summaryrefslogtreecommitdiff
path: root/pages
diff options
context:
space:
mode:
Diffstat (limited to 'pages')
-rw-r--r--pages/account/13.php12
-rw-r--r--pages/account/15.php2
-rw-r--r--pages/account/19.php2
-rw-r--r--pages/account/23.php2
-rw-r--r--pages/account/55.php235
-rw-r--r--pages/account/56.php82
-rw-r--r--pages/account/6.php6
-rw-r--r--pages/index/52.php33
-rw-r--r--pages/wot/5.php47
-rw-r--r--pages/wot/6.php15
-rw-r--r--pages/wot/9.php4
11 files changed, 258 insertions, 182 deletions
diff --git a/pages/account/13.php b/pages/account/13.php
index 080e277..ea28c0e 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -127,20 +127,10 @@
<td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td>
</tr>
<tr>
- <td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
+ <td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers")?></a></td>
</tr>
<? if($showdetails){ ?>
<tr>
- <td class="DataTD"><?=_("OTP Hash")?><br>
- (<?=_("Not displayed")?>)</td>
- <td class="DataTD"><input type="text" name="otphash"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("OTP PIN")?><br>
- (<?=_("Not displayed")?>)</td>
- <td class="DataTD"><input type="text" name="otppin"></td>
- </tr>
- <tr>
<td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td>
</tr>
<tr>
diff --git a/pages/account/15.php b/pages/account/15.php
index 6cd3115..405cb44 100644
--- a/pages/account/15.php
+++ b/pages/account/15.php
@@ -30,7 +30,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>
diff --git a/pages/account/19.php b/pages/account/19.php
index 1a80418..d7259f3 100644
--- a/pages/account/19.php
+++ b/pages/account/19.php
@@ -31,7 +31,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
if($row['keytype'] == "NS")
{
diff --git a/pages/account/23.php b/pages/account/23.php
index 4ec56c3..4255b47 100644
--- a/pages/account/23.php
+++ b/pages/account/23.php
@@ -30,7 +30,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>
diff --git a/pages/account/55.php b/pages/account/55.php
index 6793a71..24cc86d 100644
--- a/pages/account/55.php
+++ b/pages/account/55.php
@@ -1,113 +1,122 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
- $user_id = intval($_SESSION['profile']['id']);
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
- </tr>
-</table>
-<?
- } else {
- $user_id = intval($_REQUEST['userid']);
- $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
- } else {
- $row = mysql_fetch_assoc($res);
- }
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
- </tr>
-</table>
-
-<?
- }
-?>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Test")?></b></td>
- <td class="DataTD"><b><?=_("Variant")?></b></td>
- </tr>
-<?
- $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
- " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
- " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
- " ORDER BY `CP`.`pass_date`";
-
- $res = mysql_query($query);
-
- $HaveTest=0;
- while($row = mysql_fetch_array($res, MYSQL_NUM))
- {
- if ($row[1] == "Assurer Challenge") {
- $HaveTest=1;
- }
-?>
- <tr>
- <td class="DataTD"><?=sanitizeHTML($row[0])?></td>
- <td class="DataTD"><?=sanitizeHTML($row[1])?></td>
- <td class="DataTD"><?=sanitizeHTML($row[2])?></td>
- </tr>
-<? }
-?>
-</table>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
-<?
- if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
-?>
- <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
-<?
- } else {
- $query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
- ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() and and `n`.`deleted` = 0'.
- ' GROUP BY `u`.id, `u`.`assurer`';
- $res = mysql_query($query);
- if (!$res) {
- print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
- } else {
- $row = mysql_fetch_array($res, MYSQL_NUM);
- if ($HaveTest && ($row[2]>=100)) {
- if (!$row[1]) {
- // This should not happen...
- fix_assurer_flag($_SESSION['profile']['id']);
- }
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td>
-<? } elseif (($row[2]>=100) && !$HaveTest) {
-?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td>
-<? } elseif ($HaveTest && ($row[2]<100)) {
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td>
-<? }
- }
- }
-?> </tr>
-</table>
-
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
+ $user_id = intval($_SESSION['profile']['id']);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
+ </tr>
+</table>
+<?
+ } else {
+ $user_id = intval($_REQUEST['userid']);
+ $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
+ } else {
+ $row = mysql_fetch_assoc($res);
+ }
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
+ </tr>
+</table>
+
+<?
+ }
+?>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Test")?></b></td>
+ <td class="DataTD"><b><?=_("Variant")?></b></td>
+ </tr>
+<?
