diff options
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/account/10.php | 2 | ||||
| -rw-r--r-- | pages/account/12.php | 9 | ||||
| -rw-r--r-- | pages/account/16.php | 6 | ||||
| -rw-r--r-- | pages/account/17.php | 122 | ||||
| -rw-r--r-- | pages/account/18.php | 9 | ||||
| -rw-r--r-- | pages/account/20.php | 4 | ||||
| -rw-r--r-- | pages/account/22.php | 9 | ||||
| -rw-r--r-- | pages/account/3.php | 30 | ||||
| -rw-r--r-- | pages/account/4.php | 175 | ||||
| -rw-r--r-- | pages/account/40.php | 9 | ||||
| -rw-r--r-- | pages/account/43.php | 63 | ||||
| -rw-r--r-- | pages/account/49.php | 12 | ||||
| -rw-r--r-- | pages/account/5.php | 29 | ||||
| -rw-r--r-- | pages/account/51.php | 34 | ||||
| -rw-r--r-- | pages/account/52.php | 102 | ||||
| -rw-r--r-- | pages/account/6.php | 128 | ||||
| -rw-r--r-- | pages/account/60.php | 142 | ||||
| -rw-r--r-- | pages/gpg/0.php | 2 | ||||
| -rw-r--r-- | pages/gpg/2.php | 6 | ||||
| -rw-r--r-- | pages/index/0.php | 42 | ||||
| -rw-r--r-- | pages/index/11.php | 11 | ||||
| -rw-r--r-- | pages/index/13.php | 5 | ||||
| -rw-r--r-- | pages/index/21.php | 1 | ||||
| -rw-r--r-- | pages/index/feed.rss | 69 | ||||
| -rw-r--r-- | pages/wot/1.php | 2 | ||||
| -rw-r--r-- | pages/wot/12.php | 4 | ||||
| -rw-r--r-- | pages/wot/15.php | 2 | ||||
| -rw-r--r-- | pages/wot/6.php | 6 |
28 files changed, 454 insertions, 581 deletions
diff --git a/pages/account/10.php b/pages/account/10.php index 704a05c..f5527ab 100644 --- a/pages/account/10.php +++ b/pages/account/10.php @@ -34,6 +34,8 @@ <input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <? } ?> +<p> <?=_("Optional comment, only used in the certifictate overview")?><br> + <input type="text" name="description" maxlength="80" size=80></p> <p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p> <textarea name="CSR" cols="80" rows="15"></textarea><br> <input type="submit" name="process" value="<?=_("Submit")?>"> diff --git a/pages/account/12.php b/pages/account/12.php index 44926ca..35ae6c2 100644 --- a/pages/account/12.php +++ b/pages/account/12.php @@ -25,7 +25,8 @@ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> - <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("Comment")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> </tr> @@ -34,7 +35,8 @@ UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`, `domaincerts`.`expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id` + UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`, + `domaincerts`.`description` from `domaincerts`,`domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` "; if($viewall != 1) @@ -75,7 +77,8 @@ <? } ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=15&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['description']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> diff --git a/pages/account/16.php b/pages/account/16.php index 514ecfd..338878d 100644 --- a/pages/account/16.php +++ b/pages/account/16.php @@ -56,6 +56,12 @@ <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td> </tr> <? } ?> + <tr> + <td class="DataTD" colspan="2" align="left"> + <?=_("Optional comment, only used in the certifictate overview")?><br> + <input type="text" name="description" maxlength="80" size=80> + </td> + </tr> <tr> <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>"> <input type="submit" name="process" value="<?=_("Next")?>"></td> diff --git a/pages/account/17.php b/pages/account/17.php index 2ba5390..8ac8b65 100644 --- a/pages/account/17.php +++ b/pages/account/17.php @@ -14,124 +14,6 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> -<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec"> -<?=_("You must enable ActiveX for this to work.")?> -</object> -<form method="post" action="account.php" name="CertReqForm"><p> -<input type="hidden" name="session" value="UsedXenroll"> -<?=_("Key Strength:")?> <select name="CspProvider"></select> -<input type="hidden" name="oldid" value="<?=$id?>"> -<INPUT TYPE=HIDDEN NAME="CSR"> -<input type="hidden" name="keytype" value="MS"> -<?=_("'Enhanced Provider' is generally the best option, which has a key size of 1024bit. If you need a bigger key size you will need to use a different browser.")?> -<input type="submit" name="GenReq" value="Create Certificate"><br> -</p></form> -<script type="text/vbscript" language="vbscript"> -<!