summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/account.php842
-rw-r--r--includes/account_stuff.php7
-rw-r--r--includes/general.php22
-rw-r--r--includes/keygen.php128
-rw-r--r--includes/lib/check_weak_key.php7
-rw-r--r--includes/loggedin.php47
-rw-r--r--includes/mysql.php.sample3
-rw-r--r--includes/notary.inc.php1347
-rw-r--r--includes/wot.inc.php631
9 files changed, 1955 insertions, 1079 deletions
diff --git a/includes/account.php b/includes/account.php
index 232bbac..55110bf 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -10,7 +10,7 @@
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
@@ -18,7 +18,8 @@
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
require_once("../includes/lib/check_weak_key.php");
-
+ require_once("../includes/notary.inc.php");
+
loadem("account");
$id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
@@ -29,7 +30,7 @@
$orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
$memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']);
$domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']);
-
+ $ticketno=""; if(array_key_exists('ticketno',$_REQUEST)) $ticketno=$_REQUEST['ticketno'];
if(!$_SESSION['mconn'])
{
@@ -70,9 +71,7 @@
}
$oldid=0;
$_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
- $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ if(check_email_exists($_REQUEST['email'])==true)
{
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
@@ -83,7 +82,7 @@
if($checkemail != "OK")
{
showheader(_("My CAcert.org Account!"));
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
} else {
@@ -124,9 +123,9 @@
exit;
}
$row = mysql_fetch_assoc($res);
- $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
- $body .= _("You are receiving this email because you or someone else")."\n";
- $body .= _("has changed the default email on your account.")."\n\n";
+ $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
+ $body .= _("You are receiving this email because you or someone else ".
+ "has changed the default email on your account.")."\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
@@ -150,8 +149,13 @@
$delcount = 0;
if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid']))
{
+ $deltitle=false;
foreach($_REQUEST['delid'] as $id)
{
+ if (!$deltitle) {
+ echo _('The following email addresses have been removed:')."<br>\n";
+ $deltitle=true;
+ }
$id = intval($id);
$query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and
`email`!='".$_SESSION['profile']['email']."'";
@@ -160,17 +164,7 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
- $query = "select `emailcerts`.`id`
- from `emaillink`,`emailcerts` where
- `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
- `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
- group by `emailcerts`.`id`";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
-
- $query = "update `email` set `deleted`=NOW() where `id`='$id'";
- mysql_query($query);
+ account_email_delete($row['id']);
$delcount++;
}
}
@@ -179,11 +173,9 @@
{
echo _("You did not select any email accounts for removal.");
}
- if($delcount > 0)
+ if(0 == $delcount)
{
- echo _("The following accounts have been removed:")."<br>\n";
- } else {
- echo _("You failed to select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
+ echo _("You did not select any accounts to be removed, or you attempted to remove the default account. No action was taken.");
}
showfooter();
@@ -192,6 +184,14 @@
if($process != "" && $oldid == 3)
{
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
+
if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
{
showheader(_("My CAcert.org Account!"));
@@ -241,10 +241,10 @@
$csr = clean_csr($_REQUEST['optionalCSR']);
}
if(trim($_REQUEST['description']) != ""){
- $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
- }else{
- $_SESSION['_config']['description']= "";
- }
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
}
if($oldid == 4)
@@ -320,15 +320,17 @@
showfooter();
exit;
}
-
+
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
$query = "insert into emailcerts set
- `CN`='$defaultemail',
+ `CN`='$defaultemail',
`keytype`='NS',
`memid`='".intval($_SESSION['profile']['id'])."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
- `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -340,20 +342,20 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $res=`openssl spkac -verify -in $CSRname`;
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
if($csr == "")
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n";
-
+
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
{
$id = 4;
@@ -362,7 +364,7 @@
showfooter();
exit;
}
-
+
$tmpfname = tempnam("/tmp", "id4CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
@@ -373,8 +375,8 @@
$csrsubject="";
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
- if(strlen($user['mname']) == 1)
- $user['mname'] .= '.';
+ if(strlen($user['mname']) == 1)
+ $user['mname'] .= '.';
if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
$csrsubject = "/CN=CAcert WoT User";
if($_SESSION['_config']['incname'] == 1)
@@ -421,14 +423,15 @@
showfooter();
exit;
}
- $query = "insert into emailcerts set
- `CN`='$defaultemail',
+ $query = "insert into emailcerts set
+ `CN`='$defaultemail',
`keytype`='".sanitizeHTML($_REQUEST['keytype'])."',
`memid`='".$_SESSION['profile']['id']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='".mysql_real_escape_string($csrsubject)."',
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -463,10 +466,10 @@
csrf_check("adddomain");
if(strstr($_REQUEST['newdomain'],"\x00"))
{
- showheader(_("My CAcert.org Account!"));
- echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
+ showfooter();
+ exit;
}
list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
@@ -581,7 +584,7 @@
{
showheader(_("My CAcert.org Account!"));
//echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n";
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n";
} else {
@@ -628,11 +631,9 @@
{
$row = mysql_fetch_assoc($res);
echo $row['domain']."<br>\n";
- mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'");
- $dres = mysql_query("select * from `domlink` where `domid`='$id'");
- while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
+ account_domain_delete($row['id']);
}
+
}
}
else
@@ -646,13 +647,21 @@
if($process != "" && $oldid == 10)
{
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
+
$CSR = clean_csr($_REQUEST['CSR']);
if(strpos($CSR,"---BEGIN")===FALSE)
{
- // In case the CSR is missing the ---BEGIN lines, add them automatically:
- $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
+ // In case the CSR is missing the ---BEGIN lines, add them automatically:
+ $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
}
-
+
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
showheader(_("My CAcert.org Account!"));
@@ -660,13 +669,13 @@
showfooter();
exit;
}
-
+
if(trim($_REQUEST['description']) != ""){
- $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
- }else{
- $_SESSION['_config']['description']= "";
- }
-
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -711,7 +720,7 @@
showfooter();
exit;
}
-
+
if (($weakKey = checkWeakKeyCSR(file_get_contents(
$_SESSION['_config']['tmpfname']))) !== "")
{
@@ -720,7 +729,7 @@
showfooter();
exit;
}
-
+
$id = 11;
if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "")
{
@@ -733,7 +742,7 @@
$subject = "";
$count = 0;
$supressSAN=0;
- if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
+ if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
if(is_array($_SESSION['_config']['rows']))
foreach($_SESSION['_config']['rows'] as $row)
@@ -762,20 +771,22 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
{
- $query = "insert into `domaincerts` set
+ $query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
`description`='".$_SESSION['_config']['description']."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
- $query = "insert into `domaincerts` set
+ $query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
`description`='".$_SESSION['_config']['description']."'";
} else {
showheader(_("My CAcert.org Account!"));
@@ -838,27 +849,27 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'");
- $query = "insert into `domaincerts` set
- `domid`='".$row['domid']."',
+ $query = "insert into `domaincerts` set
+ `domid`='".$row['domid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',".
//`csr_name`='".$row['csr_name']."', // RACE CONDITION
"`created`='".$row['created']."',
- `modified`=NOW(),
+ `modified`=NOW(),
`rootcert`='".$row['rootcert']."',
`type`='".$row['type']."',
- `pkhash`='".$row['pkhash']."',
+ `pkhash`='".$row['pkhash']."',
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
@@ -940,7 +951,7 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
+ $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
@@ -971,7 +982,7 @@
foreach($_REQUEST['delid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
+ $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains`
where `domaincerts`.`id`='$id' and
`domaincerts`.`domid`=`domains`.`id` and
`domains`.`memid`='".$_SESSION['profile']['id']."'";
@@ -997,6 +1008,24 @@
exit;
}
+ if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
{
showheader(_("My CAcert.org Account!"));
@@ -1006,7 +1035,7 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
+ $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -1014,28 +1043,28 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'");
- $query = "insert into emailcerts set
- `memid`='".$row['memid']."',
+ $query = "insert into emailcerts set
+ `memid`='".$row['memid']."',
`CN`='".mysql_real_escape_string($row['CN'])."',
`subject`='".mysql_real_escape_string($row['subject'])."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `keytype`='".$row['keytype']."',
+ `csr_name`='".$row['csr_name']."',
+ `created`='".$row['created']."',
`modified`=NOW(),
`disablelogin`='".$row['disablelogin']."',
`codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."',
+ `rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
@@ -1080,7 +1109,7 @@
foreach($_REQUEST['revokeid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
+ $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -1109,7 +1138,7 @@
foreach($_REQUEST['delid'] as $id)
{
$id = intval($id);
- $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
+ $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts`
where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@@ -1135,43 +1164,47 @@
if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
{
- showheader(_("My CAcert.org Account!"));
- //echo _("Now changing the settings for the following certificates:")."<br>\n";
- foreach($_REQUEST as $id => $val)
- {
- //echo $id."<br/>";
- if(substr($id,0,5)=="cert_")
- {
- $id = intval(substr($id,5));
- $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
- //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
- mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
- //$row = mysql_fetch_assoc($res);
- }
- }
- echo(_("Certificate settings have been changed.")."<br/>\n");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,5)=="cert_")
+ {
+ $cid = intval(substr($id,5));
+ $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
+ mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ if(!empty($_REQUEST['check_comment_'.$cid])) {
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
}
- if($oldid == 6 && $_REQUEST['certid'] != "")
+ if($oldid == 6 && $_REQUEST['certid'] != "")
{
if(trim($_REQUEST['description']) != ""){
- $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
- }else{
- $description= "";
- }
+ $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $description= "";
+ }
if(trim($_REQUEST['disablelogin']) == "1"){
- $disablelogin = 1;
- }else{
- $disablelogin = 0;
- }
+ $disablelogin = 1;
+ }else{
+ $disablelogin = 0;
+ }
- mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
+ mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
+ }
- }
if($oldid == 13 && $process != "")
{
csrf_check("perschange");
@@ -1188,42 +1221,42 @@
$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
- if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
- {
- $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
- $id = $oldid;
+ if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
+ {
+ $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
+ $id = $oldid;
$oldid=0;
- }
+ }
if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
@@ -1241,7 +1274,7 @@
$ddres = mysql_query($ddquery);
$ddrow = mysql_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
-
+
if($_SESSION['profile']['points'] == 0)
{
$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname']))));
@@ -1293,7 +1326,7 @@
where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
- //!!!Should be rewritten
+ //!!!Should be rewritten
$_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));
$_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin']))));
if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
@@ -1366,9 +1399,9 @@
where `id`='".$_SESSION['profile']['id']."'");
echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
- $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
- $body .= _("You are receiving this email because you or someone else")."\n";
- $body .= _("has changed the password on your account.")."\n";
+ $body = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n\n";
+ $body .= _("You are receiving this email because you or someone else ".
