diff options
Diffstat (limited to 'pages')
35 files changed, 951 insertions, 463 deletions
diff --git a/pages/account/10.php b/pages/account/10.php index 8908400..17999a7 100644 --- a/pages/account/10.php +++ b/pages/account/10.php @@ -30,17 +30,66 @@ <p><?=_("If you are a valid organisation and would like the organisation name in the certificates you can apply for an organisation assurance. Contact us via support@cacert.org for more information.")?></p> <form method="post" action="account.php"> +<p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="80" size="80" /> +</p> +<p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br /> + <textarea id="CSR" name="CSR" cols="80" rows="15"></textarea> +</p> + +<fieldset> +<legend> + <input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" /> + <label for="expertbox"><?=_("Advanced Options")?></label> +</legend> +<div id="advanced_options"> + <? if($_SESSION['profile']['points'] >= 50) { ?> -<input type="radio" name="rootcert" value="1"/> <?=_("Sign by class 1 root certificate")?><br /> -<input type="radio" name="rootcert" value="2" checked/> <?=_("Sign by class 3 root certificate")?><br /> +<ul class="no_indent"> + <li> + <input type="radio" id="root1" name="rootcert" value="1" /> + <label for="root1"><?=_("Sign by class 1 root certificate")?></label> + </li> + <li> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> + <label for="root2"><?=_("Sign by class 3 root certificate")?></label> + </li> +</ul> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <? } ?> -<p><?=_("Optional comment, only used in the certificate overview")?><br> - <input type="text" name="description" maxlength="80" size=80/></p> -<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p> -<textarea name="CSR" cols="80" rows="15"></textarea><br /> -<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> - <?=_("Please Note: You need to accept the CCA to proceed.")?></p> + +<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p> +<ul class="no_indent"> +<? +foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { +?> + <li> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label> + </li> +<? +} +?> +</ul> + +</div> +</fieldset> + +<p><input type="checkbox" id="CCA" name="CCA" /> <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please note: You need to accept the CCA to proceed.")?></label></p> <input type="submit" name="process" value="<?=_("Submit")?>" /> <input type="hidden" name="oldid" value="<?=$id?>" /> </form> + + +<script language="javascript"> +function showExpert(a) +{ + var options=document.getElementById("advanced_options"); + options.style.display = (a) ? "" : "none"; + + var checkbox=document.getElementById("expertbox"); + checkbox.style.display = ""; +} +showExpert(false); +</script> diff --git a/pages/account/13.php b/pages/account/13.php index 080e277..767e721 100644 --- a/pages/account/13.php +++ b/pages/account/13.php @@ -14,8 +14,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? +*/ + $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0"; $res = mysql_query($query); $user = mysql_fetch_assoc($res); @@ -27,16 +27,23 @@ if($showdetails){ $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n"; - $body .= _("You receive this automatic mail since you yourself or someone ". + $ip = anonymizeIp($_SERVER['REMOTE_ADDR']); + if($ip === false) { + $ip = _("Error anonymising IP/network information"); + } + $body .= sprintf(_("You receive this automatic mail since you yourself or someone ". "else looked up your secret questions and answers for a forgotten ". "password.\n\n". + "Network: %s\nTime: %s\n\n". "If it was you who looked up or changed that data, or clicked ". "through the menu in your account, everything is in best order ". "and you can ignore this mail.\n\n". "But if you received this mail without a recognisable reason, ". "there is a danger that an unauthorised person accessed your ". "account, and you should promptly change your password and your ". - "secret questions and answers.")."\n\n"; + "secret questions and answers."), + $ip, + date("Y-m-d H:i:s T"))."\n\n"; $body .= _("Best regards")."\n"._("CAcert Support"); @@ -127,20 +134,10 @@ <td colspan="2" class="title"><a href="account.php?id=59&oldid=13&userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td> </tr> <tr> - <td colspan="2" class="title"><a href="account.php?id=13&showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers and OTP phrases")?></a></td> + <td colspan="2" class="title"><a href="account.php?id=13&showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers")?></a></td> </tr> <? if($showdetails){ ?> <tr> - <td class="DataTD"><?=_("OTP Hash")?><br> - (<?=_("Not displayed")?>)</td> - <td class="DataTD"><input type="text" name="otphash"></td> - </tr> - <tr> - <td class="DataTD"><?=_("OTP PIN")?><br> - (<?=_("Not displayed")?>)</td> - <td class="DataTD"><input type="text" name="otppin"></td> - </tr> - <tr> <td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td> </tr> <tr> diff --git a/pages/account/15.php b/pages/account/15.php index 6cd3115..405cb44 100644 --- a/pages/account/15.php +++ b/pages/account/15.php @@ -30,7 +30,7 @@ } $row = mysql_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname"); ?> <h3><?=_("Below is your Server Certificate")?></h3> <pre> diff --git a/pages/account/16.php b/pages/account/16.php index db8a8f5..829897f 100644 --- a/pages/account/16.php +++ b/pages/account/16.php @@ -25,47 +25,102 @@ <tr> <td class="DataTD"><?=_("Add")?></td> <td class="DataTD"><?=_("Address")?></td> -<? if(array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) - foreach($_SESSION['_config']['emails'] as $val) { ?> +<? +if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) { + $i = 1; + foreach($_SESSION['_config']['emails'] as $val) { +?> <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"/></td> + <td class="DataTD"><label for="email<?=$i?>"><?=_("Email")?></label></td> + <td class="DataTD"><input type="text" id="email<?=$i?>" name="emails[]" value="<?=$val?>"/></td> </tr> -<? } ?> +<? + $i++; + } +} ?> <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><input type="text" name="emails[]"/></td> + <td class="DataTD"><label for="email0"><?=_("Email")?></td> + <td class="DataTD"><input type="text" id="email0" name="emails[]"/></td> </tr> <tr> - <td class="DataTD"><?=_("Name")?>:</td> - <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td> + <td class="DataTD"><label for="name"><?=_("Name")?></label></td> + <td class="DataTD"><input type="text" id="name" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td> </tr> <tr> - <td class="DataTD"><?=_("Department")?>:</td> - <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?(sanitizeHTML($_SESSION['_config']['OU'])):''?>"/></td> + <td class="DataTD"><label for="OU"><?=_("Department")?></label></td> + <td class="DataTD"><input type="text" id="OU" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?(sanitizeHTML($_SESSION['_config']['OU'])):''?>"/></td> </tr> - <tr> + + <tr name="expertoff" style="display:none"> + <td class="DataTD"> + <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" /> + </td> + <td class="DataTD"> + <label for="expertbox"><?=_("Show advanced options")?></label> + </td> + </tr> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br /> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br /> + <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 60))?> + </td> + </tr> + + <tr name="expert"> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br /> - <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br /> - <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?> + <?=_("Hash algorithm used when signing the certificate:")?><br /> + <? + foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { + ?> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br /> + <? + } + ?> </td> </tr> + <? if($_SESSION['profile']['codesign'] && $_SESSION['profile']['points'] >= 100) { ?> - <tr> - <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <input type="checkbox" id="codesign" name="codesign" value="1" /> + <label for="codesign"><?=_("Code Signing")?></label> + </td> </tr> <? } ?> - <tr> - <td class="DataTD" colspan="2" align="left"> - <?=_("Optional comment, only used in the certificate overview")?><br /> - <input type="text" name="description" maxlength="80" size=80 /> - </td> + <tr> + <td class="DataTD" colspan="2" align="left"> + <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="80" size="80" /> + </td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>"> - <input type="submit" name="process" value="<?=_("Next")?>" /></td> + <td class="DataTD" colspan="2"> + <input type="submit" name="add_email" value="<?=_("Add Another Email Address")?>"> + <input type="submit" name="process" value="<?=_("Next")?>" /> + </td> </tr> </table> <input type="hidden" name="oldid" value="<?=$id?>"> </form> +<?=_("Please fill out the form, when all data is entered and you click \"Next\" you can add either a CSR (certificate signing request) or create a new key with your browser. Even in the case that a CSR is given the data from this form will be used for the certificate. Only the public key information of the CSR will be copied.")?> + +<script language="javascript"> +function showExpert(a) +{ + b=document.getElementsByName("expert"); + for(i=0;b.length>i;i++) + { + if(!a) {b[i].setAttribute("style","display:none"); } + else {b[i].removeAttribute("style");} + } + b=document.getElementsByName("expertoff"); + for(i=0;b.length>i;i++) + { + b[i].removeAttribute("style"); + } + +} +showExpert(false); +</script> diff --git a/pages/account/17.php b/pages/account/17.php index 8ac8b65..0d5c2c7 100644 --- a/pages/account/17.php +++ b/pages/account/17.php @@ -17,3 +17,12 @@ */ require_once($_SESSION['_config']['filepath'].'/includes/keygen.php'); + +?> + -- <?=_("or")?> -- + <form method="post" action="account.php"> + <input type="hidden" name="keytype" value="VI"> + <textarea rows="20" cols="40" name="CSR"></textarea> + <input type="submit" name="submit" value="<?