-- -Function GetProviderList() - Dim CspList, cspIndex, ProviderName - On Error Resume Next +*/ - count = 0 - base = 0 - enhanced = 0 - CspList = "" - ProviderName = "" - - For ProvType = 0 to 13 - cspIndex = 0 - cec.ProviderType = ProvType - ProviderName = cec.enumProviders(cspIndex,0) - - while ProviderName <> "" - Set oOption = document.createElement("OPTION") - oOption.text = ProviderName - oOption.value = ProvType - Document.CertReqForm.CspProvider.add(oOption) - if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then - base = count - end if - if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - enhanced = count - end if - cspIndex = cspIndex +1 - ProviderName = "" - ProviderName = cec.enumProviders(cspIndex,0) - count = count + 1 - wend - Next - Document.CertReqForm.CspProvider.selectedIndex = base - if enhanced then - Document.CertReqForm.CspProvider.selectedIndex = enhanced - end if -End Function - -Function CSR(keyflags) - CSR = "" - szName = "" - cec.HashAlgorithm = "MD5" - err.clear - On Error Resume Next - set options = document.all.CspProvider.options - index = options.selectedIndex - cec.providerName = options(index).text - tmpProviderType = options(index).value - cec.providerType = tmpProviderType - cec.KeySpec = 2 - if tmpProviderType < 2 Then - cec.KeySpec = 1 - end if - cec.GenKeyFlags = &h04000001 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = &h04000000 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then - cec.providerName = "Microsoft Base Cryptographic Provider v1.0" - else - Exit Function - end if - end if - cec.GenKeyFlags = 1 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = 0 - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") -End Function - -Sub GenReq_OnClick - Dim TheForm - Set TheForm = Document.CertReqForm - err.clear - result = CSR(2) - if len(result)=0 Then - result = MsgBox("Unable to generate PKCS#10.", 0, "Alert") - Exit Sub - end if - TheForm.CSR.Value = result - TheForm.Submit - Exit Sub -End Sub - -GetProviderList() ---> -</script> -<? } else { ?> -<p> -<form method="post" action="account.php"> -<input type="hidden" name="keytype" value="NS"> -<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>"> - - -<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> -</form> -</p> -<? } ?> +require_once($_SESSION['_config']['filepath'].'/includes/keygen.php'); diff --git a/pages/account/18.php b/pages/account/18.php index 13dcc30..45e3be9 100644 --- a/pages/account/18.php +++ b/pages/account/18.php @@ -25,7 +25,8 @@ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> - <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("Comment")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> @@ -35,7 +36,8 @@ UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`, `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`, UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`, - `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id` + `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`, + `oemail`.`description` from `orgemailcerts` as `oemail`, `org` where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`oemail`.`orgid` "; @@ -80,7 +82,8 @@ <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> <? } ?> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['description']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> diff --git a/pages/account/20.php b/pages/account/20.php index 510b708..5e91e77 100644 --- a/pages/account/20.php +++ b/pages/account/20.php @@ -29,9 +29,11 @@ <form method="post" action="account.php"> <input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br> <input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br> +<p> <?=_("Optional comment, only used in the certifictate overview")?><br> + <input type="text" name="description" maxlength="80" size=80></p> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <p><?=_("Paste your CSR below...")?></p> -<textarea name="CSR" cols="80" rows="15"></textarea><br> +<textarea name="CSR" cols="80" rows="15"></textarea><br> <input type="submit" name="process" value="<?=_("Submit")?>"> <input type="hidden" name="oldid" value="<?=$id?>"> </form> diff --git a/pages/account/22.php b/pages/account/22.php index 9df8200..ac7a645 100644 --- a/pages/account/22.php +++ b/pages/account/22.php @@ -25,7 +25,8 @@ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> - <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("Comment")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> @@ -36,7 +37,8 @@ `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`, UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`serial`, - `orgdomaincerts`.`id` as `id` + `orgdomaincerts`.`id` as `id`, + `orgdomaincerts`.