
+ [ ] - Signature du code de logiciels informatique
+
+"Si vous êtes satisfaits de nos services, faite le nous savoir. Dans le cas
+contraire, nous sommes a votre ecoute."
+
+De plus, nous prevoyons de realiser a l'avenir une page avec des temoignages ou
+vous pourrez parler de votre experience avec CAcert.
+
+Si vous avez des questions, des suggestions ou des critiques, n'hesitez pas
+s'il vous plaît a nous contacter sur mailto:support@cacert.org,
+mailto:cacert-orga-assurer@lists.cacert.org, ou contacter
+l'Accrediteur d'Organisation qui a realise votre inscription initialement.
+Vous pouvez retirer votre referencement a tout moment de notre site internet
+sur simple demande.
+
+Merci pour votre soutien.
+
+L'equipe des Accrediteurs d'Organisations.
+
+---------------------------------------------------
+
+[Dutch Version]
+
+Geachte dames/heren,
+
+Uw organisatie (of bedrijf) is reeds gewaarmerkt door CAcert.
+
+Gedurende dat proces bent u aangewezen als contactpersoon of als organisatie
+adminstrator, en daarom ontvangt u deze email.
+
+In het kader van een reorganisatie van CAcert websites willen wij uw organisatie
+graag als referentie toevoegen op de pagina:
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList.
+Daarom verzoeken wij u bij deze om toestemming om de naam van uw organisatie
+toe te voegen aan deze referentiepagina.
+
+Zodat ook andere organisaties zichzelf kunnen informeren over de verschillende
+toepassingen van onze certificaten, of kunnen profiteren van uw ervaring,
+verzoeken wij tevens om het gebruik van certificaten binnen uw organisatie
+te benoemen:
+
+ [ ] - Client Certificaten
+ [ ] - Email Certificaten
+ [ ] - Server Certificaten
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+
+"Wanneer u tevreden bent over onze service, vertel het verder. Wanneer u niet
+tevreden bent, vertel het ons."
+Binnen deze context plannen wij ook een Testimonal pagina, waar u zelf over uw
+ervaringen kunt berichten.
+
+Voor vragen, opmerkingen of kritiek kunt u ons ten alle tijden bereiken onder
+mailto:support@cacert.org of mailto:cacert-orga-assurer@lists.cacertg.org.
+U kunt ook contact opnemen met de Organisation Assurer die uw organisatie
+gewaarmerkt heeft.
+
+Uw Organisation Assurance Team. \ No newline at end of file
diff --git a/scripts/perl_mysql.sample b/scripts/perl_mysql.sample
new file mode 100644
index 0000000..4800289
--- /dev/null
+++ b/scripts/perl_mysql.sample
@@ -0,0 +1,6 @@
+# This file contains the data needed to connect to the database to be
+# used in perl scripts
+
+$cacert_db_config = 'DBI:mysql:database=cacert;host=127.0.0.1';
+$cacert_db_user = 'cacert';
+$cacert_db_password = '<put_password_here>'; \ No newline at end of file
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index e81c738..a4ec71e 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -59,6 +59,12 @@
$codesign = 1;
$CSR = trim($_REQUEST['optionalCSR']);
+
+ if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
+ {
+ die("403, $weakKey");
+ }
+
$incsr = tempnam("/tmp", "ccsrIn");
$checkedcsr = tempnam("/tmp", "ccsrOut");
$fp = fopen($incsr, "w");
diff --git a/www/cap.html.php b/www/cap.html.php
index c5ae89c..cc3fad6 100644
--- a/www/cap.html.php
+++ b/www/cap.html.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
loadem("index");
showheader(_("Identity Verification Form (CAP) form"));
- Version: $Id: cap.html.php,v 1.1 2009-03-02 23:09:05 root Exp $
+ Version: $Id: cap.html.php,v 1.2 2011-06-10 18:30:41 wytze Exp $
*/
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">', "\n";
echo '<html>', "\n";
@@ -49,7 +49,7 @@
echo '</tr>', "\n";
echo '<tr>', "\n";
echo ' <td></td>', "\n";
- echo ' <td align="right"><font size=-7>class 3: DB4C 4269 073F E9C2 A37D 890A 5C1B 18C4 184E 2A2D</font></td>', "\n";
+ echo ' <td align="right"><font size=-7>class 3: AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE</font></td>', "\n";
echo '<tr>', "\n";
echo '</font>', "\n";
echo '</td>', "\n";
diff --git a/www/capnew.php b/www/capnew.php
index 840fcca..3136993 100644
--- a/www/capnew.php
+++ b/www/capnew.php