=_("Submit CSR")?>"> + <input type="hidden" name="oldid" value="17"> + </form> diff --git a/pages/account/19.php b/pages/account/19.php index 6a2749c..d7259f3 100644 --- a/pages/account/19.php +++ b/pages/account/19.php @@ -31,7 +31,7 @@ } $row = mysql_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname"); if($row['keytype'] == "NS") { @@ -52,6 +52,10 @@ showfooter(); exit; } + } else if($row['keytype'] == "VI"){ + showheader(_("My CAcert.org Account!")); + echo "<pre>".$cert."</pre>"; + showfooter(); } else { showheader(_("My CAcert.org Account!")); ?> diff --git a/pages/account/20.php b/pages/account/20.php index ee16dd4..89bbc30 100644 --- a/pages/account/20.php +++ b/pages/account/20.php @@ -27,13 +27,60 @@ <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> <form method="post" action="account.php"> -<input type="radio" name="rootcert" value="1" /> <?=_("Sign by class 1 root certificate")?><br /> -<input type="radio" name="rootcert" value="2" checked /> <?=_("Sign by class 3 root certificate")?><br /> -<p> <?=_("Optional comment, only used in the certificate overview")?><br /> - <input type="text" name="description" maxlength="80" size=80 /></p> +<p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="80" size="80" /> +</p> +<p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br /> + <textarea id="CSR" name="CSR" cols="80" rows="15"></textarea> +</p> + +<fieldset> +<legend> + <input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" /> + <label for="expertbox"><?=_("Advanced Options")?></label> +</legend> +<div id="advanced_options"> +<ul class="no_indent"> + <li> + <input type="radio" id="root1" name="rootcert" value="1" /> + <label for="root1"><?=_("Sign by class 1 root certificate")?></label> + </li> + <li> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> + <label for="root2"><?=_("Sign by class 3 root certificate")?></label> + </li> +</ul> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> -<p><?=_("Paste your CSR below...")?></p> -<textarea name="CSR" cols="80" rows="15"></textarea><br /> + +<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p> +<ul class="no_indent"> +<? +foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { +?> + <li> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label> + </li> +<? +} +?> +</ul> + +</div> +</fieldset> + <input type="submit" name="process" value="<?=_("Submit")?>" /> <input type="hidden" name="oldid" value="<?=$id?>" /> -</form>
\ No newline at end of file +</form> + +<script language="javascript"> +function showExpert(a) +{ + var options=document.getElementById("advanced_options"); + options.style.display = (a) ? "" : "none"; + + var checkbox=document.getElementById("expertbox"); + checkbox.style.display = ""; +} +showExpert(false); +</script> diff --git a/pages/account/23.php b/pages/account/23.php index 4ec56c3..4255b47 100644 --- a/pages/account/23.php +++ b/pages/account/23.php @@ -30,7 +30,7 @@ } $row = mysql_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname"); ?> <h3><?=_("Below is your Server Certificate")?></h3> <pre> diff --git a/pages/account/24.php b/pages/account/24.php index 14a47c0..2ad526e 100644 --- a/pages/account/24.php +++ b/pages/account/24.php @@ -16,51 +16,25 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? - // Reset session variables regarding Org's, present empty form - if (array_key_exists('O',$_SESSION['_config'])) $_SESSION['_config']['O'] = ""; - if (array_key_exists('contact',$_SESSION['_config'])) $_SESSION['_config']['contact'] = ""; - if (array_key_exists('L',$_SESSION['_config'])) $_SESSION['_config']['L'] = ""; - if (array_key_exists('ST',$_SESSION['_config'])) $_SESSION['_config']['ST'] = ""; - if (array_key_exists('C',$_SESSION['_config'])) $_SESSION['_config']['C'] = ""; - if (array_key_exists('comments',$_SESSION['_config'])) $_SESSION['_config']['comments'] = ""; - +$orgname = ''; +$contactmail = ''; +$town = ''; +$state = ''; +$country = ''; +$comment = ''; + + // Reset session variables regarding Org's, present empty form +if (array_key_exists('O',$_SESSION['_config'])) $_SESSION['_config']['O'] = ""; +if (array_key_exists('contact',$_SESSION['_config'])) $_SESSION['_config']['contact'] = ""; +if (array_key_exists('L',$_SESSION['_config'])) $_SESSION['_config']['L'] = ""; +if (array_key_exists('ST',$_SESSION['_config'])) $_SESSION['_config']['ST'] = ""; +if (array_key_exists('C',$_SESSION['_config'])) $_SESSION['_config']['C'] = ""; +if (array_key_exists('comments',$_SESSION['_config'])) $_SESSION['_config']['comments'] = ""; + ?> <form method="post" action="account.php"> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="2" class="title"><?=_("New Organisation")?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Organisation Name")?>:</td> - <td class="DataTD"><input type="text" name="O" value="" maxlength="50" size="90"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Contact Email")?>:</td> - <td class="DataTD"><input type="text" name="contact" value="" size="90"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Town/Suburb")?>:</td> - <td class="DataTD"><input type="text" name="L" value="" size="90"></td> - </tr> - <tr> - <td class="DataTD"><?=_("State/Province")?>:</td> - <td class="DataTD"><input type="text" name="ST" value="" size="90"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Country")?>:</td> - <td class="DataTD"><input type="text" name="C" value="" size="5"> - <?php printf(_('(2 letter %s ISO code %s )'), - '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">', - '</a>')?> - </td> - </tr> - <tr> - <td class="DataTD"><?=_("Comments")?>:</td> - <td class="DataTD"><textarea name="comments" cols="60" rows="10"></textarea></td> - </tr> - <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> - </tr> -</table> +<? +org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, 0); +?> <input type="hidden" name="oldid" value="<?=$id?>"> </form> diff --git a/pages/account/27.php b/pages/account/27.php index a1086d4..d07a781 100644 --- a/pages/account/27.php +++ b/pages/account/27.php @@ -16,46 +16,20 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? - $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'")); + $orgid = intval($_REQUEST['orgid']); + $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='" . $orgid . "'")); + $orgname = $row['O']; + $contactmail = $row['contact']; + $town = $row['L']; + $state = $row['ST']; + $country = $row['C']; + $comment = $row['comments']; ?> <form method="post" action="account.php"> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="2" class="title"><?=_("Edit Organisation")?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Organisation Name")?>:</td> - <td class="DataTD"><input type="text" name="O" value="<?=$row['O']?>" size="90"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Contact Email")?>:</td> - <td class="DataTD"><input type="text" name="contact" value="<?=($row['contact'])?>" size="90"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Town/Suburb")?>:</td> - <td class="DataTD"><input type="text" name="L" value="<?=($row['L'])?>" size="90"></td> - </tr> - <tr> - <td class="DataTD"><?=_("State/Province")?>:</td> - <td class="DataTD"><input type="text" name="ST" value="<?=($row['ST'])?>" size="90"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Country")?>:</td> - <td class="DataTD"><input type="text" name="C" value="<?=($row['C'])?>" size="5"> - <?php printf(_('(2 letter %s ISO code %s )'), - '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">', - '</a>')?> - </td> - </tr> - <tr> - <td class="DataTD"><?=_("Comments")?>:</td> - <td class="DataTD"><textarea name="comments" cols=60 rows=10><?=($row['comments'])?></textarea></td> - </tr> - <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> - </tr> -</table> +<? + org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, 1); +?> <input type="hidden" name="oldid" value="<?=intval($id)?>"> -<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> +<input type="hidden" name="orgid" value="<?=$orgid?>"> <input type="hidden" name="csrf" value="<?=make_csrf('orgdetchange')?>" /> </form> diff --git a/pages/account/3.php b/pages/account/3.php index 7e34300..cd62ce0 100644 --- a/pages/account/3.php +++ b/pages/account/3.php @@ -34,6 +34,7 @@ <tr> <td class="DataTD"><?=_("Add")?></td> <td class="DataTD"><?=_("Address")?></td> + </tr> <? $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''"; @@ -41,8 +42,8 @@ while($row = mysql_fetch_assoc($res)) { ?> <tr> - <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td> - <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> + <td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id'])?>" name="addid[]" value="<?=intval($row['id'])?>"></td> + <td class="DataTD" align="left"><label for="addid<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></label></td> </tr> <? } if($_SESSION['profile']['points'] >= 50) @@ -52,81 +53,120 @@ if($_SESSION['profile']['points'] >= 50) $lname = $_SESSION['profile']['lname']; $suffix = $_SESSION['profile']['suffix']; ?> - <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br /> - <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br /> - <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?> - </td> - </tr> <tr> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="incname" value="0" checked /> <?=_("No Name")?><br /> - <? if($fname && $lname) { ?><input type="radio" name="incname" value="1" /> <?=_("Include")?> '<?=$fname." ".$lname?>'<br /><? } ?> - <? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br /><? } ?> - <? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3" /> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br /><? } ?> - <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br /><? } ?> + <input type="radio" id="incname0" name="incname" value="0" checked="checked" /> + <label for="incname0"><?=_("No Name")?></label><br /> + <? if($fname && $lname) { ?