`description` from `orgdomaincerts`,`org` where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` "; if($viewall != 1) @@ -77,7 +79,8 @@ <? } ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['description']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> </tr> diff --git a/pages/account/3.php b/pages/account/3.php index 5590488..2726952 100644 --- a/pages/account/3.php +++ b/pages/account/3.php @@ -52,29 +52,28 @@ if($_SESSION['profile']['points'] >= 50) $lname = $_SESSION['profile']['lname']; $suffix = $_SESSION['profile']['suffix']; ?> - <tr> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br> - <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br> - <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?> + <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br> + <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br> + <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?> </td> </tr> <tr> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br> -<? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?> -<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?> -<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?> -<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?> + <input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br> + <? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?> + <? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?> + <? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?> + <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?> </td> </tr> <? } ?> <? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> <tr> <td class="DataTD" align="left"> - <input type="checkbox" name="codesign" value="1"> <?=_("Code Signing")?></td> + <input type="checkbox" name="codesign" value="1"> <?=_("Code Signing")?></td> <td class="DataTD" align="left"> - <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> + <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> </td> </tr> <? } ?> @@ -85,7 +84,12 @@ if($_SESSION['profile']['points'] >= 50) <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/> </td> </tr> - + <tr> + <td class="DataTD" colspan="2" align="left"> + <?=_("Optional comment, only used in the certifictate overview")?><br> + <input type="text" name="description" maxlength="100" size=100> + </td> + </tr> <tr name="expertoff" style="display:none"> <td class="DataTD" colspan="2" align="left"> @@ -101,6 +105,8 @@ if($_SESSION['profile']['points'] >= 50) <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a> </td> </tr> + + <tr name="expert"> <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td> </tr> diff --git a/pages/account/4.php b/pages/account/4.php index a4d6597..8ac8b65 100644 --- a/pages/account/4.php +++ b/pages/account/4.php @@ -14,177 +14,6 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> -<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec"> -<?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?><?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?> -</object> -<form method="post" action="account.php" name="CertReqForm"><p> -<input type="hidden" name="session" value="UsedXenroll"> -<?=_("Key Strength:")?> <select name="CspProvider"></select> -<input type="hidden" name="oldid" value="<?=$id?>"> -<INPUT TYPE=HIDDEN NAME="CSR"> -<input type="hidden" name="keytype" value="MS"> -<input type="submit" name="GenReq" value="Create Certificate"><br> -</p></form> -<script type="text/vbscript" language="vbscript"> -<!-- -Function GetProviderList() - Dim CspList, cspIndex, ProviderName - On Error Resume Next +*/ - count = 0 - base = 0 - enhanced = 0 - CspList = "" - ProviderName = "" - - // Vista: - Set csps = CreateObject("X509Enrollment.CCspInformations") - If IsObject(csps) Then - csps.AddAvailableCsps() - Document.CertReqForm.keytype.value="VI" - For j = 0 to csps.Count-1 - Set oOption = document.createElement("OPTION") - oOption.text = csps.ItemByIndex(j).Name - oOption.value = j - Document.CertReqForm.CspProvider.add(oOption) - Next - - Else - - // 2000,XP: - - For ProvType = 0 to 13 - cspIndex = 0 - cec.ProviderType = ProvType - ProviderName = cec.enumProviders(cspIndex,0) - - while ProviderName <> "" - Set oOption = document.createElement("OPTION") - oOption.text = ProviderName - oOption.value = ProvType - Document.CertReqForm.CspProvider.add(oOption) - if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then - base = count - end if - if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - enhanced = count - end if - cspIndex = cspIndex +1 - ProviderName = "" - ProviderName = cec.enumProviders(cspIndex,0) - count = count + 1 - wend - Next - Document.CertReqForm.CspProvider.selectedIndex = base - if enhanced then - Document.CertReqForm.CspProvider.selectedIndex = enhanced - end if - End If -End Function - -Function CSR(keyflags) - CSR = "" - szName = "" - - - // Vista - if Document.CertReqForm.keytype.value="VI" Then - - Dim g_objClassFactory - Dim obj - Dim objPrivateKey - Dim g_objRequest - Dim g_objRequestCMC - - Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") - Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") - Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") - Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") - //Msgbox exit function - objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text - // "Microsoft Enhanced RSA and AES Cryptographic Provider" - objPrivateKey.ProviderType = "24" - objPrivateKey.KeySpec = "1" - objPrivateKey.ExportPolicy = 1 - objRequest.InitializeFromPrivateKey 1, objPrivateKey, "" - Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") - objDN.Encode("CN=CAcertRequest") - objRequest.Subject = objDN - - // obj.Initialize(1) - obj.InitializeFromRequest(objRequest) - obj.CertificateDescription="Description" - obj.CertificateFriendlyName="FriendlyName" - CSR=obj.CreateRequest(1) - If len(CSR)<>0 Then Exit Function - Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>" - - else - // XP - - cec.HashAlgorithm = "MD5" - err.clear - On Error Resume Next - set options = document.all.CspProvider.options - index = options.selectedIndex - cec.providerName = options(index).text - tmpProviderType = options(index).value - cec.providerType = tmpProviderType - cec.KeySpec = 2 - if tmpProviderType < 2 Then - cec.KeySpec = 1 - end if - cec.GenKeyFlags = &h04000001 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = &h04000000 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then - cec.providerName = "Microsoft Base Cryptographic Provider v1.0" - else - Exit Function - end if - end if - cec.GenKeyFlags = 1 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = 0 - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - End if -End Function - -Sub GenReq_OnClick - Dim TheForm - Set TheForm = Document.CertReqForm - err.clear - result = CSR(2) - if len(result)=0 Then - result = MsgBox("Unable to generate PKCS#10.", 0, "Alert") - Exit Sub - end if - TheForm.CSR.Value = result - TheForm.Submit - Exit Sub -End Sub - -GetProviderList() ---> -</script> -<? } else { ?> -<p> -<form method="post" action="account.php"> -<input type="hidden" name="keytype" value="NS"> -<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>"> - -<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> -</form> -</p> -<? } ?> +require_once($_SESSION['_config']['filepath'].'/includes/keygen.php'); diff --git a/pages/account/40.php b/pages/account/40.php index b1a7fdb..4877d79 100644 --- a/pages/account/40.php +++ b/pages/account/40.php @@ -65,21 +65,14 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s </form> <p><b><?=_("Security Issues")?></b></p> -<p><? sprintf(_("Please use any of the following ways to report security ". +<p><?=sprintf(_("Please use any of the following ways to report security ". "issues: You can use the above contact form for sensitive information. ". "You can email us to %s. You can file a bugreport on %s and mark it as ". "private."), "<a href='mailto:support@cacert.org'>support@cacert.org</a>", "<a href='https://bugs.cacert.org/'>bugs.cacert.org</a>")?></p> -<p><b><?=_("Snail Mail")?></b></p> -<p><?=_("Alternatively you can get in contact with us via the following methods:")?></p> -<p><?=_("Postal Address:")?><br> -CAcert Inc.<br> -P.O. Box 4107<br> -Denistone East NSW 2112<br> -Australia</p> <script type="text/javascript"> <!-- diff --git a/pages/account/43.php b/pages/account/43.php index 7bf6d04..c482cab 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -331,7 +331,66 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <? } ?> </table> <br> -<? } ?> +<? } + +// +// Display account creation/activity information +// +$showactivity = isset($_REQUEST['showactivity']); +$activity_url = "/account.php?id=43&userid=$row[id]"; +if (!$showactivity) { + $activity_url .= "&showactivity"; +} + +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"> + <a href="<?= $activity_url ?>"><?=_("Account Activity")?></a> + </td> + </tr> + +<?php +if ($showactivity) { + $query = "select `created`, `modified` from `users` + where `id` = '".intval($row['id'])."' "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $created = $drow['created']; + + $modified = getdate(strtotime($drow['modified'])); + $now = getdate(); + // only a rough approximation + $days = ($now['year'] - $modified['year']) * 360; + $days += ($now['mon'] - $modified['mon']) * 30; + $days += $now['mday'] - $modified['mday']; + ?> + <tr> + <td class="DataTD"><?=_("Account created")?>:</td> + <td class="DataTD"><? echo $created ?></td> + </tr> + + <tr> + <td class="DataTD"><?=_("Last activity")?