+ "has changed the password on your account.")."\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
@@ -1406,13 +1439,13 @@
}
$_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
$_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
-
-
- if(trim($_REQUEST['description']) != ""){
- $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
- }else{
- $_SESSION['_config']['description']= "";
- }
+
+
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
}
if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
@@ -1442,12 +1475,12 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
- if(trim($_REQUEST['description']) != ""){
- $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
- }else{
- $_SESSION['_config']['description']= "";
- }
-
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
if(@count($_SESSION['_config']['emails']) > 0)
$id = 17;
}
@@ -1493,8 +1526,8 @@
$emails .= "countryName = ".$org['C']."\n";
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
-
-
+
+
$emails .= "SPKAC = $spkac";
if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
{
@@ -1504,14 +1537,15 @@
showfooter();
exit;
}
-
- $query = "insert into `orgemailcerts` set
- `CN`='$defaultemail',
+
+ $query = "insert into `orgemailcerts` set
+ `CN`='$defaultemail',
+ `ou`='".$_SESSION['_config']['OU']."',
`keytype`='NS',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1524,19 +1558,19 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $res=`openssl spkac -verify -in $CSRname`;
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
-
+
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
{
$id = 17;
@@ -1545,7 +1579,7 @@
showfooter();
exit;
}
-
+
$tmpfname = tempnam("/tmp", "id17CSR");
$fp = fopen($tmpfname, "w");
fputs($fp, $csr);
@@ -1595,14 +1629,15 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
- $query = "insert into `orgemailcerts` set
- `CN`='$defaultemail',
+ $query = "insert into `orgemailcerts` set
+ `CN`='$defaultemail',
+ `ou`='".$_SESSION['_config']['OU']."',
`keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "',
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject',
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
`description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1653,32 +1688,33 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- $query = "insert into `orgemailcerts` set
- `orgid`='".$row['orgid']."',
+ $query = "insert into `orgemailcerts` set
+ `orgid`='".$row['orgid']."',
`CN`='".$row['CN']."',
+ `ou`='".$row['ou']."',
`subject`='".$row['subject']."',
- `keytype`='".$row['keytype']."',
- `csr_name`='".$row['csr_name']."',
- `created`='".$row['created']."',
+ `keytype`='".$row['keytype']."',
+ `csr_name`='".$row['csr_name']."',
+ `created`='".$row['created']."',
`modified`=NOW(),
`codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."',
+ `rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
@@ -1771,10 +1807,43 @@
exit;
}
+ if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+ if($oldid == 18 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
+ {
+ $id=18;
+ $_SESSION['_config']['orgfilterid']=$_REQUEST['orgfilterid'];
+ $_SESSION['_config']['sorting']=$_REQUEST['sorting'];
+ $_SESSION['_config']['status']=$_REQUEST['status'];
+ }
+
+ if($oldid == 18 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
+ {
+ $id=18;
+ $_SESSION['_config']['orgfilterid']=0;
+ $_SESSION['_config']['sorting']=0;
+ $_SESSION['_config']['status']=0;
+ }
+
if($process != "" && $oldid == 20)
{
$CSR = clean_csr($_REQUEST['CSR']);
-
+
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
$id = 20;
@@ -1783,13 +1852,13 @@
showfooter();
exit;
}
-
+
if(trim($_REQUEST['description']) != ""){
- $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
- }else{
- $_SESSION['_config']['description']= "";
- }
-
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -1839,7 +1908,7 @@
if($process != "" && $oldid == 21)
{
$id = 21;
-
+
if(!file_exists($_SESSION['_config']['tmpfname']))
{
showheader(_("My CAcert.org Account!"));
@@ -1847,7 +1916,7 @@
showfooter();
exit;
}
-
+
if (($weakKey = checkWeakKeyCSR(file_get_contents(
$_SESSION['_config']['tmpfname']))) !== "")
{
@@ -1865,8 +1934,8 @@
exit;
}
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
$query = "select * from `org`,`orginfo` where
`orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
`orginfo`.`id`=`org`.`orgid` and
@@ -1896,7 +1965,7 @@
if(is_array($_SESSION['_config']['rows']))
foreach($_SESSION['_config']['rows'] as $row)
$csrsubject .= "/commonName=$row";
- $SAN="";
+ $SAN="";
if(is_array($_SESSION['_config']['altrows']))
foreach($_SESSION['_config']['altrows'] as $subalt)
{
@@ -1913,26 +1982,27 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
- $query = "insert into `orgdomaincerts` set
- `CN`='".$_SESSION['_config']['rows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type'";
- } else {
- $query = "insert into `orgdomaincerts` set
- `CN`='".$_SESSION['_config']['altrows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type',
- `description`='".$_SESSION['_config']['description']."'";
- }
- mysql_query($query);
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".$_SESSION['_config']['rows']['0']."',
+ `orgid`='".$org['id']."',
+ `created`=NOW(),
+ `subject`='$csrsubject',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `type`='$type',
+ `description`='".$_SESSION['_config']['description']."'";
+ } else {
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".$_SESSION['_config']['altrows']['0']."',
+ `orgid`='".$org['id']."',
+ `created`=NOW(),
+ `subject`='$csrsubject',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `type`='$type',
+ `description`='".$_SESSION['_config']['description']."'";
+ }
+ mysql_query($query);
$CSRid = mysql_insert_id();
$CSRname=generatecertpath("csr","orgserver",$CSRid);
@@ -1982,31 +2052,31 @@
printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id);
continue;
}
-
+
$row = mysql_fetch_assoc($res);
-
+
if (($weakKey = checkWeakKeyX509(file_get_contents(
$row['crt_name']))) !== "")
{
echo $weakKey, "<br/>\n";
continue;
}
-
+
mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'");
if($row['revoke'] > 0)
{
printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']);
continue;
}
- $query = "insert into `orgdomaincerts` set
- `orgid`='".$row['orgid']."',
+ $query = "insert into `orgdomaincerts` set
+ `orgid`='".$row['orgid']."',
`CN`='".$row['CN']."',
- `csr_name`='".$row['csr_name']."',
+ `csr_name`='".$row['csr_name']."',
`created`='".$row['created']."',
- `modified`=NOW(),
- `subject`='".$row['subject']."',
+ `modified`=NOW(),
+ `subject`='".$row['subject']."',
`type`='".$row['type']."',
- `rootcert`='".$row['rootcert']."',
+ `rootcert`='".$row['rootcert']."',
`description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
@@ -2108,6 +2178,40 @@
exit;
}
+ if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+ if($oldid == 22 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "")
+ {
+ $id=22;
+ $_SESSION['_config']['dorgfilterid']=$_REQUEST['dorgfilterid'];
+ $_SESSION['_config']['dsorting']=$_REQUEST['dsorting'];
+ $_SESSION['_config']['dstatus']=$_REQUEST['dstatus'];
+ }
+
+ if($oldid == 22 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "")
+ {
+ $id=22;
+ $_SESSION['_config']['dorgfilterid']=0;
+ $_SESSION['_config']['dsorting']=0;
+ $_SESSION['_config']['dstatus']=0;
+ }
+
+
if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
@@ -2219,7 +2323,7 @@
if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php
{
- $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
+ $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($domid)."'";
@@ -2227,7 +2331,7 @@
while($row = mysql_fetch_assoc($res))
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
- $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
+ $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($domid)."'";
@@ -2271,7 +2375,7 @@
$dres = mysql_query($query);
while($drow = mysql_fetch_assoc($dres))
{
- $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
+ $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where
`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
@@ -2283,7 +2387,7 @@
mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'");
}
- $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
+ $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where
`orgemaillink`.`domid`=`orgdomains`.`id` and
`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
`orgdomains`.`id`='".intval($drow['id'])."'";
@@ -2498,8 +2602,8 @@
exit;
}
- if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
- ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
+ if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
+ ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
$_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
{
$id = 53;
@@ -2509,7 +2613,7 @@
$locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
$name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
$long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
- $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
+ $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
$action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
if($locid > 0 && $action == "edit")
@@ -2596,7 +2700,18 @@
$oldid=0;
}
- if($oldid == 43 && $_REQUEST['action'] == "updatedob")
+ //check if ticket number was entered
+ if ( $id == 43 || $oldid == 43 || $id == 44 || $oldid == 44) {
+ $ticketvalidation = FALSE;
+ if ($ticketno != "" ) {
+ $ticketno = mysql_real_escape_string(trim($_REQUEST['ticketno']));
+ $ticketvalidation = valid_ticket_number($ticketno);
+ }
+
+ $_SESSION['ticketno'] = $ticketno;
+ }
+
+ if($oldid == 43 && $_REQUEST['action'] == "updatedob" && $ticketvalidation==TRUE)
{
$id = 43;
$oldid=0;
@@ -2608,13 +2723,19 @@
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);
$userid = intval($_REQUEST['userid']);
- $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
- $details = mysql_fetch_assoc(mysql_query($query));
- $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
- `new-lname`='$lname',`new-dob`='$year-$month-$day',`uid`='$userid',`adminid`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
mysql_query($query);
+ write_se_log($userid, $_SESSION['profile']['id'],'AD Name/DOB Change',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+ }
+
+ if($oldid == 43 && $_REQUEST['action'] == 'revokecert' && $ticketvalidation==TRUE)
+ {
+ $userid = intval($_REQUEST['userid']);
+ revoke_all_private_cert($userid);
+ write_se_log($userid, $_SESSION['profile']['id'], 'AD Revoke all certificates',$ticketno);
+ $id=43;
}
if($oldid == 48 && $_REQUEST['domain'] == "")
@@ -2640,7 +2761,7 @@
$_REQUEST['email'] = $row['email'];
}
- if($oldid == 44)
+ if($oldid == 44 && $ticketvalidation==TRUE)
{
showheader(_("My CAcert.org Account!"));
if(intval($_REQUEST['userid']) <= 0)
@@ -2652,20 +2773,23 @@
printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
- $body = sprintf(_("Hi %s,"),$row['fname'])."\n";
- $body .= _("You are receiving this email because a CAcert administrator")."\n";
- $body .= _("has changed the password on your account.")."\n";
+ $body = sprintf(_("Hi %s,"),$row['fname'])."\n\n";
+ $body .= _("You are receiving this email because a CAcert administrator ".