> + <input type="radio" id="incname1" name="incname" value="1" /> + <label for="incname1"><?=_("Include")?> '<?=$fname." ".$lname?>'</label><br /> + <? } ?> + <? if($fname && $mname && $lname) { ?> + <input type="radio" id="incname2" name="incname" value="2" /> + <label for="incname2"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'</label><br /> + <? } ?> + <? if($fname && $lname && $suffix) { ?> + <input type="radio" id="incname3" name="incname" value="3" /> + <label for="incname3"><?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'</label><br /> + <? } ?> + <? if($fname && $mname && $lname && $suffix) { ?> + <input type="radio" id="incname4" name="incname" value="4" /> + <label for="incname4"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'</label><br /> + <? } ?> </td> </tr> <? } ?> -<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> + <tr> <td class="DataTD"> - <input type="checkbox" name="codesign" value="1" /> + <input type="checkbox" id="login" name="login" value="1" checked="checked" /> </td> <td class="DataTD" align="left"> - <?=_("Code Signing")?><br /> - <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> + <label for="login"><?=_("Enable certificate login with this certificate")?><br /> + <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?></label> </td> </tr> -<? } ?> - <tr> + <td class="DataTD" colspan="2" align="left"> + <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="100" size="100" /> + </td> + </tr> + + <tr name="expertoff" style="display:none"> <td class="DataTD"> - <input type="checkbox" name="login" value="1" checked="checked" /> + <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" /> </td> - <td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br /> - <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/> + <td class="DataTD" align="left"> + <label for="expertbox"><?=_("Show advanced options")?></label> </td> </tr> - <tr> - <td class="DataTD" colspan="2" align="left"> - <?=_("Optional comment, only used in the certificate overview")?><br /> - <input type="text" name="description" maxlength="100" size="100" /> - </td> + +<? +if($_SESSION['profile']['points'] >= 50) +{ +?> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br /> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br /> + <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 125))?> + </td> </tr> +<? } ?> - <tr name="expertoff" style="display:none"> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <?=_("Hash algorithm used when signing the certificate:")?><br /> + <? + foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { + ?> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br /> + <? + } + ?> + </td> + </tr> + +<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> + <tr name="expert"> <td class="DataTD"> - <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)" /> + <input type="checkbox" id="codesign" name="codesign" value="1" /> </td> + <td class="DataTD" align="left"> + <label for="codesign"><?=_("Code Signing")?><br /> + <?=_("Please note: By ticking this box you will automatically have your name included in the certificate.")?></label> + </td> + </tr> +<? } ?> + + <tr name="expert"> <td class="DataTD"> - <?=_("Show advanced options")?> + <input type="checkbox" id="SSO" name="SSO" value="1" /> + </td> + <td class="DataTD" align="left"> + <label for="SSO"><?=_("Add Single Sign On ID Information")?><br /> + <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?> + <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a></label> </td> </tr> <tr name="expert"> - <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="SSO" value="0" checked /> <?=_("No Single Sign On ID")?><br /> - <input type="radio" name="SSO" value="1" /> <?=_("Add Single Sign On ID Information")?><br /> - <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?> - <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a> + <td class="DataTD" colspan="2"> + <label for="optionalCSR"><?=_("Optional Client CSR, no information on the certificate will be used")?></label><br /> + <textarea id="optionalCSR" name="optionalCSR" cols="80" rows="5"></textarea> </td> </tr> - <tr name="expert"> - <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td> - </tr> - <tr name="expert"> - <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td> - </tr> - <tr> + <tr> <td class="DataTD"> - <input type="checkbox" name="CCA" /> + <input type="checkbox" id="CCA" name="CCA" /> </td> <td class="DataTD" align="left"> - <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> - <?=_("Please Note: You need to accept the CCA to proceed.")?> + <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please note: You need to accept the CCA to proceed.")?></label> </td> </tr> <tr> @@ -154,4 +194,3 @@ function showExpert(a) } showExpert(false); </script> - diff --git a/pages/account/40.php b/pages/account/40.php index a809595..18fa5da 100644 --- a/pages/account/40.php +++ b/pages/account/40.php @@ -25,8 +25,7 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s <p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p> <p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="//wiki.cacert.org/HELP/"><?=_("Go here for more details.")?></a></p> <p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p> -<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p> -<p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p> +<p><?=_("You can use the form below to contact the support team directly. The mail is NOT send to the mailing list.")?></p> <form method="post" action="account.php" name="form1"> <input type="hidden" name="oldid" value="<?=$id?>"> <!-- <input type="hidden" name="support" value="yes"> --> @@ -35,23 +34,32 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s <label>If you're human leave this blank:</label> <input name="robotest" type="text" id="robotest" class="robotest" /> </p> -<table border="0"> - <tr><td width="100"><?=_("Your Name")?>:</td><td width="100"><input type="text" name="who"></td><td width="100"></td><td width="100"></td> - <tr><td width="100"><?=_("Your Email")?>:</td><td colspan="3"><input type="text" name="email"></td> - <tr><td width="100"><?=_("Subject")?>:</td><td colspan="3"><input type="text" name="subject"></td></tr> - <tr><td width="100" valign="top"><?=_("Message")?>:</td><td colspan="3"><textarea name="message" cols="70" rows="10"></textarea></td></tr> - + <table border="0"> + <tr> + <td width="100"><?=_("Your Name")?>:</td> + <td width="300"><input type="text" name="who"></td> + </tr> + <tr> + <td><?=_("Your Email")?>:</td> + <td><input type="text" name="email"></td> + </tr> + <tr> + <td><?=_("Subject")?>:</td> + <td><input type="text" name="subject"></td> + </tr> + <tr> + <td valign="top"><?=_("Message")?>:</td> + <td><textarea name="message" cols="70" rows="10"></textarea></td> + </tr> <tr> - <td colspan="2"><font color="#ff0000"><?=_("Warning: Please do not use \"send to mailing list\" when you entered confidential data. The request is being sent to a public mailinglist.")?></font></td> <td colspan="2"><?=_("For confidential data use \"send to support\".")?></td> </tr> <tr> - <td colspan="2"><input type="submit" name="process[0]" value="<?=_("Send to mailing list")?>"></td> <td colspan="2"><input type="submit" name="process[1]" value="<?=_("Send to support")?>"></td> </tr> </table> </form> - +<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p> <p><b>IRC</b></p> <p><a href="irc://irc.CAcert.org/CAcert">irc://irc.CAcert.org/CAcert</a></p> <p><b>Secure IRC</b></p> diff --git a/pages/account/41.php b/pages/account/41.php index d61d8db..f644025 100644 --- a/pages/account/41.php +++ b/pages/account/41.php @@ -57,7 +57,7 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'")); + $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'")); ?> <tr> <td class="DataTD"><?=_("Additional Language")?>:</td> diff --git a/pages/account/43.php b/pages/account/43.php index c889ce3..b876330 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -37,7 +37,7 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) { $_REQUEST['userid'] = 0; - $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email'])); + $emailsearch = $email = mysql_real_escape_string(stripslashes(trim($_REQUEST['email']))); //Disabled to speed up the queries //if(!strstr($email, "%")) @@ -136,8 +136,7 @@ if(intval($_REQUEST['userid']) > 0) { if ($res) { $trow = mysql_fetch_assoc($res); if ($trow) { - mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'"); - fix_assurer_flag($trow['to']); + revoke_assurance(intval($assurance),$trow['to']); } } } diff --git a/pages/account/53.php b/pages/account/53.php index cc9e2d6..1ec04b2 100644 --- a/pages/account/53.php +++ b/pages/account/53.php @@ -16,7 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? - $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):""; + $town = array_key_exists('town',$_REQUEST)?mysql_real_escape_string(stripslashes($_REQUEST['town'])):""; $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0; $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0; $start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0; diff --git a/pages/account/54.php b/pages/account/54.php index 753b4af..35dce33 100644 --- a/pages/account/54.php +++ b/pages/account/54.php @@ -19,7 +19,7 @@ $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0; $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0; $locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0; - $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):""; + $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string($_REQUEST['name']):""; if($ccid > 0 && $_REQUEST['action'] == "add") { ?> <form method="post" action="account.php"> diff --git a/pages/account/55.php b/pages/account/55.php index 6793a71..24cc86d 100644 --- a/pages/account/55.php +++ b/pages/account/55.php @@ -1,113 +1,122 @@ -<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
- $user_id = intval($_SESSION['profile']['id']);
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
- </tr>
-</table>
-<?