@@ -17,8 +17,8 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-// $Id: capnew.php,v 1.2 2009-03-02 23:09:05 root Exp $
-define('REV', '$Revision: 1.2 $');
+// $Id: capnew.php,v 1.3 2011-06-10 18:30:41 wytze Exp $
+define('REV', '$Revision: 1.3 $');
/*
** Created from old cap.php 2003, which used the now obsoleted ftpdf package
@@ -313,10 +313,10 @@ define('POLICY','policy/'); // default polciy doc directory
define('EXT','.php'); // default polciy doc extention, should be html
/* finger print CAcert Root Key */ // should obtain this automatically
define('CLASS1_SHA1','135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33');
-define('CLASS3_SHA1','DB4C 4269 073F E9C2 A37D 890A 5C1B 18C4 184E 2A2D');
+define('CLASS3_SHA1','AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE');
// next two are not used on the form
define('CLASS1_MD5','A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B');
-define('CLASS3_MD5','73:3F:35:54:1D:44:C9:E9:5A:4A:EF:51:AD:03:06:B6');
+define('CLASS3_MD5','F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42');
// if on draft provide std message
define('WATERMARK','');
@@ -387,7 +387,7 @@ function utf8_is_ascii_ctrl($str) {
// extend TCPF with custom functions
class CAPPDF extends TCPDF {
- // do cap form version numbering automatically '$Revision: 1.2 $'
+ // do cap form version numbering automatically '$Revision: 1.3 $'
/*public*/ function Version() {
strtok(REV, ' ');
return(strtok(' '));
diff --git a/www/certs/class3.crt b/www/certs/class3.crt
index 35e2689..087ca0e 100644
--- a/www/certs/class3.crt
+++ b/www/certs/class3.crt
@@ -1,35 +1,42 @@
-----BEGIN CERTIFICATE-----
-MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
-IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
-IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
-Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS
-BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
-cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
-4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
-Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
-0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
-FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
-bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
-SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
-6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
-m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
-eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
-kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
-6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG
-CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc
-aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB
-gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w
-aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6
-tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0
-nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M
-77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV
-Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L
-ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM
-zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU
-rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF
-YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT
-oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu
-FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB
-0m6lG5kngOcLqagA
+MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
+b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
+Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
+dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
+MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
+Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
+iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
+aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
+jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
+pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
+FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
+XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
+oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