+ $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
+ " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
+ " ORDER BY `CP`.`pass_date`";
+
+ $res = mysql_query($query);
+
+ $HaveTest=0;
+ while($row = mysql_fetch_array($res, MYSQL_NUM))
+ {
+ if ($row[1] == "Assurer Challenge") {
+ $HaveTest=1;
+ }
+?>
+ <tr>
+ <td class="DataTD"><?=sanitizeHTML($row[0])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[1])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[2])?></td>
+ </tr>
+<? }
+?>
+</table>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+<?
+ if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
+?>
+ <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
+<?
+ } else {
+ $query = '
+ SELECT `u`.`id`,
+ `u`.`assurer`,
+ SUM(`points`)
+ FROM `users` AS `u`,
+ `notary` AS `n`
+ WHERE `u`.`id` = \''.intval($_SESSION['profile']['id']).'\'
+ AND `n`.`to` = `u`.`id`
+ AND `expire` < NOW()
+ AND `n`.`deleted` = 0
+ GROUP BY `u`.`id`, `u`.`assurer`
+ ';
+ $res = mysql_query($query);
+ if (!$res) {
+ print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
+ } else {
+ $row = mysql_fetch_array($res, MYSQL_NUM);
+ if ($HaveTest && ($row[2]>=100)) {
+ if (!$row[1]) {
+ // This should not happen...
+ fix_assurer_flag($_SESSION['profile']['id']);
+ }
+?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td>
+<? } elseif (($row[2]>=100) && !$HaveTest) {
+?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td>
+<? } elseif ($HaveTest && ($row[2]<100)) {
+?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td>
+<? }
+ }
+ }
+?> </tr>
+</table>
+
diff --git a/pages/account/56.php b/pages/account/56.php
index 348cc49..cabe8e0 100644
--- a/pages/account/56.php
+++ b/pages/account/56.php
@@ -1,41 +1,41 @@
-<? /*
-LibreSSL - CAcert web application
-Copyright (C) 2004-2008 CAcert Inc.
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; version 2 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?=_("List of Organisation Assurers:")?>
-
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="1" class="title"><?=_("Name")?></td>
- <td colspan="1" class="title"><?=_("Email")?></td>
- <td colspan="1" class="title"><?=_("Country")?></td>
- </tr>
- <?
- $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- {
- ?>
- <tr>
- <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td>
- <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td>
- <td><?=sanitizeHTML($row['name'])?></td>
- </tr>
- <?
- }
-?>
-</table>
-
+<? /*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2008 CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?=_("List of Organisation Assurers:")?>
+
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="1" class="title"><?=_("Name")?></td>
+ <td colspan="1" class="title"><?=_("Email")?></td>
+ <td colspan="1" class="title"><?=_("Country")?></td>
+ </tr>
+ <?
+ $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ ?>
+ <tr>
+ <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td>
+ <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td>
+ <td><?=sanitizeHTML($row['name'])?></td>
+ </tr>
+ <?
+ }
+?>
+</table>
+
diff --git a/pages/account/6.php b/pages/account/6.php
index 305fccb..de8d1a3 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -60,7 +60,7 @@ if (array_key_exists('format', $_REQUEST)) {
}
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname $outform`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname $outform");
header("Content-Type: application/pkix-cert");
header("Content-Length: ".strlen($cert));
@@ -82,7 +82,7 @@ if (array_key_exists('format', $_REQUEST)) {
} else {
// All other browsers
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname -outform DER`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform DER");
header("Content-Type: application/x-x509-user-cert");
header("Content-Length: ".strlen($cert));
@@ -111,7 +111,7 @@ if (array_key_exists('format', $_REQUEST)) {
// Allow to directly copy and paste the cert in PEM format
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname -outform PEM`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform PEM");
echo "<pre>$cert</pre>";
?>
diff --git a/pages/index/52.php b/pages/index/52.php
new file mode 100644
index 0000000..0926780
--- /dev/null
+++ b/pages/index/52.php
@@ -0,0 +1,33 @@
+<?/*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+?>
+
+<div style="text-align: center;">
+ <h1><?=_('CAcert Community Agreement Acceptance')?></h1>
+ <p><?=sprintf(_('To get access to your account your agreement to the %s CAcert Community Agreement %s (CCA) is required.'),'<a href="/policy/CAcertCommunityAgreement.php">', '</a>')?></p>
+ <p><?=_('Every member, who has agreed to the CCA, should be able to rely on the fact that every other user of CAcert has also agreed to the CCA and that the same rules apply to everybody. Moreover it is a basic requirement for the audit to be able to tell who has accepted our rules.')?></p>
+ <p><?=_('Originally the acceptance was not recorded. Up until now, we do not have your agreement on record. Once you have accepted the CCA (again) your agreement is recorded and you will not need to do this step again.')?></p>
+ <p><?=sprintf(_('If you do not wish to accept the CCA you should consider to ask for the closing of your account as you will not be able to access our system. In this case please send an email to support (%s).'),'<a href="mailto:support@cacert.org">support@cacert.org</a>')?></p>
+ <p><?=_('If you do not want to decide about the acceptance of the CCA now, you can come back at any time.')?></p>
+ <form method="post" action="index.php">
+ <input type="submit" name="agree" value="<?=_('I agree to the CCA')?>">
+ <input type="submit" name="disagree" value="<?=_('I do not want to accept the CCA')?>">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ </form>
+</div>
diff --git a/pages/wot/5.php b/pages/wot/5.php
index c1a6438..565dd6a 100644
--- a/pages/wot/5.php
+++ b/pages/wot/5.php
@@ -18,14 +18,24 @@
include_once("../includes/shutdown.php");
require_once("../includes/lib/l10n.php");
?>
-<?