- } else {
- $user_id = intval($_REQUEST['userid']);
- $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
- } else {
- $row = mysql_fetch_assoc($res);
- }
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
- </tr>
-</table>
-
-<?
- }
-?>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Test")?></b></td>
- <td class="DataTD"><b><?=_("Variant")?></b></td>
- </tr>
-<?
- $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
- " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
- " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
- " ORDER BY `CP`.`pass_date`";
-
- $res = mysql_query($query);
-
- $HaveTest=0;
- while($row = mysql_fetch_array($res, MYSQL_NUM))
- {
- if ($row[1] == "Assurer Challenge") {
- $HaveTest=1;
- }
-?>
- <tr>
- <td class="DataTD"><?=sanitizeHTML($row[0])?></td>
- <td class="DataTD"><?=sanitizeHTML($row[1])?></td>
- <td class="DataTD"><?=sanitizeHTML($row[2])?></td>
- </tr>
-<? }
-?>
-</table>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
-<?
- if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
-?>
- <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=intval($user_id)?>">back</a></td></tr>
-<?
- } else {
- $query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
- ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() and and `n`.`deleted` = 0'. - ' GROUP BY `u`.id, `u`.`assurer`';
- $res = mysql_query($query);
- if (!$res) {
- print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
- } else {
- $row = mysql_fetch_array($res, MYSQL_NUM);
- if ($HaveTest && ($row[2]>=100)) {
- if (!$row[1]) {
- // This should not happen...
- fix_assurer_flag($_SESSION['profile']['id']);
- }
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td>
-<? } elseif (($row[2]>=100) && !$HaveTest) {
-?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td>
-<? } elseif ($HaveTest && ($row[2]<100)) {
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td>
-<? }
- }
- }
-?> </tr>
-</table>
-
+<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) { + $user_id = intval($_SESSION['profile']['id']); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Your passed Tests")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td> + </tr> +</table> +<? + } else { + $user_id = intval($_REQUEST['userid']); + $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); + } else { + $row = mysql_fetch_assoc($res); + } +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td> + </tr> +</table> + +<? + } +?> +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Test")?></b></td> + <td class="DataTD"><b><?=_("Variant")?></b></td> + </tr> +<? + $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ". + " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ". + " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'". + " ORDER BY `CP`.`pass_date`"; + + $res = mysql_query($query); + + $HaveTest=0; + while($row = mysql_fetch_array($res, MYSQL_NUM)) + { + if ($row[1] == "Assurer Challenge") { + $HaveTest=1; + } +?> + <tr> + <td class="DataTD"><?=sanitizeHTML($row[0])?></td> + <td class="DataTD"><?=sanitizeHTML($row[1])?></td> + <td class="DataTD"><?=sanitizeHTML($row[2])?></td> + </tr> +<? } +?> +</table> +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> +<? + if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) { +?> + <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=intval($user_id)?>">back</a></td></tr> +<? + } else { + $query = ' + SELECT `u`.`id`, + `u`.`assurer`, + SUM(`points`) + FROM `users` AS `u`, + `notary` AS `n` + WHERE `u`.`id` = \''.intval($_SESSION['profile']['id']).'\' + AND `n`.`to` = `u`.`id` + AND `expire` < NOW() + AND `n`.`deleted` = 0 + GROUP BY `u`.`id`, `u`.`assurer` + '; + $res = mysql_query($query); + if (!$res) { + print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n"; + } else { + $row = mysql_fetch_array($res, MYSQL_NUM); + if ($HaveTest && ($row[2]>=100)) { + if (!$row[1]) { + // This should not happen... + fix_assurer_flag($_SESSION['profile']['id']); + } +?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td> +<? } elseif (($row[2]>=100) && !$HaveTest) { +?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td> +<? } elseif ($HaveTest && ($row[2]<100)) { +?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td> +<? } + } + } +?> </tr> +</table> + diff --git a/pages/account/56.php b/pages/account/56.php index 348cc49..cabe8e0 100644 --- a/pages/account/56.php +++ b/pages/account/56.php @@ -1,41 +1,41 @@ -<? /*
-LibreSSL - CAcert web application
-Copyright (C) 2004-2008 CAcert Inc.
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; version 2 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?=_("List of Organisation Assurers:")?>
-
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="1" class="title"><?=_("Name")?></td>
- <td colspan="1" class="title"><?=_("Email")?></td>
- <td colspan="1" class="title"><?=_("Country")?></td>
- </tr>
- <?
- $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- {
- ?>
- <tr>
- <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td>
- <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td>
- <td><?=sanitizeHTML($row['name'])?></td>
- </tr>
- <?
- }
-?>
-</table>
-
+<? /* +LibreSSL - CAcert web application +Copyright (C) 2004-2008 CAcert Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<?=_("List of Organisation Assurers:")?> + +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="1" class="title"><?=_("Name")?></td> + <td colspan="1" class="title"><?=_("Email")?></td> + <td colspan="1" class="title"><?=_("Country")?></td> + </tr> + <? + $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + ?> + <tr> + <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td> + <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td> + <td><?=sanitizeHTML($row['name'])?></td> + </tr> + <? + } +?> +</table> + diff --git a/pages/account/6.php b/pages/account/6.php index 305fccb..fc21d39 100644 --- a/pages/account/6.php +++ b/pages/account/6.php @@ -60,7 +60,7 @@ if (array_key_exists('format', $_REQUEST)) { } $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname $outform`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname $outform"); header("Content-Type: application/pkix-cert"); header("Content-Length: ".strlen($cert)); @@ -82,7 +82,7 @@ if (array_key_exists('format', $_REQUEST)) { } else { // All other browsers $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname -outform DER`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform DER"); header("Content-Type: application/x-x509-user-cert"); header("Content-Length: ".strlen($cert)); @@ -111,10 +111,10 @@ if (array_key_exists('format', $_REQUEST)) { // Allow to directly copy and paste the cert in PEM format $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname -outform PEM`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform PEM"); echo "<pre>$cert</pre>"; +?> - ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="2" class="title"><?=_("Information about the certificate")?></td> diff --git a/pages/index/0.php b/pages/index/0.php index c5301d3..de5cb7c 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -19,11 +19,11 @@ <p><?=_("CAcert.org is a community-driven Certificate Authority that issues certificates to the public at large for free.")?></p> -<p><?=_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer Protocol (SSL or TLS) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.")?></p> +<p><?=_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer protocol (SSL or TLS) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.")?></p> <p><?=sprintf(_("If you want to have free certificates issued to you, %s join the CAcert Community %s."),'<a href="https://www.cacert.org/index.php?id=1">', '</a>')?></p> -<p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Root Distribution License %s."),'<a href="/policy/RootDistributionLicense.php">',"</a>")?> +<p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Root Distribution License %s."),'<a href="/policy/RootDistributionLicense.html">',"</a>")?> <?=sprintf(_("This license applies to using the CAcert %s root keys %s."),'<a href="/index.php?id=3">','</a>')?></p> @@ -87,7 +87,7 @@ <p><?=sprintf(_("Have you passed the CAcert %s Assurer Challenge %s yet?"),'<a href="http://wiki.cacert.org/wiki/AssurerChallenge">','</a>')?></p> -<p><?=sprintf(_("Have you read the CAcert %sCommunity Agreement%s yet?"),'<a href="/policy/CAcertCommunityAgreement.php">','</a>')?></p> +<p><?=sprintf(_("Have you read the CAcert %sCommunity Agreement%s yet?"),'<a href="/policy/CAcertCommunityAgreement.html">','</a>')?></p> <p><?=sprintf(_("For general documentation and help, please visit the CAcert %sWiki Documentation site %s."),'<a href="http://wiki.CAcert.org">','</a>')?> <?=sprintf(_("For specific policies, see the CAcert %sApproved Policies page%s."),'<a href="/policy/">',"</a>")?></p> diff --git a/pages/index/1.php b/pages/index/1.php index 3315d69..05e59df 100644 --- a/pages/index/1.php +++ b/pages/index/1.php @@ -35,32 +35,32 @@ <tr> <td class="DataTD" width="125"><?=_("First Name")?>: </td> - <td class="DataTD" width="125"><input type="text" name="fname" size="30" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td> - <td rowspan="4" class="DataTD" width="125"><? printf(_("Help on Names %sin the wiki%s"),'<a href="//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm" target="_blank">','</a>')?