+R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
+rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
+LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
+BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
+gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
+BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
+A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
+c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
+AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
+BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
+MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
+Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
+ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
+b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
+QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
+7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
+Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
+D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
+VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
+lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
+Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
+hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
+0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
+ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
+d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
+4GGSt/M3mMS+lqO3ig==
-----END CERTIFICATE-----
diff --git a/www/certs/class3.der b/www/certs/class3.der
index cffe3c5..56f8c88 100644
--- a/www/certs/class3.der
+++ b/www/certs/class3.der
Binary files differ
diff --git a/www/certs/class3.txt b/www/certs/class3.txt
index 0b43b04..a77aa14 100644
--- a/www/certs/class3.txt
+++ b/www/certs/class3.txt
@@ -1,12 +1,12 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: md5WithRSAEncryption
+ Serial Number: 672138 (0xa418a)
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
Validity
- Not Before: Oct 14 07:36:55 2005 GMT
- Not After : Mar 28 07:36:55 2033 GMT
+ Not Before: May 23 17:48:02 2011 GMT
+ Not After : May 20 17:48:02 2021 GMT
Subject: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
@@ -49,6 +49,13 @@ Certificate:
05:fb:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 75:A8:71:60:4C:88:13:F0:78:D9:89:77:B5:6D:C5:89:DF:BC:B1:7A
+ X509v3 Authority Key Identifier:
+ keyid:16:B5:32:1B:D4:C7:F3:E0:E6:8E:F3:BD:D2:B0:3A:EE:B2:39:18:D1
+ DirName:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
+ serial:00
+
X509v3 Basic Constraints: critical
CA:TRUE
Authority Information Access:
@@ -59,68 +66,79 @@ Certificate:
Policy: 1.3.6.1.4.1.18506
CPS: http://www.CAcert.org/index.php?id=10
- Signature Algorithm: md5WithRSAEncryption
- 7f:08:88:a1:da:1a:50:49:da:89:fb:a1:08:72:f3:8a:f7:1e:
- c4:3a:b4:79:5b:20:30:b1:45:de:c2:5d:d3:65:69:f1:c2:5d:
- 54:54:3c:85:5f:b9:7b:42:91:c2:99:fd:1b:51:9b:ab:46:a5:
- a1:10:53:9e:6d:88:ac:73:6e:2c:33:a6:f0:f4:9e:e0:75:c1:
- 3e:88:45:a9:e1:66:43:fe:56:5a:d1:7a:41:78:f7:40:da:4a:
- 3a:f1:0b:5b:a5:bb:16:06:e6:c2:e7:93:b9:85:4d:97:4f:b1:
- 1e:38:43:80:ef:9b:0d:8c:ef:b8:a7:60:00:87:57:7d:1e:44:
- 1c:cb:23:ef:9b:3c:99:9d:af:b5:29:1c:45:79:16:96:4d:27:
- 6d:f1:1c:6c:c3:c2:55:64:b3:bc:14:e2:f3:a4:1f:1e:32:fc:
- 27:15:05:cf:dd:2e:ae:3e:82:61:7b:f0:21:10:18:f6:44:ea:
- 53:39:f9:dc:d0:9a:20:e0:c6:bb:e0:bb:5a:4f:c4:99:c8:07:
- bd:b5:bd:a2:db:2e:62:0d:42:34:41:bc:ff:8b:8a:f5:51:22:
- aa:88:30:00:e2:b0:d4:bc:be:65:ba:d5:03:57:79:9b:e8:dc:
- c8:4d:f8:50:ed:91:a5:52:28:a2:ac:fb:36:58:3e:e9:94:2b:
- 91:50:87:1b:d6:5e:d6:8c:cc:f7:0f:10:0c:52:4e:d0:16:61:
- e5:e5:0a:6c:bf:17:c7:72:46:57:9c:98:f5:6c:60:63:7a:6f:
- 5e:b9:4e:2f:c8:b9:b9:bb:6a:85:bc:98:0d:ed:f9:3e:97:84:
- 34:94:ae:00:af:a1:e5:e7:92:6e:4e:bd:f3:e2:d9:14:8b:5c:
- d2:eb:01:6c:a0:17:a5:2d:10:eb:9c:7a:4a:bd:bd:ee:ce:fd:
- ed:22:40:ab:70:38:88:f5:0a:87:6a:c2:ab:05:60:c9:48:05:
- da:53:c1:de:44:77:6a:b3:f3:3c:3c:ed:80:bc:a6:38:4a:29:
- 24:5f:fe:59:3b:9b:25:7a:56:63:00:64:b9:5d:a4:62:7d:57:
- 36:4f:ad:83:ef:1f:92:53:a0:8e:77:57:dd:e5:61:11:3d:23:
- 00:90:4c:3c:fa:a3:60:93:04:a3:af:35:f6:0e:6a:8f:4f:4a:
- 60:a7:85:05:6c:46:a1:8f:f4:c7:76:e3:a1:59:57:f7:71:b2:
- c4:6e:14:5c:6d:6d:41:66:df:1b:93:b1:d4:00:c3:ee:cb:cf:
- 3c:3d:21:80:a9:5f:63:65:fc:dd:e0:5f:a4:f4:2b:f0:85:71:
- 41:d4:67:25:fb:1a:b1:97:ae:d6:99:82:13:41:d2:6e:a5:1b:
- 99:27:80:e7:0b:a9:a8:00
+ Netscape CA Policy Url:
+ http://www.CAcert.org/index.php?id=10
+ Netscape Comment:
+ To get your own certificate for FREE, go to http://www.CAcert.org
+ Signature Algorithm: sha256WithRSAEncryption
+ 29:28:85:ae:44:a9:b9:af:a4:79:13:f0:a8:a3:2b:97:60:f3:
+ 5c:ee:e3:2f:c1:f6:e2:66:a0:11:ae:36:37:3a:76:15:04:53:
+ ea:42:f5:f9:ea:c0:15:d8:a6:82:d9:e4:61:ae:72:0b:29:5c:
+ 90:43:e8:41:b2:e1:77:db:02:13:44:78:47:55:af:58:fc:cc:
+ 98:f6:45:b9:d1:20:f8:d8:21:07:fe:6d:aa:73:d4:b3:c6:07:
+ e9:09:85:cc:3b:f2:b6:be:2c:1c:25:d5:71:8c:39:b5:2e:ea:
+ be:18:81:ba:b0:93:b8:0f:e3:e6:d7:26:8c:31:5a:72:03:84:
+ 52:e6:a6:f5:33:22:45:0a:c8:0b:0d:8a:b8:36:6f:90:09:a1:
+ ab:bd:d7:d5:4e:2e:71:a2:d4:ae:fa:a7:54:2b:eb:35:8d:5a:
+ b7:54:88:2f:ee:74:9f:ed:48:16:ca:0d:48:d0:94:d3:ac:a4:
+ a2:f6:24:df:92:e3:bd:eb:43:40:91:6e:1c:18:8e:56:b4:82:
+ 12:f3:a9:93:9f:d4:bc:9c:ad:9c:75:ee:5a:97:1b:95:e7:74:
+ 2d:1c:0f:b0:2c:97:9f:fb:a9:33:39:7a:e7:03:3a:92:8e:22:
+ f6:8c:0d:e4:d9:7e:0d:76:18:f7:01:f9:ef:96:96:a2:55:73:
+ c0:3c:71:b4:1d:1a:56:43:b7:c3:0a:8d:72:fc:e2:10:09:0b:
+ 41:ce:8c:94:a0:f9:03:fd:71:73:4b:8a:57:33:e5:8e:74:7e:
+ 15:01:00:e6:cc:4a:1c:e7:7f:95:19:2d:c5:a5:0c:8b:bb:b5:
+ ed:85:b3:5c:d3:df:b8:b9:f2:ca:c7:0d:01:14:ac:70:58:c5:
+ 8c:8d:33:d4:9d:66:a3:1a:50:95:23:fc:48:e0:06:43:12:d9:
+ cd:a7:86:39:2f:36:72:a3:80:10:e4:e1:f3:d1:cb:5b:1a:c0:
+ e4:80:9a:7c:13:73:06:4f:db:a3:6b:24:0a:ba:b3:1c:bc:4a:
+ 78:bb:e5:e3:75:38:a5:48:a7:a2:1e:af:76:d4:5e:f7:38:86:
+ 56:5a:89:ce:d6:c3:a7:79:b2:52:a0:c6:f1:85:b4:25:8c:f2:
+ 3f:96:b3:10:d9:8d:6c:57:3b:9f:6f:86:3a:18:82:22:36:c8:
+ b0:91:38:db:2a:a1:93:aa:84:3f:f5:27:65:ae:73:d5:c8:d5:
+ d3:77:ea:4b:9d:c7:41:bb:c7:c0:e3:a0:3f:e4:7d:a4:8d:73:
+ e6:12:4b:df:a1:73:73:73:3a:80:e8:d5:cb:8e:2f:cb:ea:13:
+ a7:d6:41:8b:ac:fa:3c:89:d7:24:f5:4e:b4:e0:61:92:b7:f3:
+ 37:98:c4:be:96:a3:b7:8a
-----BEGIN CERTIFICATE-----
-MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
-IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
-IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
-Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS
-BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
-cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
-4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
-Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
-0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
-FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
-bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
-SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
-6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
-m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
-eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
-kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
-6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG
-CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc
-aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB
-gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w
-aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6
-tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0
-nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M
-77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV
-Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L
-ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM
-zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU
-rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF
-YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT
-oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu
-FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB
-0m6lG5kngOcLqagA
+MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
+b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
+Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
+dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
+MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
+Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
+iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
+aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
+jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
+pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
+FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
+XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
+oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
+R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
+rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
+LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
+BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
+gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
+BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
+A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
+c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
+AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
+BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
+MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
+Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
+ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
+b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
+QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
+7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
+Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
+D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
+VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
+lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
+Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
+hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
+0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
+ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
+d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
+4GGSt/M3mMS+lqO3ig==
-----END CERTIFICATE-----
diff --git a/www/coap.html.php b/www/coap.html.php
index 901420e..8c2479c 100644
--- a/www/coap.html.php
+++ b/www/coap.html.php
@@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Version: $Id: coap.html.php,v 1.1 2009-03-02 23:09:05 root Exp $
+ Version: $Id: coap.html.php,v 1.2 2011-06-10 18:30:41 wytze Exp $
*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
@@ -61,7 +61,7 @@ table#TAB1 td { border: 0 }
</tr>
<tr>
<td border=0></td>
- <td border=0 align="right"><font size=-7>class 3: DB4C 4269 073F E9C2 A37D 890A 5C1B 18C4 184E 2A2D</font></td>
+ <td border=0 align="right"><font size=-7>class 3: AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE</font></td>
<tr>
</font>
</td>
diff --git a/www/coapnew.php b/www/coapnew.php
index 301d5c2..c9e4e47 100644
--- a/www/coapnew.php
+++ b/www/coapnew.php
@@ -17,8 +17,8 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-// $Id: coapnew.php,v 1.2 2009-03-02 23:09:05 root Exp $
-define('REV', '$Revision: 1.2 $');
+// $Id: coapnew.php,v 1.3 2011-06-10 18:30:42 wytze Exp $
+define('REV', '$Revision: 1.3 $');
/*
** Created from old cap.php 2003, which used the now obsoleted ftpdf package
@@ -347,11 +347,11 @@ define('CCA', "CAcertCommunityAgreement"); // default policy to print
define('POLICY','policy/'); // default polciy doc directory
define('EXT','.php'); // default polciy doc extention, should be html
/* finger print CAcert Root Key */ // should obtain this automatically
-define("CLASS1_SHA1","135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33");
-define("CLASS3_SHA1","DB4C 4269 073F E9C2 A37D 890A 5C1B 18C4 184E 2A2D");
+define('CLASS1_SHA1','135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33');
+define('CLASS3_SHA1','AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE');
// next two are not used on the form
-define("CLASS1_MD5","A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B");
-define("CLASS3_MD5","73:3F:35:54:1D:44:C9:E9:5A:4A:EF:51:AD:03:06:B6");
+define('CLASS1_MD5','A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B');
+define('CLASS3_MD5','F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42');
// if on draft provide std message
define('WATERMARK',"");
@@ -422,7 +422,7 @@ function utf8_is_ascii_ctrl($str) {
// extend TCPF with custom functions
class COAPPDF extends TCPDF {