+ "has changed the password on your account.")."\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body,
"support@cacert.org", "", "", "CAcert Support");
-
+ write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'AD reset password',$ticketno);
}
showfooter();
exit;
+ }else{
+ $_SESSION['ticketmsg']='No password reset taken. Ticket number is missing!';
}
+
if($process != "" && $oldid == 45)
{
$CSR = clean_csr($CSR);
@@ -2715,7 +2839,7 @@
showfooter();
exit;
}
-
+
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
showheader(_("My CAcert.org Account!"));
@@ -2724,7 +2848,7 @@
exit;
}
- $query = "insert into `domaincerts` set
+ $query = "insert into `domaincerts` set
`CN`='".$_SESSION['_config']['0.CN']."',
`domid`='".$_SESSION['_config']['row']['id']."',
`created`=NOW()";
@@ -2758,45 +2882,58 @@
}
}
- if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0)
+ /* presently not needed
+ if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['tverify'];
mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change tverify status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+ }
+ */
+ if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation==TRUE)
+ {
+ csrf_check('admsetassuret');
+ $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer'];
+ mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change assurer staus',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
- {
- csrf_check('admsetassuret');
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer'];
- mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
- }
-
- if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
- {
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer_blocked'];
- mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
- }
-
- if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
- {
- csrf_check('admactlock');
+ if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation==TRUE)
+ {
+ $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer_blocked'];
+ mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change assurer blocked status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+ }
+
+ if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation==TRUE)
+ {
+ csrf_check('admactlock');
$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locked'];
mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change locked status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0)
+ if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation==TRUE)
{
csrf_check('admcodesign');
$memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']);
@@ -2804,9 +2941,12 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['codesign'];
mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change codesign status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0)
+ if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation==TRUE)
{
csrf_check('admorgadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
@@ -2814,9 +2954,12 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['orgadmin'];
mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change org assuer status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0)
+ if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation==TRUE)
{
csrf_check('admttpadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
@@ -2824,9 +2967,12 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['ttpadmin'];
mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change ttp admin status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0)
+ if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
$query = "select * from `users` where `id`='$memid'";
@@ -2835,18 +2981,24 @@
if($ver > 2)
$ver = 0;
mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change advertising admin status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0)
+ if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locadmin'];
mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change location admin status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0)
+ if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation==TRUE)
{
csrf_check('admsetadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['admin']);
@@ -2854,42 +3006,57 @@
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['admin'];
mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change SE status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0)
+ if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['general']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['general'];
mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change general status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0)
+ if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['country']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['country'];
mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change country status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0)
+ if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['regional']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['regional'];
mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change regional status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0)
+ if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['radius']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['radius'];
mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'AD Change radius status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
if($id == 50)
@@ -2913,25 +3080,52 @@
if($oldid == 50 && $process != "")
{
$_REQUEST['userid'] = intval($_REQUEST['userid']);
- $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'");
- if(mysql_num_rows($res) > 0)
- {
- $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01'
- WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
+ if (trim($_REQUEST['arbitrationno'])==""){
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not enter an arbitration number entry.");
+ showfooter();
+ exit;
+ }
+ if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
+ showfooter();
+ exit;
+ }
+ if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
+ showfooter();
+ exit;
+ }
+ if (check_client_cert_running($_REQUEST['userid'],1) ||
+ check_server_cert_running($_REQUEST['userid'],1) ||
+ check_gpg_cert_running($_REQUEST['userid'],1)) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("The CCA retention time for at least one certificate is not over. Can't continue."));
+ showfooter();
+ exit;
}
+ if (check_is_orgadmin($_REQUEST['userid'],1)) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("The user is listed as Organisation Administrator. Can't continue."));
+ showfooter();
+ exit;
+ }
+ account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
+ write_se_log($_REQUEST['userid'], $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno']));
+ }
+
+ if(($id == 51 || $id == 52 || $oldid == 52))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You don't have access to this area.\nThe Tverify programme is terminated as of 16th November 2010" );
+ showfooter();
+ exit;
}
+ /* this area not needed as the The Tverify programme is Terminated as of 16th November 2010
+
if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
{
showheader(_("My CAcert.org Account!"));
@@ -2939,7 +3133,6 @@
showfooter();
exit;
}
-
if($oldid == 52)
{
$uid = intval($_REQUEST['uid']);
@@ -3013,7 +3206,7 @@
while($row = mysql_fetch_assoc($res))
$body .= $row['comment']."\n";
$body .= "\n";
-
+
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
@@ -3034,7 +3227,7 @@
$body .= "\n";
$body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n";
-
+
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify");
@@ -3045,6 +3238,21 @@
showfooter();
exit;
}
+ */
+ if($id == 59){
+ if ($oldid == 43 && $_SESSION['profile']['admin'] == 1) {
+ write_se_log($_REQUEST['userid'], $_SESSION['profile']['id'], 'AD View account history', $_REQUEST['ticketno']);
+ $_SESSION['support']=1;
+ }ELSEIF ($oldid == 13 && $_REQUEST['userid'] == $_SESSION['profile']['id']){
+ $_SESSION['support']=0;
+ }ELSE{
+ showheader(_("My CAcert.org Account!"));
+ echo _("You do not have access to this page.");
+ showfooter();
+ exit;
+ }
+ }
+
if(intval($cert) > 0)
$_SESSION['_config']['cert'] = intval($cert);
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index 148a0ac..dbebf6a 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -172,7 +172,7 @@ function hideall() {
</div>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('mydetails')">+ <?=_("My Details")?></h3>
- <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><?
+ <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("View/Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><?
if($_SESSION['profile']['id'] == 1 || $_SESSION['profile']['id'] == 5897)
echo "<li><a href='sqldump.php'>SQL Dump</a></li>";
?></ul>
@@ -262,6 +262,7 @@ function hideall() {
<ul class="menu" id="advertising"><li><a href="advertising.php?id=1"><?=_("New Ad")?></a></li><li><a href="advertising.php?id=0"><?=_("View Ads")?></a></li></ul>
</div>
<? } ?>
+ <? include("about_menu.php"); ?>
</div>
<div id="content">
<div class="story">
@@ -280,7 +281,7 @@ function hideall() {
<div id="siteInfo"><a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="account.php?id=38"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
<a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a>
| &copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
-</div>
-</body>
+</div>
+</body>
</html><?
}
diff --git a/includes/general.php b/includes/general.php
index d762586..d89c0e6 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -21,10 +21,10 @@
session_name("cacert");
session_start();
- session_register("_config");
- session_register("profile");
- session_register("signup");
- session_register("lostpw");
+// session_register("_config");
+// session_register("profile");
+// session_register("signup");
+// session_register("lostpw");
// if($_SESSION['profile']['id'] > 0)
// session_regenerate_id();
@@ -536,17 +536,22 @@
$myemail = mysql_real_escape_string($email);
if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
{
- list($username,$domain)=split('@',$email);
+ list($username,$domain)=explode('@',$email,2);
$dom = escapeshellarg($domain);
$line = trim(`dig +short MX $dom 2>&1`);
#echo $email."-$dom-$line-\n";
#echo `dig +short mx heise.de 2>&1`."-<br>\n";
$list = explode("\n", $line);
- foreach($list as $row)
- list($pri, $mxhosts[]) = explode(" ", substr(trim($row), 0, -1));
+ foreach($list as $row) {
+ if(!strstr($row, " ")) {
+ continue;
+ }
+ list($pri, $mxhosts[]) = explode(" ", trim($row), 2);
+ }
$mxhosts[] = $domain;
-#print_r($mxhosts); die;
+ array_walk($mxhosts, function(&$mx) { $mx = trim($mx, '.'); } );
+
foreach($mxhosts as $key => $domain)
{
$fp = @fsockopen($domain,25,$errno,$errstr,5);
@@ -797,4 +802,5 @@
return $res;
}
+
?>
diff --git a/includes/keygen.php b/includes/keygen.php
new file mode 100644
index 0000000..2713a81
--- /dev/null
+++ b/includes/keygen.php
@@ -0,0 +1,128 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
+
+ <noscript>
+ <p><?=_('You have to enable JavaScript to generate certificates in the browser.')?></p>
+ <p><?=_('If you don\'t want to do that for any reason, you can use '.
+ 'manually created certificate requests instead.')?></p>
+ </noscript>
+
+ <div id="noActiveX" style="color:red">
+ <p><?=_('Could not initialize ActiveX object required for certificate generation.')?></p>
+ <p><?=_('You have to enable ActiveX for this to work. On Windows Vista, Windows 7 and '.
+ 'later versions you have to add this website to the list of trusted sites '.
+ 'in the internet settings.')?></p>
+ <p><?php
+ printf(_('Go to "Extras -> Internet Options -> Security -> Trusted '.
+ 'Websites", click on "Custom Level", set "ActiveX control '.
+ 'elements that are not marked as safe initialized on start in '.
+ 'scripts" to "Confirm" and click "OK". Now click "Sites", add '.
+ '"%s" and "%s" to your list of trusted sites and make the '.
+ 'changes come into effect by clicking "Close" and "OK".'),
+ 'https://'.$_SESSION['_config']['normalhostname'],
+ 'https://'.$_SESSION['_config']['securehostname'])?>
+ </p>
+ </div>
+
+ <form method="post" style="display:none" action="account.php"
+ id="CertReqForm">
+ <input type="hidden" name="oldid" value="<?=intval($id)?>" />
+ <input type="hidden" id="CSR" name="CSR" />
+ <input type="hidden" name="keytype" value="MS" />
+
+ <p><?=_('Security level')?>:
+ <select id="SecurityLevel">
+ <option value="high" selected="selected"><?=_('High')?></option>
+ <option value="medium"><?=_('Medium')?></option>
+ <option value="custom"><?=_('Custom')?>&hellip;</option>
+ </select>
+ </p>
+
+ <fieldset id="customSettings" style="display:none">
+ <legend><?=_('Custom Parameters')?></legend>
+
+ <p><?=_('Cryptography Provider')?>:
+ <select id="CspProvider"></select>
+ </p>
+ <p><?=_('Algorithm')?>: <select id="algorithm"></select></p>
+ <p><?=_('Keysize')?>:
+ <input id="keySize" type="number" />
+ <?=_('Minimum Size')?>: <span id="keySizeMin"></span>,
+ <?=_('Maximum Size')?>: <span id="keySizeMax"></span>,
+ <?php
+ // TRANSLATORS: this specifies the step between two valid key
+ // sizes. E.g. if the step is 512 and the minimum is 1024 and
+ // the maximum is 2048, then only 1024, 1536 and 2048 bits may
+ // be specified as key size.