>:</td> + <td class="DataTD"><? + if ($days >= 2 * 360) { + echo _("before 2 years"); + } elseif ($days >= 360) { + echo _("before 1 year"); + } elseif ($days >= 6 * 30) { + echo _("within last 12 months"); + } elseif ($days >= 30) { + echo _("within last 6 months"); + } else { + echo _("within the last month"); + } ?></td> + </tr> <?php +} ?> + +</table> +<br> + + <? // Begin - Debug infos ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> @@ -485,6 +544,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); // End - Debug infos ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="6" class="title"><?=_("Certificates")?></td> @@ -783,6 +843,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); </table> <br> + <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) <br /> diff --git a/pages/account/49.php b/pages/account/49.php index a5345e6..0218fa0 100644 --- a/pages/account/49.php +++ b/pages/account/49.php @@ -58,7 +58,11 @@ $row = mysql_fetch_assoc($res); $_GET['userid'] = intval($row['id']); } else { - printf(_("No personal domains found matching %s"), sanitizeHTML($domain)); + ?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?printf(_("No personal domains found matching %s"), sanitizeHTML($domain));?></td> + </tr> + </table><br><br><? } $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100"; @@ -90,7 +94,11 @@ $row = mysql_fetch_assoc($res); $_GET['userid'] = intval($row['id']); } else { - printf(_("No organisational domains found matching %s"), sanitizeHTML($domain)); + ?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?printf(_("No organisational domains found matching %s"), sanitizeHTML($domain));?></td> + </tr> + </table><br><br><? } } diff --git a/pages/account/5.php b/pages/account/5.php index 5c131ba..52266ec 100644 --- a/pages/account/5.php +++ b/pages/account/5.php @@ -19,17 +19,17 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="9" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("Email Address")?></td> - <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Login")?></td> - + <td colspan="2" class="DataTD"><?=_("Comment *")?></td> <? $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, @@ -40,8 +40,9 @@ `emailcerts`.`id`, `emailcerts`.`CN`, `emailcerts`.`serial`, - emailcerts.disablelogin as `disablelogin` - from `emailcerts` + emailcerts.disablelogin as `disablelogin`, + `emailcerts`.`description` + from `emailcerts` where `emailcerts`.`memid`='".$_SESSION['profile']['id']."' "; if($viewall != 1) @@ -56,7 +57,7 @@ { ?> <tr> - <td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td> + <td colspan="9" class="DataTD"><?=_("No client certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -86,22 +87,32 @@ <td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> <? } ?> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"> <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> <input type="hidden" name="cert_<?=$row['id']?>" value="1"/> </td> + <td class="DataTD"><textarea name="description[]" cols="80" rows="5"></textarea><?=$row['description']?></textarea></td> + <td class="DataTD"> + <input type="submit" name="descriptionsave_<?=$row['id']?>" value="<?=_("Save comment")?>"> + </td> </tr> -<? } ?> + <? } ?> <tr> - <td class="DataTD" colspan="8"> + <td class="DataTD" colspan="9"> <a href="account.php?id=5&viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> </td> </tr> <tr> + <td class="DataTD" colspan="9"> + <?=_("* Comment optional with max length of 100 characters. The comment is NOT included in the certificate as it is inteded for your personal reference only.. Save each comment seperately.")?> + </td> + </tr> + + <tr> <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> diff --git a/pages/account/51.php b/pages/account/51.php deleted file mode 100644 index 7273840..0000000 --- a/pages/account/51.php +++ /dev/null @@ -1,34 +0,0 @@ -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2008 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?> -<? - $uid = intval($_GET['photoid']); - $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) { ?> -<img src="account.php?id=51&photoid=<?=$uid ?>&img=show" border="0" width="800"> -<? } else { - $query = "select * from `tverify` where `id`='$uid' and `modified`=1"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { - echo _("This UID has already been voted on."); - } else { - echo _("Unable to locate a valid request for that UID."); - } - } } ?> diff --git a/pages/account/52.php b/pages/account/52.php deleted file mode 100644 index 77a3bae..0000000 --- a/pages/account/52.php +++ /dev/null @@ -1,102 +0,0 @@ -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2008 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?