></td> + <td class="DataTD" width="125"><input type="text" name="fname" size="30" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" tabindex="1" autocomplete="off"></td> + <td rowspan="4" class="DataTD" width="125"><? printf(_("Help on Names %sin the wiki%s"),'<a tabindex="1" href="//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm" target="_blank">','</a>')?></td> </tr> <tr> <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> (<?=_("optional")?>) </td> - <td class="DataTD"><input type="text" name="mname" size="30" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td> + <td class="DataTD"><input type="text" name="mname" size="30" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" tabindex="3" autocomplete="off"></td> </tr> <tr> <td class="DataTD"><?=_("Last Name")?>: </td> - <td class="DataTD"><input type="text" name="lname" size="30" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td> + <td class="DataTD"><input type="text" name="lname" size="30" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" tabindex="4" autocomplete="off"></td> </tr> <tr> <td class="DataTD"><?=_("Suffix")?><br> (<?=_("optional")?>)</td> - <td class="DataTD"><input type="text" name="suffix" size="30" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td> + <td class="DataTD"><input type="text" name="suffix" size="30" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" tabindex="5" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td> </tr> <tr> <td class="DataTD"><?=_("Date of Birth")?><br> (<?=_("dd/mm/yyyy")?>)</td> - <td class="DataTD"><nobr><select name="day"> + <td class="DataTD"><nobr><select name="day" tabindex="6"> <? for($i = 1; $i <= 31; $i++) { @@ -71,7 +71,7 @@ } ?> </select> - <select name="month"> + <select name="month" tabindex="7"> <? for($i = 1; $i <= 12; $i++) { @@ -82,25 +82,25 @@ } ?> </select> - <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['signup']) ? sanitizeHTML($_SESSION['signup']['year']):""?>" size="4" autocomplete="off"></nobr> + <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['signup']) ? sanitizeHTML($_SESSION['signup']['year']):""?>" size="4" tabindex="8" autocomplete="off"></nobr> </td> <td class="DataTD"> </td> </tr> <tr> <td class="DataTD"><?=_("Email Address")?>: </td> - <td class="DataTD"><input type="text" name="email" size="30" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"></td> + <td class="DataTD"><input type="text" name="email" size="30" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" tabindex="9" autocomplete="off"></td> <td class="DataTD"><?=_("I own or am authorised to control this email address")?></td> </tr> <tr> <td class="DataTD"><?=_("Pass Phrase")?><font color="red">*</font>: </td> - <td class="DataTD"><input type="password" name="pword1" size="30" autocomplete="off"></td> + <td class="DataTD"><input type="password" name="pword1" size="30" tabindex="10" autocomplete="off"></td> <td class="DataTD" rowspan="2"> </td> </tr> <tr> <td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td> - <td class="DataTD"><input type="password" name="pword2" size="30" autocomplete="off"></td> + <td class="DataTD"><input type="password" name="pword2" size="30" tabindex="11" autocomplete="off"></td> </tr> <tr> @@ -119,32 +119,32 @@ <tr> <td class="DataTD">1)</td> - <td class="DataTD"><input type="text" name="Q1" size="30" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td> - <td class="DataTD"><input type="text" name="A1" size="30" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td> + <td class="DataTD"><input type="text" name="Q1" size="30" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>" tabindex="12"></td> + <td class="DataTD"><input type="text" name="A1" size="30" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" tabindex="13" autocomplete="off"></td> </tr> <tr> <td class="DataTD">2)</td> - <td class="DataTD"><input type="text" name="Q2" size="30" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td> - <td class="DataTD"><input type="text" name="A2" size="30" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td> + <td class="DataTD"><input type="text" name="Q2" size="30" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>" tabindex="14"></td> + <td class="DataTD"><input type="text" name="A2" size="30" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" tabindex="15" autocomplete="off"></td> </tr> <tr> <td class="DataTD">3)</td> - <td class="DataTD"><input type="text" name="Q3" size="30" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td> - <td class="DataTD"><input type="text" name="A3" size="30"value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td> + <td class="DataTD"><input type="text" name="Q3" size="30" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>" tabindex="16"></td> + <td class="DataTD"><input type="text" name="A3" size="30"value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" tabindex="17" autocomplete="off"></td> </tr> <tr> <td class="DataTD">4)</td> - <td class="DataTD"><input type="text" name="Q4" size="30"" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td> - <td class="DataTD"><input type="text" name="A4" size="30" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td> + <td class="DataTD"><input type="text" name="Q4" size="30"" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>" tabindex="18"></td> + <td class="DataTD"><input type="text" name="A4" size="30" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" tabindex="19" autcomplete="off"></td> </tr> <tr> <td class="DataTD">5)</td> - <td class="DataTD"><input type="text" name="Q5" size="30" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td> - <td class="DataTD"><input type="text" name="A5" size="30" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td> + <td class="DataTD"><input type="text" name="Q5" size="30" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>" tabindex="20"></td> + <td class="DataTD"><input type="text" name="A5" size="30" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" tabindex="21" autocomplete="off"></td> </tr> <tr> @@ -154,10 +154,10 @@ <tr> <td class="DataTD" valign="top"><?=_("Alert me if")?>: </td> <td class="DataTD" align="left"> - <input type="checkbox" name="general" value="1" <?=array_key_exists('general',$_SESSION['signup'])? ($_SESSION['signup']['general'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("General Announcements")?><br> - <input type="checkbox" name="country" value="1" <?=array_key_exists('country',$_SESSION['signup'])? ($_SESSION['signup']['country'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Country Announcements")?><br> - <input type="checkbox" name="regional" value="1" <?=array_key_exists('regional',$_SESSION['signup'])? ($_SESSION['signup']['regional'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Regional Announcements")?><br> - <input type="checkbox" name="radius" value="1" <?=array_key_exists('radius',$_SESSION['signup'])? ($_SESSION['signup']['radius'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Within 200km Announcements")?></td> + <input type="checkbox" name="general" value="1" tabindex="22" <?=array_key_exists('general',$_SESSION['signup'])? ($_SESSION['signup']['general'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("General Announcements")?><br> + <input type="checkbox" name="country" value="1" tabindex="23" <?=array_key_exists('country',$_SESSION['signup'])? ($_SESSION['signup']['country'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Country Announcements")?><br> + <input type="checkbox" name="regional" value="1" tabindex="24" <?=array_key_exists('regional',$_SESSION['signup'])? ($_SESSION['signup']['regional'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Regional Announcements")?><br> + <input type="checkbox" name="radius" value="1" tabindex="25" <?=array_key_exists('radius',$_SESSION['signup'])? ($_SESSION['signup']['radius'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Within 200km Announcements")?></td> <td class="DataTD"> </td> </tr> @@ -165,11 +165,15 @@ <td class="DataTD" colspan="3"><?=_("When you click on next, we will send a confirmation email to the email address you have entered above.")?></td> </tr> <tr> - <td class="DataTD" colspan="3"><input type="checkbox" name="cca_agree" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> ><?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.php">http://www.cacert.org/policy/CAcertCommunityAgreement.php</a></td> + <td class="DataTD" colspan="3"> + <input type="checkbox" name="cca_agree" tabindex="26" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> > + <br/> + <?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.html" tabindex="28" >http://www.cacert.org/policy/CAcertCommunityAgreement.php</a> + </td> </tr> <tr> - <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=_("Next")?>"></td> + <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=_("Next")?>" tabindex="27"></td> </tr> </table> diff --git a/pages/index/10.php b/pages/index/10.php index 7280e09..7dd8200 100644 --- a/pages/index/10.php +++ b/pages/index/10.php @@ -17,5 +17,5 @@ */ header('HTTP/1.0 301 Moved Permanently'); - header('Location: http://www.cacert.org/policy/CertificationPracticeStatement.php'); + header('Location: http://www.cacert.org/policy/CertificationPracticeStatement.html'); exit(); diff --git a/pages/index/11.php b/pages/index/11.php index d1ef4df..86d86ee 100644 --- a/pages/index/11.php +++ b/pages/index/11.php @@ -25,33 +25,41 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s <p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p> <p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="//wiki.cacert.org/HELP/"><?