+ echo _('Step')?>: <span id="keySizeStep"></span></p>
+ <p style="color:red"><?php
+ printf(_('Please note that RSA key sizes smaller than %d bit '.
+ 'will not be accepted by CAcert.'),
+ 2048)?>
+ </p>
+ </fieldset>
+
+ <p><input type="submit" id="GenReq" name="GenReq" value="<?=_('Create Certificate')?>" /></p>
+ <p id="generatingKeyNotice" style="display:none">
+ <?=_('Generating your key. Please wait')?>&hellip;</p>
+ </form>
+
+ <!-- Error messages used in the JavaScript. Defined here so they can be
+ translated without passing the JavaScript code through PHP -->
+ <p id="createRequestErrorChooseAlgorithm" style="display:none">
+ <?=_('Could not generate certificate request. Probably you need to '.
+ 'choose a different algorithm.')?>
+ </p>
+ <p id="createRequestErrorConfirmDialogue" style="display:none">
+ <?=_('Could not generate certificate request. Please confirm the '.
+ 'dialogue if you are asked if you want to generate the key.')?>
+ </p>
+ <p id="createRequestErrorConnectDevice" style="display:none">
+ <?=_('Could not generate certificate request. Please make sure the '.
+ 'cryptography device (e.g. the smartcard) is connected.')?>
+ </p>
+ <p id="createRequestError" style="display:none">
+ <?=_('Could not generate certificate request.')?>
+ </p>
+ <p id="invalidKeySizeError" style="display:none">
+ <?=_('You have specified an invalid key size')?>
+ </p>
+ <p id="unsupportedPlatformError" style="display:none">
+ <?=_('Could not initialize the cryptographic module for your '.
+ 'platform. Currently we support Microsoft Windows XP, Vista '.
+ 'and 7. If you\'re using one of these platforms and see this '.
+ 'error message anyway you might have to enable ActiveX as '.
+ 'described in the red explanation text and accept loading of '.
+ 'the module.')?>
+ </p>
+
+ <script type="text/javascript" src="keygenIE.js"></script>
+
+<? } else { ?>
+ <p>
+ <form method="post" action="account.php">
+ <input type="hidden" name="keytype" value="NS">
+ <?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
+
+ <input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
+ <input type="hidden" name="oldid" value="<?=intval($id)?>">
+ </form>
+ </p>
+<? }
diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php
index ca13ba2..217b885 100644
--- a/includes/lib/check_weak_key.php
+++ b/includes/lib/check_weak_key.php
@@ -137,7 +137,7 @@ function checkWeakKeyText($text)
$keysize = intval($keysize[1]);
}
- if ($keysize < 1024)
+ if ($keysize < 2048)
{
return sprintf(_("The keys that you use are very small ".
"and therefore insecure. Please generate stronger ".
@@ -145,11 +145,6 @@ function checkWeakKeyText($text)
"found in %sthe wiki%s"),
"<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
"</a>");
- } elseif ($keysize < 2048) {
- // not critical but log so we have some statistics about
- // affected users
- trigger_error("checkWeakKeyText(): Certificate for small ".
- "key (< 2048 bit) requested", E_USER_NOTICE);
}
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 5734fad..4f9b8e8 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -18,20 +18,29 @@
include_once("../includes/lib/general.php");
require_once("../includes/lib/l10n.php");
+ include_once("../includes/mysql.php");
+
+ if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
+ $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
+ }
+ if(!isset($_SESSION['profile']['id']) || !isset($_SESSION['profile']['loggedin'])) {
+ $_SESSION['profile']['id'] = 0;
+ $_SESSION['profile']['loggedin'] = 0;
+ }
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
{
$uid = $_SESSION['profile']['id'];
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($$key);
+ //session_unregister($key);
}
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
@@ -50,14 +59,14 @@
{
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($$key);
+ //session_unregister($key);
}
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
@@ -69,16 +78,16 @@
} else {
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
- foreach($_SESSION as $key)
+ foreach($_SESSION as $key => $value)
{
- if($key == '_config')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
- unset($_SESSION['_config']['oldlocation']);
+ $_SESSION['_config']['oldlocation'] = '';
foreach($_GET as $key => $val)
{
@@ -127,9 +136,9 @@
$_SESSION['profile'] = "";
foreach($_SESSION as $key => $value)
{
- unset($_SESSION[$key]);
- unset($$key);
- session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
header("location: https://".$normalhost."/index.php");
@@ -138,11 +147,11 @@
if($_SESSION['profile']['loggedin'] < 1)
{
- unset($_SESSION['_config']['oldlocation']);
+ $_SESSION['_config']['oldlocation'] = '';
foreach($_REQUEST as $key => $val)
{
- if($_SESSION['_config']['oldlocation'])
+ if('' != $_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
$key = str_replace(array("\n", "\r"), '', $key);
diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample
index eb86401..10185fc 100644
--- a/includes/mysql.php.sample
+++ b/includes/mysql.php.sample
@@ -64,7 +64,8 @@
fputs($smtp, "DATA\r\n");
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "X-Mailer: CAcert.org Website\r\n");
- fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n");
+ if (array_key_exists("REMOTE_ADDR", $_SERVER))
+ fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n");
fputs($smtp, "Sender: $errorsto\r\n");
fputs($smtp, "Errors-To: $errorsto\r\n");
if($replyto != "")
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index cc0e0eb..52789b4 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
+*/
function query_init ($query)
{
@@ -41,6 +41,15 @@
return intval($row['list']);
}
+ function get_number_of_ttpassurances ($userid)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
+ $row = query_getnextrow($res);
+
+ return intval($row['list']);
+ }
+
function get_number_of_assurees ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
@@ -52,8 +61,8 @@
function get_top_assurer_position ($no_of_assurances)
{
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting'
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE `method` = 'Face to Face Meeting'
GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
return intval(query_get_number_of_rows($res)+1);
}
@@ -83,7 +92,7 @@
$res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
return $res;
}
-
+
function get_received_assurances_summary ($userid)
{
$res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
@@ -106,7 +115,7 @@
function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked)
{
- $apoints = max($row['points'],$row['awarded']);
+ $apoints = max($row['points'], $row['awarded']);
$points += $apoints;
$experience = "&nbsp;";
$revoked = false; # to be coded later (after DB-upgrade)
@@ -129,7 +138,7 @@
$awarded = 100;
}
else
- $experience = 0;
+ $experience = 0;
switch ($row['method'])
{
@@ -192,15 +201,15 @@
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="title"><?=_("Assurer Ranking")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
- </tr>
+ <tr>
+ <td class="title"><?=_("Assurer Ranking")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
+ </tr>
</table>
<br/>
<?
@@ -210,119 +219,124 @@
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
+ <tr>
<?
if ($support == "1")
{
?>
- <td colspan="10" class="title"><?=$title?></td>
+ <td colspan="10" class="title"><?=$title?></td>
<?
} else {
?>
- <td colspan="7" class="title"><?=$title?></td>
-<? }
+ <td colspan="7" class="title"><?=$title?></td>
+<?
+ }
?>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("ID")?></strong></td>
- <td class="DataTD"><strong><?=_("Date")?></strong></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("ID")?></strong></td>
+ <td class="DataTD"><strong><?=_("Date")?></strong></td>
<?
if ($support == "1")
{
?>
- <td class="DataTD"><strong><?=_("When")?></strong></td>
- <td class="DataTD"><strong><?=_("Email")?></strong></td>
-<? } ?>
- <td class="DataTD"><strong><?=_("Who")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Location")?></strong></td>
- <td class="DataTD"><strong><?=_("Method")?></strong></td>
- <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("When")?></strong></td>
+ <td class="DataTD"><strong><?=_("Email")?></strong></td>
+<?
+ }
+?>
+ <td class="DataTD"><strong><?=_("Who")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Location")?></strong></td>
+ <td class="DataTD"><strong><?=_("Method")?></strong></td>
+ <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
<?
if ($support == "1")
{
?>
- <td class="DataTD"><strong><?=_("Revoke")?></strong></td>
+ <td class="DataTD"><strong><?=_("Revoke")?></strong></td>
<?
}
?>
- </tr>
+ </tr>
<?
}
function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support)
{
?>
- <tr>
- <td class="DataTD" colspan="5"><strong><?=$points_txt?>:</strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD">&nbsp;</td>
- <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
- <td class="DataTD"><?=$sumexperience?></td>
+ <tr>
+ <td<?=($support == "1")?' colspan="5"':' colspan="3"'?> class="DataTD"><strong><?=$points_txt?>:</strong></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD">&nbsp;</td>
+ <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
+ <td class="DataTD"><?=$sumexperience?></td>
<?
if ($support == "1")
{
?>
- <td class="DataTD">&nbsp;</td>
+ <td class="DataTD">&nbsp;</td>
<?
}
?>
- </tr>
+ </tr>
</table>
<br/>
<?
}
- function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
+ function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked, $ticketno)
{
- $tdstyle="";
- $emopen="";
- $emclose="";
+ $tdstyle="";
+ $emopen="";
+ $emclose="";
- if ($awarded == $points)
- {
- if ($awarded == "0")
+ if ($awarded == $points)
{
- if ($when < "2006-09-01")
+ if ($awarded == "0")
{
- $tdstyle="style='background-color: #ffff80'";
- $emopen="<em>";
- $emclose="</em>";
+ if ($when < "2006-09-01")
+ {
+ $tdstyle="style='background-color: #ffff80'";
+ $emopen="<em>";
+ $emclose="</em>";
+ }
}
}
- }
?>
- <tr>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
+ <tr>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
<?