- // do cap form version numbering automatically "$Revision: 1.2 $"
+ // do cap form version numbering automatically "$Revision: 1.3 $"
/*public*/ function Version() {
strtok(REV, " ");
return(strtok(" "));
diff --git a/www/index.php b/www/index.php
index fb215c6..a139c4a 100644
--- a/www/index.php
+++ b/www/index.php
@@ -148,13 +148,16 @@
if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
{
- $query = "select * from `emailcerts` where `serial`='$_SERVER[SSL_CLIENT_M_SERIAL]' and `revoked`=0 and disablelogin=0 and
- UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ include_once("../includes/lib/general.php");
+ $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
+ $_SERVER['SSL_CLIENT_I_DN_CN']);
+
+ if($user_id >= 0)
{
- $row = mysql_fetch_assoc($res);
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]' and `deleted`=0 and `locked`=0"));
+ $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
+ "select * from `users` where
+ `id`='$user_id' and `deleted`=0 and `locked`=0"));
+
if($_SESSION['profile']['id'] != 0)
{
$_SESSION['profile']['loggedin'] = 1;
@@ -332,6 +335,8 @@
$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
$_SESSION['_config']['oldlocation'] = "account.php?id=13";
}
+ if (checkpwlight($pword) < 3)
+ $_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
if($_SESSION['_config']['oldlocation'] != "")
header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
else
@@ -627,7 +632,21 @@
if(!array_key_exists('signup',$_SESSION) || $_SESSION['signup']['year'] < 1900)
$_SESSION['signup']['year'] = "19XX";
+
+ if ($id == 19)
+ {
+ $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
+ $newUrl = $protocol . '://wiki.cacert.org/FAQ/Privileges';
+ header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
+ }
+ if ($id == 8)
+ {
+ $protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
+ $newUrl = $protocol . '://wiki.cacert.org/Board';
+ header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
+ }
+
showheader(_("Welcome to CAcert.org"));
includeit($id);
showfooter();
diff --git a/www/logos/CAcert-logo-colour-1000.png b/www/logos/CAcert-logo-colour-1000.png
new file mode 100644
index 0000000..a6dd6ac
--- /dev/null
+++ b/www/logos/CAcert-logo-colour-1000.png
Binary files differ
diff --git a/www/logos/CAcert-logo-mono-1000.png b/www/logos/CAcert-logo-mono-1000.png
new file mode 100644
index 0000000..1beeb43
--- /dev/null
+++ b/www/logos/CAcert-logo-mono-1000.png
Binary files differ
diff --git a/www/policy/CAcertCommunityAgreement.php b/www/policy/CAcertCommunityAgreement.php
index cf9b4e6..3106eb1 100644
--- a/www/policy/CAcertCommunityAgreement.php
+++ b/www/policy/CAcertCommunityAgreement.php
@@ -457,7 +457,7 @@ You are also bound by
<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">
Dispute Resolution Policy</a> (DRP => COD7).
</li><li>
- <a href="http://www.cacert.org/index.php?id=10">
+ <a href="PrivacyPolicy.html">
Privacy Policy</a> (PP => COD5).
</li><li>
<a href="http://svn.cacert.org/CAcert/principles.html">
diff --git a/www/policy/CertificationPracticeStatement.php b/www/policy/CertificationPracticeStatement.php
index 9d16805..e17056b 100644
--- a/www/policy/CertificationPracticeStatement.php
+++ b/www/policy/CertificationPracticeStatement.php
@@ -69,7 +69,7 @@ a:hover {
<a href="PolicyOnPolicy.html"><img src="cacert-draft.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
Creation date: 20060726<br />
Status: DRAFT p20091108<br />
-<!-- $Id: CertificationPracticeStatement.php,v 1.1 2009-11-21 22:34:00 philipp Exp $ -->
+<!-- $Id: CertificationPracticeStatement.php,v 1.2 2011-07-27 10:41:01 wytze Exp $ -->
<font size="-1">
@@ -3623,7 +3623,7 @@ or rulings by Arbitrator.
Privacy is covered by the
CCA (COD9)
and the Privacy Policy
-(<a href="http://www.cacert.org/index.php?id=10">COD5</a>).
+(<a href="PrivacyPolicy.html">COD5</a>).
</p>
<h4><a name="p9.4.1" id="p9.4.1">9.4.1. Privacy plan</a></h4>
@@ -3999,7 +3999,7 @@ obligations, risks and liabilities on the parties.
<p>
See the Privacy Policy
-(<a href="http://www.cacert.org/index.php?id=10">COD5</a>).
+(<a href="PrivacyPolicy.html">COD5</a>).