=_("Go here for more details.")?></a></p> <p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p> -<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p> -<p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p> +<p><?=_("You can use the form below to contact the support team directly. The mail is NOT send to the mailing list.")?></p> <form method="post" action="index.php" name="form1"> <input type="hidden" name="oldid" value="<?=$id?>"> -<!-- <input type="hidden" name="support" value="yes"> --> +<!-- <input type="hidden" name="support" value="yes"> --> <input type="hidden" name="secrethash2" value=""> <p class="robotic" id="pot"> <label>If you're human leave this blank:</label> <input name="robotest" type="text" id="robotest" class="robotest" /> </p> <table border="0"> - <tr><td width="100"><?=_("Your Name")?>:</td><td width="100"><input type="text" name="who"></td><td width="100"></td><td width="100"></td> - <tr><td width="100"><?=_("Your Email")?>:</td><td colspan="3"><input type="text" name="email"></td> - <tr><td width="100"><?=_("Subject")?>:</td><td colspan="3"><input type="text" name="subject"></td></tr> - <tr><td width="100" valign="top"><?=_("Message")?>:</td><td colspan="3"><textarea name="message" cols="70" rows="10"></textarea></td></tr> - <tr> - <td colspan="2"><font color="#ff0000"><?=_("Warning: Please do not use \"send to mailing list\" when you entered confidential data. The request is being sent to a public mailinglist.")?></font></td> + <td width="100"><?=_("Your Name")?>:</td> + <td width="300"><input type="text" name="who"></td> + </tr> + <tr> + <td><?=_("Your Email")?>:</td> + <td><input type="text" name="email"></td> + </tr> + <tr> + <td><?=_("Subject")?>:</td> + <td><input type="text" name="subject"></td> + </tr> + <tr> + <td valign="top"><?=_("Message")?>:</td> + <td><textarea name="message" cols="70" rows="10"></textarea></td> + </tr> + <tr> <td colspan="2"><?=_("For confidential data use \"send to support\".")?></td> </tr> <tr> - <td colspan="2"><input type="submit" name="process[0]" value="<?=_("Send to mailing list")?>"></td> <td colspan="2"><input type="submit" name="process[1]" value="<?=_("Send to support")?>"></td> </tr> </table> </form> - +<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p> <p><b>IRC</b></p> <p><a href="irc://irc.CAcert.org/CAcert">irc://irc.CAcert.org/CAcert</a></p> <p><b>Secure IRC</b></p> diff --git a/pages/index/16.php b/pages/index/16.php index c2cb391..ba3b4ed 100644 --- a/pages/index/16.php +++ b/pages/index/16.php @@ -16,7 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.php'>","</a>")?></p> +<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.html'>","</a>")?></p> <p> Class 1 <?=_("PKI Key")?><br> diff --git a/pages/index/3.php b/pages/index/3.php index a107c29..7c52447 100644 --- a/pages/index/3.php +++ b/pages/index/3.php @@ -16,7 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.php'>","</a>")?></p> +<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.html'>","</a>")?></p> <h3><?=_("Windows Installer") ?></h3> <ul class="no_indent"> @@ -29,6 +29,7 @@ <ul class="no_indent"> <li><a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a></li> <li><a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a></li> + <li><a href="certs/root.cer"><?=_("Root Certificate (CER Format base64 encoded)")?></a></li> <li><a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a></li> <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a></li> <li><?=_("SHA1 Fingerprint:")?> 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33</li> @@ -39,6 +40,7 @@ <ul class="no_indent"> <li><a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li> <li><a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a></li> + <li><a href="certs/class3.der"><?=_("Intermediate Certificate (CER Format base64 encoded)")?></a></li> <li><a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li> <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a></li> <?php /* diff --git a/pages/index/52.php b/pages/index/52.php new file mode 100644 index 0000000..0926780 --- /dev/null +++ b/pages/index/52.php @@ -0,0 +1,33 @@ +<?/* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +?> + +<div style="text-align: center;"> + <h1><?=_('CAcert Community Agreement Acceptance')?></h1> + <p><?=sprintf(_('To get access to your account your agreement to the %s CAcert Community Agreement %s (CCA) is required.'),'<a href="/policy/CAcertCommunityAgreement.php">', '</a>')?></p> + <p><?=_('Every member, who has agreed to the CCA, should be able to rely on the fact that every other user of CAcert has also agreed to the CCA and that the same rules apply to everybody. Moreover it is a basic requirement for the audit to be able to tell who has accepted our rules.')?></p> + <p><?=_('Originally the acceptance was not recorded. Up until now, we do not have your agreement on record. Once you have accepted the CCA (again) your agreement is recorded and you will not need to do this step again.')?></p> + <p><?=sprintf(_('If you do not wish to accept the CCA you should consider to ask for the closing of your account as you will not be able to access our system. In this case please send an email to support (%s).'),'<a href="mailto:support@cacert.org">support@cacert.org</a>')?></p> + <p><?=_('If you do not want to decide about the acceptance of the CCA now, you can come back at any time.')?></p> + <form method="post" action="index.php"> + <input type="submit" name="agree" value="<?=_('I agree to the CCA')?>"> + <input type="submit" name="disagree" value="<?=_('I do not want to accept the CCA')?>"> + <input type="hidden" name="oldid" value="<?=$id?>"> + </form> +</div> diff --git a/pages/index/feed.rss b/pages/index/feed.rss new file mode 100644 index 0000000..def221f --- /dev/null +++ b/pages/index/feed.rss @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?><!-- generator="WordPress/2.5.1" --> +<rss version="0.92"> + <channel> + <title>CAcert NEWS Blog</title> + <link>http://blog.cacert.org</link> + <description>CAcert NEWS and up coming events.</description> + <lastBuildDate>Fri, 20 Aug 2010 11:54:30 +0000</lastBuildDate> + <docs>http://backend.userland.com/rss092</docs> + <language>en</language> + + <item> + <title>Looking for confirmation email on creating account?</title> + <description>Please go to https://ca-mgr1.it-sls.de/login login with your just created account and password. Under MAIL you'll find your individual confirmation email. + </description> + <link>https://ca-mgr1.it-sls.de/testsystemdoc.html</link> + </item> + <item> + <title>You are interested in helping Testing ?</title> + <description>Create your test account on the Testserver. Beware of the confirmation email (see above) Entry page for Testers: https://wiki.cacert.org/Software/CurrentTest. Please contact Ulrich becoming a Testteam member.</description> + <link>https://wiki.cacert.org/Software/CurrentTest</link> + </item> + <item> + <title>Dear Testers</title> + <description>We had one work with no activity on the testserver caused by inactivity by the Software-Assessment team, caused by router problems at the hosting site of the testserver. Probably latter has been fixed. + + The reported bugs can be categorized into + 1. Testserver-Mgmt-System related + 2. Production Server recovery process to Testserver + 3. general software errors + + Group 1+2 are essential for our current test phase, as they covers the problems in building the base testserver environment that is needed for testing. + + So language and country selection support is an essential feature we've worked on the last week. + + One problem couldn't be solved till today: secondary language selection all other country and language related bugs should be fixed in the meantime. + + Also the Show my Points details now has the correct script (after some confusion in the Software-Assessment team and one developer), comparable to the script on the production website. + + On the main entry page for testers https://wiki.cacert.org/Software/CurrentTest the updates on the bugs are marked with (i) so here comes the 2nd test round ... + + Please report your found bugs and also success reports to the listed bug numbers + + Thanks for your assistance .... ;)</description> + <link>https://cacert1.it-sls.de/</link> + </item> + </channel> +</rss> diff --git a/pages/wot/12.php b/pages/wot/12.php index a0bbf50..e6b20ca 100644 --- a/pages/wot/12.php +++ b/pages/wot/12.php @@ -65,9 +65,9 @@ document.f.location.focus(); { $bits = explode(",", $_REQUEST['location']); - $loc = trim(mysql_escape_string($bits['0'])); - $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1'])); - $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2'])); + $loc = trim(mysql_real_escape_string($bits['0'])); + $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_real_escape_string($bits['1'])); + $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_real_escape_string($bits['2'])); $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where `locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and