- if ($support == "1")
- {
+ if ($support == "1")
+ {
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
-<? }
+<?
+ }
?>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
<?
- if ($support == "1")
- {
- if ($revoked == true)
+ if ($support == "1")
{
+ if ($revoked == true)
+ {
?>
- <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
-<? } else {
+ <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
+<?
+ } else {
?>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
+ }
}
- }
?>
</tr>
<?
@@ -332,14 +346,14 @@
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("Description")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Remark")?></strong></td>
+ <tr>
+ <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("Description")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Remark")?></strong></td>
</tr>
<?
}
@@ -355,36 +369,36 @@
function output_summary_row($title,$points,$points_countable,$remark)
{
?>
- <tr>
- <td class="DataTD"><strong><?=$title?></strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD"><?=$points_countable?></td>
- <td class="DataTD"><?=$remark?></td>
- </tr>
+ <tr>
+ <td class="DataTD"><strong><?=$title?></strong></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD"><?=$points_countable?></td>
+ <td class="DataTD"><?=$remark?></td>
+ </tr>
<?
}
// ************* output given assurances ******************
- function output_given_assurances_content($userid,&$points,&$sum_experience,$support)
+ function output_given_assurances_content($userid,&$points,&$sum_experience,$support, $ticketno)
{
$points = 0;
$sumexperience = 0;
$res = get_given_assurances(intval($userid));
while($row = mysql_fetch_assoc($res))
{
- $fromuser = get_user (intval($row['to']));
+ $fromuser = get_user (intval($row['to']));
$apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
$email = show_email_link ($fromuser['email'],intval($row['to']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked, $ticketno);
}
}
// ************* output received assurances ******************
- function output_received_assurances_content($userid,&$points,&$sum_experience,$support)
+ function output_received_assurances_content($userid,&$points,&$sum_experience,$support, $ticketno)
{
$points = 0;
$sumexperience = 0;
@@ -395,7 +409,7 @@
calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
$email = show_email_link ($fromuser['email'],intval($row['from']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked, $ticketno);
}
}
@@ -430,6 +444,8 @@
break;
case 'Unknown': // to be revoked in the future? limit to max 50 pts?
case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
+ case 'TTP-Assisted': // TTP assurances, limit to 35
+ case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
case '': // to be revoked in the future? limit to max 50 pts?
case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
break;
@@ -575,17 +591,17 @@
return $issue_points;
}
- function output_given_assurances($userid,$support)
+ function output_given_assurances($userid,$support=0, $ticketno)
{
output_assurances_header(_("Assurance Points You Issued"),$support);
- output_given_assurances_content($userid,$points,$sum_experience,$support);
+ output_given_assurances_content($userid,$points,$sum_experience,$support, $ticketno);
output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support);
}
- function output_received_assurances($userid,$support)
+ function output_received_assurances($userid,$support=0, $ticketno)
{
output_assurances_header(_("Your Assurance Points"),$support);
- output_received_assurances_content($userid,$points,$sum_experience,$support);
+ output_received_assurances_content($userid,$points,$sum_experience,$support, $ticketno);
output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience,$support);
}
@@ -602,4 +618,1147 @@
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<?
}
+
+ //functions to do with recording user agreements
+ /**
+ * write_user_agreement()
+ * writes a new record to the table user_agreement
+ *
+ * @param mixed $memid
+ * @param mixed $document
+ * @param mixed $method
+ * @param mixed $comment
+ * @param integer $active
+ * @param integer $secmemid
+ * @return
+ */
+ function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
+ // write a new record to the table user_agreement
+ $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
+ ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
+ $res = mysql_query($query);
+ }
+
+ function get_user_agreement_status($memid, $type="CCA"){
+ //returns 0 - no user agreement, 1- at least one entry
+ $query="SELECT u.`document` FROM `user_agreements` u
+ WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ;
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <=0){
+ return 0;
+ }else{
+ return 1;
+ }
+ }
+
+ function get_first_user_agreement($memid, $active=1, $type="CCA"){
+ //returns an array (`document`,`date`,`method`, `comment`,`active`)
+ if($active==1){
+ $filter="u.`memid`=".$memid;
+ }else{
+ $filter="u.`secmemid`=".$memid;
+ }
+ $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u
+ WHERE u.`document` = '".$type."' AND ".$filter."
+ ORDER BY u.`date` Limit 1;";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) >0){
+ $row = mysql_fetch_assoc($res);
+ $rec['document']= $row['document'];
+ $rec['date']= $row['date'];
+ $rec['method']= $row['method'];
+ $rec['comment']= $row['comment'];
+ $rec['active']= $row['active'];
+ }else{
+ $rec=array();
+ }
+ return $rec;
+ }
+
+ function get_last_user_agreement($memid, $type="CCA"){
+ //returns an array (`document`,`date`,`method`, `comment`,`active`)
+ $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
+ union
+ (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) >0){
+ $row = mysql_fetch_assoc($res);
+ $rec['document']= $row['document'];
+ $rec['date']= $row['date'];
+ $rec['method']= $row['method'];
+ $rec['comment']= $row['comment'];
+ $rec['active']= $row['active'];
+ }else{
+ $rec=array();
+ }
+ return $rec;
+ }
+
+function get_user_agreement($memid){
+ $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = 'CCA' AND (u.`memid`=".$memid." ) order by u.`date` )
+ union
+ (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = 'CCA' AND ( u.`secmemid`=".$memid.") order by u.`date`)
+ union
+ (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` != 'CCA' AND ( u.`memid`=".$memid.") order by u.u.`document`, u.`date`) " ;
+ $res = mysql_query($query);
+
+ return mysql_query($query);
+}
+
+ function delete_user_agreement($memid, $type="CCA"){
+ //deletes all entries to an user for the given type of user agreements
+ mysql_query("delete from `user_agreements` where `memid`='".$memid."'");
+ mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'");
+ }
+
+ // functions for 6.php (assure somebody)
+
+ function AssureHead($confirmation,$checkname)
+ {
+?>
+<form method="post" action="wot.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
+ <tr>
+ <td colspan="2" class="title"><?=$confirmation?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
+ </tr>
+<?
+ }
+
+ function AssureTextLine($field1,$field2)
+ {
+?>
+ <tr>
+ <td class="DataTD"><?=$field1.(empty($field1)?'':':')?></td>
+ <td class="DataTD"><?=$field2?></td>
+ </tr>
+<?
+ }
+
+ function AssureBoxLine($type,$text,$checked)
+ {
+?>
+ <tr>
+ <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
+ <td class="DataTD"><?=$text?></td>
+ </tr>
+<?
+ }
+
+ function AssureMethodLine($text,$methods,$remark)
+ {
+ if (count($methods) != 1) {
+?>
+ <tr>
+ <td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
+ <td class="DataTD">
+ <select name="method">
+<?
+ foreach($methods as $val) {
+?>
+ <option value="<?=$val?>"><?=$val?></option>
+<?
+ }
+?>
+ </select>
+ <br />
+ <?=$remark?>
+ </td>
+ </tr>
+<?
+ } else {
+?>
+ <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" />
+<?
+ }
+ }
+
+ function AssureInboxLine($type,$field,$value,$description)
+ {
+?>
+ <tr>
+ <td class="DataTD"><?=$field.(empty($field)?'':':')?></td>
+ <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
+ </tr>
+<?
+ }
+
+ function AssureFoot($oldid,$confirm)
+ {
?>
+ <tr>
+ <td class="DataTD" colspan="2">
+ <input type="submit" name="process" value="<?=$confirm?>" />
+ <input type="submit" name="cancel" value="<?=_("Cancel")?>" />
+ </td>
+ </tr>
+</table>
+<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
+<input type="hidden" name="oldid" value="<?=$oldid?>" />
+</form>
+<?