</p>
<h3><a name="p9.15.3" id="p9.15.3">9.15.3 Legal Process from External Forums</a></h3>
diff --git a/www/policy/PrivacyPolicy.html b/www/policy/PrivacyPolicy.html
new file mode 100644
index 0000000..6670e92
--- /dev/null
+++ b/www/policy/PrivacyPolicy.html
@@ -0,0 +1,114 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head><title>Privacy Policy</title></head>
+<body>
+
+<table width="100%">
+
+<tr>
+<td> PP </td>
+<td>&nbsp;</td>
+<td width="20%"> &nbsp; </td>
+</tr>
+
+<tr>
+<td> POLICY&nbsp;<a href="http://wiki.cacert.org/wiki/PolicyDecisions">m20060629</a> </td>
+<td> &nbsp; </td>
+<td>
+ 20060629
+</td>
+</tr>
+
+<tr>
+<td> COD5 </td>
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+
+
+<tr>
+<td>&nbsp;</td>
+<td > <b>Privacy&nbsp;Policy</b> </td>
+<td>&nbsp;</td>
+</tr>
+
+</table>
+
+<h2> 0. Preliminaries </h2>
+<p>
+ This policy discloses what information we gather about you when you visit any of our Web site, and when you issue or use our certificates. It describes how we use that information and how you can control it.
+</p>
+
+
+
+<h2>1. Website information</h2>
+<p>
+We collect two kinds of information about website users: 1) data that users volunteer by signing up to our website or when you send us an email via our contact form; and 2) aggregated tracking data we collect when users interact with our site.
+</p>
+
+<h2>2. Personal information</h2>
+<p>
+When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address, date of birth and some lost pass phrase question and answers.
+</p>
+<p>
+We only share your information with any other organisation when so instructed by a CAcert arbitrator.
+</p>
+
+<h2>3. Aggregated tracking information</h2>
+<p>
+We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user.
+</p>
+
+<h2>4. Cookies</h2>
+<p>
+Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them.
+</p>
+<p>
+We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer.
+</p>
+
+<h2>5. Notification of changes</h2>
+<p>
+If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information.
+</p>
+
+<h2>6. How to update, correct, or delete your information</h2>
+<p>
+You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link
+</p>
+
+<h2>7. Privacy of certificates</h2>
+<p>
+CAcert does not automatically publish the certificates through a directory service or the website to other people than the user who requested the certificate. In the future, the user might be able to opt-in for publication of the certificates through a directory server by CAcert.
+</p>
+
+<h2>8. Privacy of user data</h2>
+<p>
+CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address. No other person related data is published by CAcert.
+</p>
+
+<h2>9. Exceptions</h2>
+<p>
+A CAcert arbitrator may override this policy in a dispute.
+To obtain access to confidential data, a dispute has to be filed.
+</p>
+
+<h2>10. Legal mandates</h2>
+<p>
+CAcert adopts the Australian privacy regulations.
+Please see <a href='http://www.privacy.gov.au/'>http://www.privacy.gov.au/</a> for further details.
+Governmental warrants and civil supoenas will be processed through the dispute resolution system, which ensures that valid authority is given to whoever complies with the supoena or the warrant.
+</p>
+
+
+<p>If you need to contact us in writing, address your mail to:</p>
+<p>
+CAcert Inc.<br>
+P.O. Box 4107<br>
+Denistone East NSW 2112<br>
+Australia
+</p>
+
+</body>
+</html>
diff --git a/www/policy/index.php b/www/policy/index.php
index d3bfb06..7101c1f 100644
--- a/www/policy/index.php
+++ b/www/policy/index.php
@@ -23,6 +23,11 @@ showheader(_("CAcert - Policies"));
<ul>
<?php
+foreach (glob("*.html") as $filename)
+{
+ echo "<li><a href='$filename'>$filename</a></li>\n";
+}
+
foreach (glob("*.php") as $filename)
{
if($filename != "index.php" && $filename != "NRPDisclaimerAndLicence.php")
diff --git a/www/wot.php b/www/wot.php
index 2bd4622..7fa572f 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -206,9 +206,15 @@
if($oldid == 6)
{
$max = maxpoints();
- $awarded = $newpoints = intval($_POST['points']);
- if($newpoints > $max)
- $newpoints = $max;
+
+ if (intval($_POST['points']) > $max) {
+ $awarded = $newpoints = $max;
+ } elseif (intval($_POST['points']) < 0) {
+ $awarded = $newpoints = 0;
+ } else {
+ $awarded = $newpoints = intval($_POST['points']);
+ }
+
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);