diff --git a/pages/wot/13.php b/pages/wot/13.php index eac7e18..1143769 100644 --- a/pages/wot/13.php +++ b/pages/wot/13.php @@ -21,9 +21,9 @@ if(array_key_exists('location',$_REQUEST) && $_REQUEST['location'] != "") { { $bits = explode(",", $_REQUEST['location']); - $loc = trim(mysql_escape_string($bits['0'])); - $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1'])); - $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2'])); + $loc = trim(mysql_real_escape_string($bits['0'])); + $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_real_escape_string($bits['1'])); + $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_real_escape_string($bits['2'])); $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where `locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id` diff --git a/pages/wot/16.php b/pages/wot/16.php new file mode 100644 index 0000000..069b7a2 --- /dev/null +++ b/pages/wot/16.php @@ -0,0 +1,143 @@ +<?php +/*LibreSSL - CAcert web application +Copyright (C) 2004-2008 CAcert Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +//******************* TTP Console ************ + +if ($_SESSION['profile']['ttpadmin'] < 1) { + echo _("You are not allowed to view this page."); + exit; +} + +//Check for test or productive environment, in case of test the user data for the print out is extended by 'test system' +$testserver=''; +if ($_SESSION['_config']['normalhostname']=='cacert1.it-sls.de') { + $testserver=' test system'; +} + +$row = $_SESSION['_config']['notarise']; +$fname = $row['fname']; +$mname = $row['mname']; +$lname = $row['lname']; +$suffix = $row['suffix']; +$fullname = $fname." ".$mname." ".$lname." ".$suffix; +$email = $row['email']; +$dob = date_format(new DateTime($row['dob']), 'Y-m-d'); +$userid = $row['id']; + +//List TTP Assurances and TotalPoints +//changed get_received_assurances ($userid, $support) + +//include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); +include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); + +output_received_assurances(intval($userid),2); //support==2 => TTP + + +$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($userid)."'"; +$dres = mysql_query($query); +$drow = mysql_fetch_assoc($dres); + +$points=$drow['points']; +if ($points<1) { + $points=0; +} + +$res = get_received_assurances(intval($userid), 2); +$ttp_assurances_count=$num_rows = mysql_num_rows($res); + +//Form +?> +<table align="center" class="wrapper"> + <tr> + <td class="title"><?=sprintf(_('Total assurance points for %s'),$fullname)?></td> + </tr> + <tr> + <td><?=sprintf(_('%s points'), $points)?></td> + </tr> +</table> +<br/> +<form action="https://pdf.cacert.eu/cacertpdf.php" method="get" accept-charset="UTF-8"> + <table align="center" class="wrapper"> + <tr> + <td colspan="2" class="title"><?= _('TTP CAP form creation')?></td> + </tr> + <tr> + <td colspan="2" class="title"><?= _('User information')?></td> + </tr> + <tr> + <td><?=_('Fullname')?><input type="hidden" name="fullname" value="<?=$fullname.$testserver?>"/></td> + <td><?=$fullname?></td> + </tr> + <tr> + <td><?=_('Date of Birth')?><input type="hidden" name="dob" value="<?=$dob.$testserver?>"/></td> + <td><?=$dob?></td> + </tr> + <tr> + <td><?=_('Email')?><input type="hidden" name="email" value="<?=$email.$testserver?>"/></td> + <td><?=$email?></td> + </tr> + <tr></tr> + <tr> + <td><?=_('Country where the TTP will be visited')?></td> + <td> + <? + $ttpcountries=get_array_from_ini('../config/ttp.ini'); + echo create_selectbox_HTML('type',$ttpcountries, '',TRUE); + ?> + </td> + </tr> + <tr> + <td colspan="2" class="title"><?=_('TTP Admin postal address, including name, street, country etc.')?></td> + </tr> + <tr> + <td><?=_('Line').' 1'?></td> + <td><input type="text" name="adress" /></td> + </tr> + <tr> + <td><?=_('Line').' 2'?></td> + <td><input type="text" name="adress1" /></td> + </tr> + <tr> + <td><?=_('Line').' 3'?></td> + <td><input type="text" name="adress2" /></td> + </tr> + <tr> + <td><?=_('Line').' 4'?></td> + <td><input type="text" name="adress3" /></td> + </tr> + <tr> + <td><?=_('Line').' 5'?></td> + <td><input type="text" name="adress4" /></td> + </tr> + <tr> + <td colspan="2" class="title"> + <? + if ($points>=100 || $ttp_assurances_count>=2) { + echo _('No TTP assurance allowed'); + }else{ + ?><input type="submit" value="<?=_('Create TTP CAP pdf file')?>"/><? + }?> + </td> + </tr> + </table> + <input type="hidden" name="lang" value="en"/> +</form> + +<div class="blockcenter"> + <a href="wot.php?id=6&userid=<?=$userid ?>"><?=_("Back")?></a> +</div> diff --git a/pages/wot/3.php b/pages/wot/3.php index 0864ffd..cb3a008 100644 --- a/pages/wot/3.php +++ b/pages/wot/3.php @@ -17,31 +17,68 @@ */ ?> <h3><?=_("CAcert Web of Trust Rules")?></h3> -<p><?=_("It is essential that CAcert Assurers understand and follow the rules below to ensure that applicants for assurance are suitably identified, which, in turn, maintains trust in the system.")?></p> +<p><?=_("CAcert Assurers should understand and follow the rules.")?></p> +<p><?=_("The assurance process consists of two parts")?></p> +<ol> + <li><?=_("a face to face meeting between the assurer and the assuree")?></li> + <li><?=_("the assurer validating that data while entering it to the CAcert system")?></li> +</ol> +<h4><?=_("Face to face meeting")?></h4> +<ul> + <li><?=_("Assurer and assuree have to meet in person")?></li> + <li><?=_("A CAcert Assurance Programme (CAP) form has to be filled and signed by the assuree. It must contain the following information:")?> + <ul> + <li><?=_("All names of the assuree that appear in the account")?></li> + <li><?=_("Date of birth of the assuree")?></li> + <li><?=_("Primary email address of the assuree")?></li> + <li><?=sprintf(_("The acceptance of the %sCAcert Community Agreement%s (CCA) by the assuree"), "<a href=\"/policy/CAcertCommunityAgreement.html\">", "</a>")?></li> + <li><?=_("The agreement to enter an assurance by the assuree")?></li> + <li><?=_("The signature of the assuree")?></li> + <li><?=_("The date of the signature")?></li> + </ul></li> + <li><?=("At least one government issued photo identification document (ID-Card, drivers license, passport, ...) of the assuree has to be checked by the assurer. We prefer and advise to check two such documents, if possible.")?></li> +</ul> +<ul> + <li><?=_("The assurer has to compare the data of the document with the data entered in the CAP-form. Missing data needs to be added. The signatures on the documents and CAP-form should be compared. The photo should match the person. If there is any doubt in those points, the assurer should consider to either reduce the points (for minor issues) or decide to refuse to finish the assurance at all.")?></li> + <li><?=_("It is recommended that the assurer also notes if the assuree has an account and to repeat entries that may be hard to read in the assurers hand.")?></li> + <li><?=_("The assurer is asked to verify, if the assuree understands the crucial points of the CAcert Community Agreement and the assurance process.")?></li> + <li><?=_("If there are major issues the assurer (or the assuree) should consider to file a dispute, by sending a mail to support@cacert.org.")?></li> + <li><?=_("If the assurer is convinced that the assurance was ok, the assurer has to approve this by adding the following data to the CAP-form.")?> + <ul> + <li><?=_("Name of the assurer")?></li> + <li><?=_("Date of the assurance")?></li> + <li><?=_("Place of the assurance")?></li> + <li><?=_("Record over the type of documents used during the assurance (no numbers may be noted)")?></li> + <li><?=_("Points issued by the assurer")?></li> + <li><?=sprintf(_("That the assurance was done under the %sAssurance Policy%s (AP)"), "<a href=\"/policy/AssurancePolicy.html\">", "</a>")?></li> + <li><?=_("The signature of the assurer")?></li> + </ul> + </li> +</ul> +<h4><?=_("Validating and entering the data to the CAcert system")?></h4> +<p><?=_("After the meeting the assurer has to log into the CAcert webpage and follow the \"Assure Someone\" link.")?></p> +<ul> + <li><?=_("The primary email address and the date of birth from the assuree, as written on the CAP-form have to be entered by the assurer.")?></li> + <li><?=_("Only if they were entered correctly the assurer gets access to the assurance page with the remaining data of the assuree.")?></li> + <li><?=_("This page shows the names, date of birth and primary email address of the assuree.")?></li> + <li><?=_("It has to be compared to the data written on the CAP-form by the assurer.")?></li> + <li><?=sprintf(_("If the data matches completely, the assurer may enter the assurance. (The acceptable discrepancies for the names can be found in the %sAssurance Handbook%s (AH))"), "<a href=\"//wiki.cacert.org/AssuranceHandbook2\">", "</a>")?></li> + <li><?=_("The assurer has to enter the assurance points.")?></li> + <li><?=_("The assurer has to acknowledge the face-to-face meeting with the assuree, that the data on the pages matches the assuree, and that the CCA is accepted by the assurer. +")?></li> +</ul> +<h4><?=_("Privacy")?></h4> +<p><?=_("The assurer is responsible to maintain the confidentiality and privacy of the assuree.")?></p> +<p><?=_("In particular the CAP-forms have to be stored safely for at least 7 years and not to be shown to anybody but")?></p> +<ul> + <li><?