+ }
+
+ function account_email_delete($mailid){
+ //deletes an email entry from an acount
+ //revolkes all certifcates for that email address
+ //called from www/account.php if($process != "" && $oldid == 2)
+ //called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
+ //called from account_delete
+ $mailid = intval($mailid);
+ revoke_all_client_cert($mailid);
+ $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
+ mysql_query($query);
+ }
+
+ function account_domain_delete($domainid){
+ //deletes an domain entry from an acount
+ //revolkes all certifcates for that domain address
+ //called from www/account.php if($process != "" && $oldid == 9)
+ //called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
+ //called from account_delete
+ $domainid = intval($domainid);
+ revoke_all_server_cert($domainid);
+ mysql_query(
+ "update `domains`
+ set `deleted`=NOW()
+ where `id` = '$domainid'");
+ }
+
+ function account_delete($id, $arbno, $adminid){
+ //deletes an account following the deleted account routnie V3
+ // called from www/account.php if($oldid == 50 && $process != "")
+ //change password
+ $id = intval($id);
+ $arbno = mysql_real_escape_string($arbno);
+ $adminid = intval($adminid);
+ $pool = 'abcdefghijklmnopqrstuvwxyz';
+ $pool .= '0123456789!()ยง';
+ $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+ srand ((double)microtime()*1000000);
+ $password="";
+ for($index = 0; $index < 30; $index++)
+ {
+ $password .= substr($pool,(rand()%(strlen ($pool))), 1);
+ }
+ mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
+
+ //create new mail for arbitration number
+ $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
+ mysql_query($query);
+ $emailid = mysql_insert_id();
+
+ //set new mail as default
+ $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
+ mysql_query($query);
+
+ //delete all other email address
+ $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ account_email_delete($row['id']);
+ }
+
+ //delete all domains
+ $query = "select `id` from `domains` where `memid`='".$id."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ account_domain_delete($row['id']);
+ }
+
+ //clear alert settings
+ mysql_query(
+ "update `alerts` set
+ `general`='0',
+ `country`='0',
+ `regional`='0',
+ `radius`='0'
+ where `memid`='$id'");
+
+ //set default location
+ $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
+ mysql_query($query);
+
+ //clear listings
+ $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
+ mysql_query($query);
+
+ //set lanuage to default
+ //set default language
+ mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
+ //delete secondary langugaes
+ mysql_query("delete from `addlang` where `userid`='".$id."'");
+
+ //change secret questions
+ for($i=1;$i<=5;$i++){
+ $q="";
+ $a="";
+ for($index = 0; $index < 30; $index++)
+ {
+ $q .= substr($pool,(rand()%(strlen ($pool))), 1);
+ $a .= substr($pool,(rand()%(strlen ($pool))), 1);
+ }
+ $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
+ mysql_query($query);
+ }
+
+ //change personal information to arbitration number and DOB=1900-01-01
+ $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
+ $details = mysql_fetch_assoc(mysql_query($query));
+ $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
+ `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
+ mysql_query($query);
+ $query = "update `users` set `fname`='".$arbno."',
+ `mname`='".$arbno."',
+ `lname`='".$arbno."',
+ `suffix`='".$arbno."',
+ `dob`='1900-01-01'
+ where `id`='".$id."'";
+ mysql_query($query);
+
+ //clear all admin and board flags
+ mysql_query(
+ "update `users` set
+ `assurer`='0',
+ `assurer_blocked`='0',
+ `codesign`='0',
+ `orgadmin`='0',
+ `ttpadmin`='0',
+ `locadmin`='0',
+ `admin`='0',
+ `adadmin`='0',
+ `tverify`='0',
+ `board`='0'
+ where `id`='$id'");
+
+ //block account
+ mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
+ }
+
+
+ function check_email_exists($email){
+ // called from includes/account.php if($process != "" && $oldid == 1)
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $email = mysql_real_escape_string($email);
+ $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+ function check_gpg_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
+ }else{
+ $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+ function check_client_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
+ $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
+ }else{
+ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
+ $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query1);
+ $r1 = mysql_num_rows($res)>0;
+ $res = mysql_query($query2);
+ $r2 = mysql_num_rows($res)>0;
+ return !!($r1 || $r2);
+ }
+
+ function check_server_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query1 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `domaincerts`.`expire` > NOW()
+ and `domaincerts`.`revoked` < `domaincerts`.`created`";
+ $query2 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `revoked`>NOW()";
+ }else{
+ $query1 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `expire`>(NOW()-90*86400)
+ and `revoked`<`created`";
+ $query2 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `revoked`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query1);
+ $r1 = mysql_num_rows($res)>0;
+ $res = mysql_query($query2);
+ $r2 = mysql_num_rows($res)>0;
+ return !!($r1 || $r2);
+ }
+
+ function check_is_orgadmin($uid){
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+
+ // revokation of certificates
+ function revoke_all_client_cert($mailid){
+ //revokes all client certificates for an email address
+ $mailid = intval($mailid);
+ $query = "select `emailcerts`.`id`
+ from `emaillink`,`emailcerts` where
+ `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
+ group by `emailcerts`.`id`";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres)){
+ mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
+ }
+ }
+
+ function revoke_all_server_cert($domainid){
+ //revokes all server certs for an domain
+ $domainid = intval($domainid);
+ $query =
+ "select `domaincerts`.`id`
+ from `domaincerts`
+ where `domaincerts`.`domid` = '$domainid'
+ union distinct
+ select `domaincerts`.`id`
+ from `domaincerts`, `domlink`
+ where `domaincerts`.`id` = `domlink`.`certid`
+ and `domlink`.`domid` = '$domainid'";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ mysql_query(
+ "update `domaincerts`
+ set `revoked`='1970-01-01 10:00:01'
+ where `id` = '".$drow['id']."'
+ and `revoked` = 0");
+ }
+ }
+
+ function revoke_all_private_cert($uid){
+ //revokes all certificates linked to a personal accounts
+ //gpg revokation needs to be added to a later point
+ $uid=intval($uid);
+ $query = "select `id` from `email` where `memid`='".$uid."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ revoke_all_client_cert($row['id']);
+ }
+
+
+ $query = "select `id` from `domains` where `memid`='".$uid."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ revoke_all_server_cert($row['id']);
+ }
+ }
+
+ /**
+ * check_date_format()
+ * checks if the date is entered in the right date format YYYY-MM-DD and
+ * if the date is after the 1st January of the given year
+ *
+ * @param mixed $date
+ * @param integer $year
+ * @return
+ */
+ function check_date_format($date, $year=2000){
+ if (!strpos($date,'-')) {
+ return FALSE;
+ }
+ $arr=explode('-',$date);
+
+ if ((count($arr)!=3)) {
+ return FALSE;
+ }
+ if (intval($arr[0])<=$year) {
+ return FALSE;
+ }
+ if (intval($arr[1])>12 or intval($arr[1])<=0) {
+ return FALSE;
+ }
+ if (intval($arr[2])>31 or intval($arr[2])<=0) {
+ return FALSE;
+ }
+
+ return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
+
+ }
+
+ /**
+ * check_date_difference()
+ * returns false if the date is larger then today + time diffrence
+ *
+ * @param mixed $date
+ * @param integer $diff
+ * @return
+ */
+ function check_date_difference($date, $diff=1){
+ return (strtotime($date)<=time()+$diff*86400);
+ }
+
+/**
+ * write_se_log()
+ * writes an information to the adminlog
+ *
+ * @param mixed $uid - id of the user account
+ * @param mixed $adminid - id of the admin
+ * @param mixed $type - what was changed
+ * @param mixed $info - the ticket / arbitration no or other information
+ * @return
+ */
+function write_se_log($uid, $adminid, $type, $info){
+ //records all support engineer actions changing a user account
+ $uid = intval($uid);
+ $adminid = intval($adminid);
+ $type = mysql_real_escape_string($type);
+ $info = mysql_real_escape_string($info);
+ $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values
+ (Now(), $uid, $adminid, '$type', '$info')";
+ mysql_query($query);
+}
+
+/**
+ * valid_ticket_number()
+ * checks if the entered information is a valid ticket or arbitration number
+ * @param mixed $ticketno
+ * @return
+ */
+function valid_ticket_number($ticketno){
+ //return if a given ticket number is valid
+ //a arbitration case
+ //d dispute action
+ //s support case
+ //m board motion
+ $pattern='/[adsmADSM]\d{8}\./';
+ if (preg_match($pattern, $ticketno)) {
+ return true;
+ }
+ return false;
+}
+
+// function for handling account/43.php
+/**
+ * get_user_data()
+ * returns all data of to an account given by the id
+ * @param mixed $userid - account id
+ * @param mixed $deleted - states if deleted data should be visible , default = 0 - not visible
+ * @return
+ */
+function get_user_data($userid, $deleted=0){
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter=' and `users`.`deleted`=0';
+ }
+ $query = "select * from `users` where `users`.`id`='$userid' ".$filter;
+ return mysql_query($query);
+}
+
+/**
+ * get_alerts()
+ * retrns all alert settings for one user
+ * @param mixed $userid for the requested account
+ * @return
+ */
+function get_alerts($userid){
+ return mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($userid)."'"));
+}
+
+/**
+ * get_email_address()
+ * returns all email address linked to one account
+ * @param mixed $userid
+ * @param string $primary if given the primary email address is not retirned
+ * @param integer $deleted - states if deleted data should be visible , default = 0 - not visible
+ * @return
+ */
+function get_email_address($userid, $primary,$deleted=0){
+ //should be entered in account/2.php
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter=' and `deleted`=0';
+ }
+ if ($primary) {
+ $filter= $filter." and `email`!='".mysql_real_escape_string($primary)."'";
+ }
+ $query = "select * from `email` where `memid`='".$userid."'".$filter." order by `created`";
+ return mysql_query($query);
+}
+
+/**
+ * get_domains()
+ * returns all domains to an account
+ * @param mixed $userid
+ * @param integer $deleted - states if deleted data should be visible , default = 0 - not visible
+ * @return
+ */
+function get_domains($userid, $deleted=0){
+ //should be entered in account/9.php
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter=' and `deleted`=0';
+ }
+ $query = "select * from `domains` where `memid`='".$userid."' and `hash`=''".$filter." order by `created`";
+ return mysql_query($query);
+}
+
+/**
+ * get_training_result()
+ * returns all training results to an account
+ * @param mixed $userid
+ * @return
+ */
+function get_training_result($userid){
+ //should be entered in account/55.php
+ $userid = intval($userid);
+ $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
+ " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".$userid."'".
+ " ORDER BY `CP`.`pass_date`";
+ return mysql_query($query);
+}
+
+/**
+ * get_se_log()
+ * returns all SE log entries to an account
+ * @param mixed $userid
+ * @return
+ */
+function get_se_log($userid){
+ $userid = intval($userid);
+ $query = "SELECT `adminlog`.`when`, `adminlog`.`type`, `adminlog`.`information`, `users`.`fname`, `users`.`lname`
+ FROM `adminlog`, `users`
+ WHERE `adminlog`.`adminid` = `users`.`id` and `adminlog`.`uid`=".$userid."
+ ORDER BY `adminlog`.`when`";
+ return mysql_query($query);
+}
+
+/**
+ * get_client_certs()
+ * returns all client certificates to an account
+ * @param mixed $userid
+ * @param integer $viewall- states if expired certs should be visible , default = 0 - not visible
+ * @return
+ */
+//add to account/5.php
+function get_client_certs($userid,$viewall=0){
+ $userid = intval($userid);
+ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
+ `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ `emailcerts`.`id`,
+ `emailcerts`.`CN`,
+ `emailcerts`.`serial`,
+ `emailcerts`.`disablelogin` as `disablelogin`,
+ `emailcerts`.`description`
+ from `emailcerts`
+ where `emailcerts`.`memid`='".$userid."'";
+ if($viewall != 1)
+ $query .= " AND `revoked`=0 AND `renewed`=0 ";
+ $query .= " GROUP BY `emailcerts`.`id` ";
+ if($viewall != 1)
+ $query .= " HAVING `timeleft` > 0 ";
+ $query .= " ORDER BY `emailcerts`.`modified` desc";
+ return mysql_query($query);
+}
+
+/**
+ * get_server_certs()
+ * returns all server certs to an account
+ * @param mixed $userid
+ * @param integer $viewall states if expired certs should be visible , default = 0 - not visible
+ * @return
+ */
+function get_server_certs($userid,$viewall=0){
+ //add to account/12.php
+ $userid = intval($userid);
+ $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
+ `domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
+ `domaincerts`.`description`
+ from `domaincerts`,`domains`
+ where `memid`='".$userid."' and `domaincerts`.`domid`=`domains`.`id` ";
+ if($viewall != 1)
+ {
+ $query .= "AND `revoked`=0 AND `renewed`=0 ";
+ $query .= "HAVING `timeleft` > 0 ";
+ }
+ $query .= "ORDER BY `domaincerts`.`modified` desc";
+ return mysql_query($query);
+}
+
+/**
+ * get_gpg_certs()
+ * retruns all gpg certs to an account
+ * @param mixed $userid
+ * @param integer $viewall states if expired certs should be visible , default = 0 - not visible
+ * @return
+ */
+function get_gpg_certs($userid,$viewall=0){
+ //add to gpg/2.php
+ $userid = intval($userid);
+ $query = $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
+ UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`expire`) as `expired`,
+ `expire` as `expires`, `id`, `level`,
+ `email`,`keyid`,`description` from `gpg` where `memid`='".$userid."'