- if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
+<?
+ if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
{
?><font color="orange" size="+1">
<? echo _("ERROR").": ".$_SESSION['_config']['error'] ?>
</font>
<?unset($_SESSION['_config']['error']);
- }
+ }
+
+ if (!isset($_SESSION['assuresomeone']['year'])) {
+ $_SESSION['assuresomeone']['year'] = 0;
+ }
+ if (!isset($_SESSION['assuresomeone']['month'])) {
+ $_SESSION['assuresomeone']['month'] = 0;
+ }
+ if (!isset($_SESSION['assuresomeone']['day'])) {
+ $_SESSION['assuresomeone']['day'] = 0;
+ }
?>
<? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>
<form method="post" action="wot.php">
@@ -60,6 +70,37 @@
<td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td>
<? } ?>
</tr>
+ <tr>
+ <td class="DataTD">
+ <?=_("Date of Birth")?><br/>
+ (<?=_("yyyy/mm/dd")?>)</td>
+ <td class="DataTD">
+ <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['year']) >= 1900 ? intval($_SESSION['assuresomeone']['year']):''?>" size="4" autocomplete="off"></nobr>
+ <select name="month">
+<?
+for($i = 1; $i <= 12; $i++)
+{
+ echo "<option value='$i'";
+ if(array_key_exists('month',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['month']) === $i)
+ echo " selected=\"selected\"";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
+}
+?>
+ </select>
+ <select name="day">
+<?
+for($i = 1; $i <= 31; $i++)
+{
+ echo "<option";
+ if(array_key_exists('day',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['day']) === $i)
+ echo " selected=\"selected\"";
+ echo ">$i</option>";
+}
+?>
+ </select>
+ </td>
+ </tr>
+
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
diff --git a/pages/wot/6.php b/pages/wot/6.php
index a565aa7..4094a18 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -24,6 +24,9 @@
}
$row = $_SESSION['_config']['notarise'];
+ $_SESSION['assuresomeone']['year'] = 0;
+ $_SESSION['assuresomeone']['month'] = 0;
+ $_SESSION['assuresomeone']['day'] = 0;
if($_SESSION['profile']['ttpadmin'] == 1)
// $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP");
@@ -47,10 +50,10 @@
'12' => _('December')
);
- $fname = $row['fname'];
- $mname = $row['mname'];
- $lname = $row['lname'];
- $suffix = $row['suffix'];
+ $fname = sanitizeHTML($row['fname']);
+ $mname = sanitizeHTML($row['mname']);
+ $lname = sanitizeHTML($row['lname']);
+ $suffix = sanitizeHTML($row['suffix']);
$dob = $row['dob'];
$dob_date = explode('-', $dob, 3);
@@ -74,8 +77,8 @@
AssureMethodLine(_("Method"),$methods,'');
AssureBoxLine("certify",sprintf(_("I certify that %s %s %s %s has appeared in person."), $fname, $mname, $lname, $suffix),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname, $suffix),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1);
- AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"","");
- AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD)."));
+ AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['location']):"","");
+ AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['date']):date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD)."));
AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
diff --git a/pages/wot/9.php b/pages/wot/9.php
index a8b9413..20f2c6d 100644
--- a/pages/wot/9.php
+++ b/pages/wot/9.php
@@ -26,7 +26,7 @@
} else {
$user = mysql_fetch_array($res);
- $userlang = $user['language'];
+ $userlang = L10n::normalise_translation($user['language']);
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0"));
if($points <= 0) {
@@ -61,7 +61,7 @@
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
- <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), sanitizeHTML($lang['lang']), sanitizeHTML($lang['country'])) ?></td>
+ <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), $lang['lang'], $lang['country']) ?></td>
</tr>
<? } ?>
<tr>