=_("the assuree")?></li> + <li><?=_("the Arbitrator of a valid arbitration case who requests to see it with a good reason based on the case")?></li> + <li><?=_("another person named by such an Arbitrator.")?></li> +</ul> +<p><?=_("Exceptions may be made only with the explicit consent of the assuree.")?></p> -<p><?=_("Contact")?><br> -<br> -* <?=_("You must meet the applicant in person;")?><br> -* <?=_("You must sight at least one form of government issued photo identification. It's preferable if 2 forms of Government issued photo ID are presented, as less points may be issued if there is any doubt on the person by the person issuing points;")?><br> -* <?=_("Complete the assurance form if the applicant has not already done so. Ensure that all information matches.")?><br> -</p> +<h4><?=_("Fees")?></h4> +<p><?=_("The assurer may charge a fee for the expenses however not for the assurance itself, but only if the assuree has been advised of the amount prior to the meeting.")?></p> -<p><?=_("Processing")?><br> -<?=_("After the meeting, visit the CAcert Web site's make an Assurance page and:")?><br> -<br> -* <?=_("Enter the applicant's email address;")?><br> -* <?=_("Compare the online information to the information recorded on the paper form;")?><br> -* <?=_("If, and only if, the two match completely - you may award trust points up to the maximum points you are able to allocate;")?><br> -</p> - -<p><?=_("Privacy")?><br> -<?=_("It is imperative that you maintain the confidentiality and privacy of the applicant, and never disclose the information obtained without the applicant's consent.")?></p> - -<p><?=_("Fees")?><br> -<?=_("You may charge a fee for your expenses if the applicant has been advised of the amount prior to the meeting.")?></p> - -<p><?=_("Liability")?><br> -<?=_("A CAcert Assurer who knowingly, or reasonably ought to have known, assures an applicant contrary to this policy may be held liable.")?></p> - -<p><?=_("Assurance Points")?><br> -<?=_("CAcert may, from time to time, alter the amount of Assurance Points that a class of assurer may assign as is necessary to effect a policy or rule change. We may also alter the amount of Assurance Points available to an individual, or new class of assurer, should another policy of CAcert require this.")?></p> +<h4><?=_("Liability")?></h4> +<p><?=_("An assurer who assures someone contrary to this process, as it is defined in the Assurance Policy (AP) may be held liable up to 1000 EUR per case.")?></p> diff --git a/pages/wot/4.php b/pages/wot/4.php index 628e6a5..954bc76 100644 --- a/pages/wot/4.php +++ b/pages/wot/4.php @@ -43,12 +43,13 @@ if ($_SESSION['profile']['points']<100){ <form method="post" action="wot.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td class="DataTD"><?=_("Country where you want to visit the TTP")?></td> - <td class="DataTD"><select size="1" name="country"> - <option>Australia</option> - <option>Puerto Rico</option> - <option>USA</option> - </select></td> + <td class="DataTD"><?=_('Country where you want to visit the TTP')?></td> + <td class="DataTD"> + <? + $ttpcountries=get_array_from_ini('../config/ttp.ini'); + echo create_selectbox_HTML('country',$ttpcountries, _('Choose country')); + ?> + </td> </tr> <tr> <td class="DataTD"><?=_("I want to take part in the TTP Topup programme")?></td> @@ -72,7 +73,7 @@ if ($_SESSION['profile']['points']<100){ </form> */ ?> - <p><?=_("We are working to develop the TTP TOPUP process to be able to fill the gap of the missing 30 assurance points to 100 assurance points. Meanwhile you have to close this gap with face to face assurances from CAcert Assurers. Think not only travelling to populated countries, but as well to assurers visiting your country or area.")?></p> + <p><?=_("We are working to develop the TTP TOPUP process to be able to fill the gap of the missing 30 assurance points to 100 assurance points. Meanwhile you have to close this gap with face to face assurances from CAcert Assurers. Think not only travelling to populated countries, but as well to assurers visiting your country or area.")?></p> <? } } else { diff --git a/pages/wot/5.php b/pages/wot/5.php index c1a6438..565dd6a 100644 --- a/pages/wot/5.php +++ b/pages/wot/5.php @@ -18,14 +18,24 @@ include_once("../includes/shutdown.php"); require_once("../includes/lib/l10n.php"); ?> -<? - if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") +<? + if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><font color="orange" size="+1"> <? echo _("ERROR").": ".$_SESSION['_config']['error'] ?> </font> <?unset($_SESSION['_config']['error']); - } + } + + if (!isset($_SESSION['assuresomeone']['year'])) { + $_SESSION['assuresomeone']['year'] = 0; + } + if (!isset($_SESSION['assuresomeone']['month'])) { + $_SESSION['assuresomeone']['month'] = 0; + } + if (!isset($_SESSION['assuresomeone']['day'])) { + $_SESSION['assuresomeone']['day'] = 0; + } ?> <? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?> <form method="post" action="wot.php"> @@ -60,6 +70,37 @@ <td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td> <? } ?> </tr> + <tr> + <td class="DataTD"> + <?=_("Date of Birth")?><br/> + (<?=_("yyyy/mm/dd")?>)</td> + <td class="DataTD"> + <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['year']) >= 1900 ? intval($_SESSION['assuresomeone']['year']):''?>" size="4" autocomplete="off"></nobr> + <select name="month"> +<? +for($i = 1; $i <= 12; $i++) +{ + echo "<option value='$i'"; + if(array_key_exists('month',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['month']) === $i) + echo " selected=\"selected\""; + echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n"; +} +?> + </select> + <select name="day"> +<? +for($i = 1; $i <= 31; $i++) +{ + echo "<option"; + if(array_key_exists('day',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['day']) === $i) + echo " selected=\"selected\""; + echo ">$i</option>"; +} +?> + </select> + </td> + </tr> + <tr> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> </tr> diff --git a/pages/wot/6.php b/pages/wot/6.php index a565aa7..edecc20 100644 --- a/pages/wot/6.php +++ b/pages/wot/6.php @@ -17,20 +17,23 @@ */ ?> <? - if(!array_key_exists('notarise',$_SESSION['_config'])) +if(!array_key_exists('notarise',$_SESSION['_config'])) { - echo "Error: No user data found."; - exit; + echo "Error: No user data found."; + exit; } $row = $_SESSION['_config']['notarise']; + $_SESSION['assuresomeone']['year'] = 0; + $_SESSION['assuresomeone']['month'] = 0; + $_SESSION['assuresomeone']['day'] = 0; - if($_SESSION['profile']['ttpadmin'] == 1) -// $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP"); -// else - $methods = array("Face to Face Meeting", "Trusted 3rd Parties"); + if($_SESSION['profile']['ttpadmin'] == 2) + $methods = array('Face to Face Meeting', 'TTP-Assisted', 'TTP-TOPUP'); + elseif($_SESSION['profile']['ttpadmin'] == 1) + $methods = array('Face to Face Meeting', 'TTP-Assisted'); else - $methods = array("Face to Face Meeting"); + $methods = array('Face to Face Meeting'); $mnames = array( '01' => _('January'), @@ -47,10 +50,10 @@ '12' => _('December') ); - $fname = $row['fname']; - $mname = $row['mname']; - $lname = $row['lname']; - $suffix = $row['suffix']; + $fname = sanitizeHTML($row['fname']); + $mname = sanitizeHTML($row['mname']); + $lname = sanitizeHTML($row['lname']); + $suffix = sanitizeHTML($row['suffix']); $dob = $row['dob']; $dob_date = explode('-', $dob, 3); @@ -74,12 +77,17 @@ AssureMethodLine(_("Method"),$methods,''); AssureBoxLine("certify",sprintf(_("I certify that %s %s %s %s has appeared in person."), $fname, $mname, $lname, $suffix),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname, $suffix),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1); - AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"",""); - AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); + AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['location']):"",""); + AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['date']):date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); AssureTextLine("",_("Only tick the next box if the Assurance was face to face.")); AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); - AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); + AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.html\" target=\"_blank\">"._("CAcert Community Agreement")."</a> - <a href=\"/policy/AssurancePolicy.html\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")"); AssureFoot($id,_("I confirm this Assurance")); + + if($_SESSION['profile']['ttpadmin'] >= 1) { + ?><div class='blockcenter'><a href="wot.php?id=16"><?=_('Show TTP details')?></a></div><? + } + ?> diff --git a/pages/wot/9.php b/pages/wot/9.php index a8b9413..20f2c6d 100644 --- a/pages/wot/9.php +++ b/pages/wot/9.php @@ -26,7 +26,7 @@ } else { $user = mysql_fetch_array($res); - $userlang = $user['language']; + $userlang = L10n::normalise_translation($user['language']); $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0")); if($points <= 0) { @@ -61,7 +61,7 @@ ?> <tr> <td class="DataTD"><?=_("Additional Language")?>:</td> - <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), sanitizeHTML($lang['lang']), sanitizeHTML($lang['country'])) ?></td> + <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), $lang['lang'], $lang['country']) ?></td> </tr> <? } ?> <tr> |