+ ORDER BY `issued` desc";
+ return mysql_query($query);
+}
+
+
+
+/**
+ * output_log_email_header()
+ * shows the table header to the email table
+ * @return
+ */
+function output_log_email_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Email, primary bold") ?></td>
+ <td class="DataTD bold"><?= _("Created") ?></td>
+ <td class="DataTD bold"><?= _("Deleted") ?></td>
+ </tr>
+
+ <?
+}
+/**
+ * output_log_email()
+ * shows all email data
+ * @param mixed $row - sql-query array
+ * @param mixed $primary - if given the primary address is highlighted
+ * @return
+ */
+function output_log_email($row,$primary){
+ $italic='';
+ $bold='';
+ if (0==$row['deleted']) {
+ $italic='italic ';
+ }
+ if ($primary==$row['email']) {
+ $bold= 'bold ';
+ }
+ ?>
+ <tr>
+ <td class="DataTD <? $bold . $italic ?>"><?=$row['email']?></td>
+ <td class="DataTD <? $bold . $italic ?>"><?=$row['created']?></td>
+ <td class="DataTD <? $bold . $italic ?>"><?=$row['deleted']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_domains_header()
+ * shows the table header to the domains table
+ * @return
+ */
+function output_log_domains_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Domain") ?></td>
+ <td class="DataTD bold"><?= _("Created") ?></td>
+ <td class="DataTD bold"><?= _("Deleted") ?></td>
+ </tr>
+
+ <?
+}
+
+/**
+ * output_log_domains()
+ * shows the domain data
+ * @param mixed $row - sql-query array
+ * @return
+ */
+function output_log_domains($row){
+ $italic='';
+ if (0==$row['deleted']) {
+ $italic='italic ';
+ }
+ ?>
+ <tr>
+ <td class="DataTD <? $italic ?>"><?=$row['domain']?></td>
+ <td class="DataTD <? $italic ?>"><?=$row['created']?></td>
+ <td class="DataTD <? $italic ?>"><?=$row['deleted']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_agreement_header()
+ * shows the table header to the user agreement table
+ * @return
+ */
+function output_log_agreement_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Agreement") ?></td>
+ <td class="DataTD bold"><?= _("Date") ?></td>
+ <td class="DataTD bold"><?= _("Method") ?></td>
+ <td class="DataTD bold"><?= _("Active ") ?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_agreement()
+ * shows the agreement data
+ * @param mixed $row - sql-query array
+ * @return
+ */
+function output_log_agreement($row){
+ ?>
+ <tr>
+ <td class="DataTD" ><?=$row['document']?></td>
+ <td class="DataTD" ><?=$row['date']?></td>
+ <td class="DataTD" ><?=$row['method']?></td>
+ <td class="DataTD"><?= ($row['active']==0)? _('passive'):_('active')?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_training_header()
+ * shows the table header to the training table
+ * @return
+ */
+function output_log_training_header(){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Agreement") ?></td>
+ <td class="DataTD bold"><?= _("Test") ?></td>
+ <td class="DataTD bold"><?= _("Variant") ?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_training()
+ * shows the training data
+ * @param mixed $row - sql-query array
+ * @return
+ */
+function output_log_training($row){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD"><?=$row['pass_date']?></td>
+ <td class="DataTD"><?=$row['type_text']?></td>
+ <td class="DataTD"><?=$row['test_text']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_se_header()
+ * shows the table header to the SE log table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_log_se_header($support=0){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Date") ?></td>
+ <td class="DataTD bold"><?= _("Type") ?></td>
+ <?if (1==$support) {
+ ?>
+ <td class="DataTD bold"><?= _("Information") ?></td>
+ <td class="DataTD bold"><?= _("Admin") ?></td>
+ <?
+ }?>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_se()
+ * show the SE log data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are added
+ * @return
+ */
+function output_log_se($row, $support=0){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD"><?=$row['when']?></td>
+ <td class="DataTD"><?=$row['type']?></td>
+ <?if (1==$support) {
+ ?>
+ <td class="DataTD"><?=$row['information']?></td>
+ <td class="DataTD"><?=$row['fname'].' '.$row['lname']?></td>
+ <?
+ }?>
+ </tr>
+ <?
+}
+
+/**
+ * output_client_cert_header()
+ * shows the table header to the cleint cert table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_client_cert_header($support=0){
+ //should be added to account/5.php
+ ?>
+ <tr>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <? } ?>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=_("Login")?></td>
+ <?if ($support !=1) { ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <? } ?>
+ </tr>
+ <?
+}
+
+/**
+ * output_client_cert()
+ * show the client cert data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are not visible
+ * @return
+ */
+function output_client_cert($row, $support=0){
+ //should be entered in account/5.php
+ $verified="";
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
+ ?>
+ <tr>
+ <?
+ if($verified != _("Pending") && $verified != _("Revoked")) {
+ if ($support !=1) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+ <? } ?>
+ <td class="DataTD"><?=$verified?></td>
+ <? if ($support !=1) { ?>
+ <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
+ <? } ELSE {?>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <? } ?>
+ <? } else if($verified != _("Revoked")) {
+ if ($support !=1) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+ <? } ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <? } else {
+ if ($support !=1) { ?>
+ <td class="DataTD">&nbsp;</td>
+ <? } ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <? } ?>
+
+ <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+
+ <? if ($support !=1) { ?>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+ <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
+ </td>
+ <? } ELSE { ?>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?> DISABLED/>
+ </td>
+ <? }
+ if ($support !=1) { ?>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+ <? }?>
+ </tr>
+
+ <?
+}
+
+/**
+ * output_log_server_certs_header()
+ * shows the table header to the server cert table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_log_server_certs_header($support=0){
+ //should be entered in account/12.php
+ ?>
+ <tr>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <? } ?>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <?if ($support !=1) { ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <? } ?>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_server_certs()
+ * show the server cert data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are not visible
+ * @return
+ */
+function output_log_server_certs($row, $support=0){
+ //should be entered in account/12.php
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
+ ?>
+ <tr>
+ <? if ($support !=1) {
+ if($verified != _("Pending") && $verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td>
+ <? } else if($verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td>
+ <? } else { ?>
+ <td class="DataTD">&nbsp;</td>
+ <? }
+ }?>
+ <td class="DataTD"><?=$verified?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
+ <? }ELSE{ ?>
+ <td class="DataTD"><?=$row['CN']?></td>
+ <?}?>
+ <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+ <?}?>
+ </tr> <?
+}
+
+/**
+ * output_gpg_certs_header()
+ * shows the table header to the gpg cert table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_gpg_certs_header($support=0){
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=_("Key ID")?></td>
+ <?if ($support !=1) { ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <? }?>
+ </tr>
+ <?
+}
+
+/**
+ * output_gpg_certs()
+ * show the gpg cert data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are not visible
+ * @return
+ */
+function output_gpg_certs($row, $support=0){
+ //should be entered in account/55.php
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ ?>
+ <tr>
+ <? if($verified == _("Valid")) { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$row['email']?></td>
+ <? } ?>
+ <? } else if($verified == _("Pending")) { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=$row['email']?></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$row['email']?></td>
+ <? } ?>
+ <? } ?>
+ <td class="DataTD"><?=$row['expires']?></td>
+ <?if ($support != 1) { ?>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$row['keyid']?></td>
+ <? } ?>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+ <? } ?>
+ </tr>
+ <?
+}
diff --git a/includes/wot.inc.php b/includes/wot.inc.php
deleted file mode 100644
index 6b3bcc8..0000000
--- a/includes/wot.inc.php
+++ /dev/null
@@ -1,631 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2011 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
-
- function query_init ($query)
- {
- return mysql_query($query);
- }
-
- function query_getnextrow ($res)
- {
- $row1 = mysql_fetch_assoc($res);
- return $row1;
- }
-
- function query_get_number_of_rows ($resultset)
- {
- return intval(mysql_num_rows($resultset));
- }
-
- function get_number_of_assurances ($userid)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
- $row = query_getnextrow($res);
-
- return intval($row['list']);
- }
-
- function get_number_of_assurees ($userid)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
- $row = query_getnextrow($res);
-
- return intval($row['list']);
- }
-
- function get_top_assurer_position ($no_of_assurances)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting'
- GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
- return intval(query_get_number_of_rows($res)+1);
- }
-
- function get_top_assuree_position ($no_of_assurees)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting'
- GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
- return intval(query_get_number_of_rows($res)+1);
- }
-
- function get_given_assurances ($userid)
- {
- $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
- return $res;
- }
-
- function get_received_assurances ($userid)
- {
- $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
- return $res;
- }
-
- function get_given_assurances_summary ($userid)
- {
- $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
- return $res;
- }
-
- function get_received_assurances_summary ($userid)
- {
- $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
- return $res;
- }
-
- function get_user ($userid)
- {
- $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
- return mysql_fetch_assoc($res);
- }
-
- function get_cats_state ($userid)
- {
-
- $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
- WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
- return mysql_num_rows($res);
- }
-
- function calc_experience ($row,&$points,&$experience,&$sum_experience)
- {
- $apoints = max($row['points'], $row['awarded']);
-
- $points += $apoints;
-
- $experience = "&nbsp;";
- if ($row['method'] == "Face to Face Meeting")
- {
- $sum_experience = $sum_experience +2;
- $experience = "2";
- }
- return $apoints;
- }
-
- function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded)
- {
- $awarded = calc_points($row);
-
- if ($awarded > 100)
- {
- $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
- $awarded = 100;
- }
- else
- $experience = 0;
-
- switch ($row['method'])
- {
- case 'Thawte Points Transfer':
- case 'CT Magazine - Germany':
- case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
- $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
- $experience=0;
- break;
- default:
- $points += $awarded;
- }
- $sumexperience = $sumexperience + $experience;
- }
-
-
- function show_user_link ($name,$userid)
- {
- $name = trim($name);
- if($name == "")
- {
- if ($userid == 0)
- $name = _("System");
- else
- $name = _("Deleted account");
- }
- else
- $name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>$name</a>";
- return $name;
- }
-
- function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
- {
- $num_of_assurances = get_number_of_assurances (intval($userid));
- $rank_of_assurer = get_top_assurer_position($num_of_assurances);
- }
-
- function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
- {
- $num_of_assurees = get_number_of_assurees (intval($userid));
- $rank_of_assuree = get_top_assuree_position($num_of_assurees);
- }
-
-
-// ************* html table definitions ******************
-
- function output_ranking($userid)
- {
- get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
- get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
-
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="title"><?=_("Assurer Ranking")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
- </tr>
-</table>
-<br/>
-<?
- }
-
- function output_assurances_header($title)
- {
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="7" class="title"><?=$title?></td>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("ID")?></strong></td>
- <td class="DataTD"><strong><?=_("Date")?></strong></td>
- <td class="DataTD"><strong><?=_("Who")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Location")?></strong></td>
- <td class="DataTD"><strong><?=_("Method")?></strong></td>
- <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
- </tr>
-<?
- }
-
- function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience)
- {
-?>
- <tr>
- <td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD">&nbsp;</td>
- <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
- <td class="DataTD"><?=$sumexperience?></td>
- </tr>
-</table>
-<br/>
-<?
- }
-
- function output_assurances_row($assuranceid,$date,$when,$name,$awarded,$points,$location,$method,$experience)
- {
-
- $tdstyle="";
- $emopen="";
- $emclose="";
-
- if ($awarded == $points)
- {
- if ($awarded == "0")
- {
- if ($when < "2006-09-01")
- {
- $tdstyle="style='background-color: #ffff80'";
- $emopen="<em>";
- $emclose="</em>";
- }
- }
- }
-
-?>
- <tr>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
- </tr>
-<?
- }
-
- function output_summary_header()
- {
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("Description")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Remark")?></strong></td>
- </tr>
-<?
- }
-
- function output_summary_footer()
- {
-?>
-</table>
-<br/>
-<?
- }
-
- function output_summary_row($title,$points,$points_countable,$remark)
- {
-?>
- <tr>
- <td class="DataTD"><strong><?=$title?></strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD"><?=$points_countable?></td>
- <td class="DataTD"><?=$remark?></td>
- </tr>
-<?
- }
-
-
-// ************* output given assurances ******************
-
- function output_given_assurances_content($userid,&$points,&$sum_experience)
- {
- $points = 0;
- $sumexperience = 0;
- $res = get_given_assurances(intval($userid));
- while($row = mysql_fetch_assoc($res))
- {
- $fromuser = get_user (intval($row['to']));
- $apoints = calc_experience ($row,$points,$experience,$sum_experience);
- $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
- }
- }
-
-// ************* output received assurances ******************
-
- function output_received_assurances_content($userid,&$points,&$sum_experience)
- {
- $points = 0;
- $sumexperience = 0;
- $res = get_received_assurances(intval($userid));
- while($row = mysql_fetch_assoc($res))
- {
- $fromuser = get_user (intval($row['from']));
- calc_assurances ($row,$points,$experience,$sum_experience,$awarded);
- $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
- }
- }
-
-// ************* output summary table ******************
-
- function check_date_limit ($userid,$age)
- {
- $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
- $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
- return intval(query_get_number_of_rows($res));
- }
-
- function calc_points($row)
- {
- $awarded = intval($row['awarded']);
- if ($awarded == "")
- $awarded = 0;
- if (intval($row['points']) < $awarded)
- $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value
- else
- $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value
- switch ($row['method'])
- {
- case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
- case 'CT Magazine - Germany': // revoke c't (only one test-entry)
- case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
- $points = 0;
- break;
- case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
- if ($points <= 2) // maybe limit to 35/50 pts in the future?
- $points = 0;
- break;
- case 'Unknown': // to be revoked in the future? limit to max 50 pts?
- case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
- case 'TTP-Assisted': // TTP assurances, limit to 35
- case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
- case '': // to be revoked in the future? limit to max 50 pts?
- case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
- break;
- default: // should never happen ... ;-)
- $points = 0;
- }
- if ($points < 0) // ignore negative points (bug needs to be fixed)
- $points = 0;
- return $points;
- }
-
- function max_points($userid)
- {
- return output_summary_content ($userid,0);
- }
-
- function output_summary_content($userid,$display_output)
- {
- $sum_points = 0;
- $sum_experience = 0;
- $sum_experience_other = 0;
- $max_points = 100;
- $max_experience = 50;
-
- $experience_limit_reached_txt = _("Limit reached");
-
- if (check_date_limit($userid,18) != 1)
- {
- $max_experience = 10;
- $experience_limit_reached_txt = _("Limit given by PoJAM reached");
- }
- if (check_date_limit($userid,14) != 1)
- {
- $max_experience = 0;
- $experience_limit_reached_txt = _("Limit given by PoJAM reached");
- }
-
- $res = get_received_assurances_summary($userid);
- while($row = mysql_fetch_assoc($res))
- {
- $points = calc_points ($row);
-
- if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
- {
- $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
- $points = $max_points;
- }
- $sum_points += $points*intval($row['number']);
- }
-
- $res = get_given_assurances_summary($userid);
- while($row = mysql_fetch_assoc($res))
- {
- switch ($row['method'])
- {
- case 'Face to Face Meeting': // count Face to Face only
- $sum_experience += 2*intval($row['number']);
- break;
- }
-
- }
-
- if ($sum_points > $max_points)
- {
- $sum_points_countable = $max_points;
- $remark_points = _("Limit reached");
- }
- else
- {
- $sum_points_countable = $sum_points;
- $remark_points = "&nbsp;";
- }
- if ($sum_experience > $max_experience)
- {
- $sum_experience_countable = $max_experience;
- $remark_experience = $experience_limit_reached_txt;
- }
- else
- {
- $sum_experience_countable = $sum_experience;
- $remark_experience = "&nbsp;";
- }
-
- if ($sum_experience_countable + $sum_experience_other > $max_experience)
- {
- $sum_experience_other_countable = $max_experience-$sum_experience_countable;
- $remark_experience_other = $experience_limit_reached_txt;
- }
- else
- {
- $sum_experience_other_countable = $sum_experience_other;
- $remark_experience_other = "&nbsp;";
- }
-
- if ($sum_points_countable < $max_points)
- {
- if ($sum_experience_countable != 0)
- $remark_experience = _("Points on hold due to less assurance points");
- $sum_experience_countable = 0;
- if ($sum_experience_other_countable != 0)
- $remark_experience_other = _("Points on hold due to less assurance points");
- $sum_experience_other_countable = 0;
- }
-
- $issue_points = 0;
- $cats_test_passed = get_cats_state ($userid);
- if ($cats_test_passed == 0)
- {
- $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
- if ($sum_points_countable < $max_points)
- {
- $issue_points_txt = "<strong style='color: red'>";
- $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
- $issue_points_txt .= "</strong>";
- }
- }
- else
- {
- $experience_total = $sum_experience_countable+$sum_experience_other_countable;
- $issue_points_txt = "";
- if ($sum_points_countable == $max_points)
- $issue_points = 10;
- if ($experience_total >= 10)
- $issue_points = 15;
- if ($experience_total >= 20)
- $issue_points = 20;
- if ($experience_total >= 30)
- $issue_points = 25;
- if ($experience_total >= 40)
- $issue_points = 30;
- if ($experience_total >= 50)
- $issue_points = 35;
- if ($issue_points != 0)
- $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
- }
- if ($display_output)
- {
- output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
- output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
- output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
- output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
- }
- return $issue_points;
- }
-
- function output_given_assurances($userid)
- {
- output_assurances_header(_("Assurance Points You Issued"));
- output_given_assurances_content($userid,$points,$sum_experience);
- output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience);
- }
-
- function output_received_assurances($userid)
- {
- output_assurances_header(_("Your Assurance Points"));
- output_received_assurances_content($userid,$points,$sum_experience);
- output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience);
- }
-
- function output_summary($userid)
- {
- output_summary_header();
- output_summary_content($userid,1);
- output_summary_footer();
- }
-
- function output_end_of_page()
- {
-?>
- <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
-<?
- }
-
-// functions for 6.php (assure somebody)
-
-function AssureHead($confirmation,$checkname)
-{
-?>
-<form method="post" action="wot.php">
- <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
- <tr>
- <td colspan="2" class="title"><?=$confirmation?></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
- </tr>
-<?
- }
-
-function AssureTextLine($field1,$field2)
-{
-?>
- <tr>
- <td class="DataTD"><?=$field1?>:</td>
- <td class="DataTD"><?=$field2?></td>
- </tr>
-<?
-}
-
-function AssureCCABoxLine($type,$text)
-{
- return;
- AssureBoxLine($type,$text);
-}
-
-function AssureBoxLine($type,$text,$checked)
-{
-?>
- <tr>
- <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
- <td class="DataTD"><?=$text?></td>
- </tr>
-<?
-}
-
-function AssureMethodLine($text,$methods,$remark)
-{
- if (count($methods) != 1)
- {
-?>
- <tr>
- <td class="DataTD"><?=$text?></td>
- <td class="DataTD">
- <select name="method">
-<?
- foreach($methods as $val) { ?>
- <option value="<?=$val?>"> <?=$val?></option>
-
-<? } ?>
- </select>
- </br><?=$remark?>
- </td>
- </tr>
-<?
- } else {
-?>
- <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>">
-<?
- }
-}
-
-function AssureInboxLine($type,$field,$value,$description)
-{
-?>
- <tr>
- <td class="DataTD"><?=$field?>:</td>
- <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
- </tr>
-<?
-}
-
-function AssureFoot($oldid,$confirm)
-{?>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=$confirm?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
- </tr>
- </table>
- <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>">
- <input type="hidden" name="oldid" value="<?=$oldid?>">
-</form>
-<?
-}
-