> -<? - $uid = intval($_GET['uid']); - $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { - $row = mysql_fetch_assoc($res); - $memid = intval($row['memid']); - - $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; - $rc2 = mysql_num_rows(mysql_query($query2)); - if($rc2 > 0) - { - showheader(_("My CAcert.org Account!")); - echo _("You have already voted on this request."); - showfooter(); - exit; - } - - $query = "select sum(`points`) as `points` from `notary` where `to`='$memid'"; - $notary = mysql_fetch_assoc(mysql_query($query)); - $query = "select * from `users` where `id`='$memid'"; - $user = mysql_fetch_assoc(mysql_query($query)); - $tobe = 50 - $notary['points']; - if($row['URL'] != '' && $row['photoid'] != '') - $tobe = 150 - $notary['points']; - else if($row['URL'] != '') - $tobe = 90 - $notary['points']; - if(intval($tobe) <= 0) - $tobe = 0; -?> -<?=_("Request Details")?>:<br> -<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br> -<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br> -<?=_("Certificate Subject")?>: <?=$row['CN']?><br> -<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?> -<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?> -<?=_("Current Points")?>: <?=intval($notary['points'])?><br> -<?=_("Potential Points")?>: <?=intval($tobe)?><br> -<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br> - -<br> -<form method="post" action="account.php"> -<?=_("Comment")?>: <input type="text" name="comment"><br> -<input type="submit" name="agree" value="<?=_("I agree with this Application")?>"> -<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>"> -<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>"> -<input type="hidden" name="uid" value="<?=$uid?>"> -</form> -<? } else { - $query = "select * from `tverify` where `id`='$uid' and `modified`=1"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { - echo _("This UID has already been voted on.")."<br/>"; - } else { - if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>"; - } - - // Search for open requests: - $query = "select * from `tverify` where `modified`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { - echo "<br/>"._("The following requests are still open:")."<br/><ul>"; - while($row = mysql_fetch_assoc($res)) - { - $uid=intval($row['id']); - $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; - $rc3 = mysql_num_rows(mysql_query($query3)); - if($rc3 <= 0) - { - echo "<li><a href='account.php?id=52&uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n"; - } - } - echo "</ul>\n<br>\n"; - } - else - { - echo "<br/>"._("There are no pending requests where you haven't voted yet."); - } - - - } } ?> diff --git a/pages/account/6.php b/pages/account/6.php index 38af8e8..90affac 100644 --- a/pages/account/6.php +++ b/pages/account/6.php @@ -14,46 +14,95 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? - $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']); - - $query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - { - showheader(_("My CAcert.org Account!")); - echo _("No such certificate attached to your account."); - showfooter(); +*/ + +// Get certificate information +$certid = 0; +if(array_key_exists('cert',$_REQUEST)) { + $certid = intval($_REQUEST['cert']); +} + +$query = "select * from `emailcerts` + where `id`='$certid' + and `memid`='".intval($_SESSION['profile']['id'])."'"; +$res = mysql_query($query); +if(mysql_num_rows($res) <= 0) { + showheader(_("My CAcert.org Account!")); + echo _("No such certificate attached to your account."); + showfooter(); + exit; +} +$row = mysql_fetch_assoc($res); + + +if (array_key_exists('format', $_REQUEST)) { + // Which output format? + if ($_REQUEST['format'] === 'der') { + $outform = '-outform DER'; + $extension = 'cer'; + } else { + $outform = '-outform PEM'; + $extension = 'crt'; + } + + $crtname=escapeshellarg($row['crt_name']); + $cert = `/usr/bin/openssl x509 -in $crtname $outform`; + + header("Content-Type: application/pkix-cert"); + header("Content-Length: ".strlen($cert)); + + $fname = sanitizeFilename($row['CN']); + if ($fname=="") $fname="certificate"; + header("Content-Disposition: attachment; filename=\"${fname}.${extension}\""); + + echo $cert; + exit; + +} elseif (array_key_exists('install', $_REQUEST)) { + if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && + strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { + + // Handle IE + + //TODO + + } else { + // All other browsers + $crtname=escapeshellarg($row['crt_name']); + $cert = `/usr/bin/openssl x509 -in $crtname -outform DER`; + + header("Content-Type: application/x-x509-user-cert"); + header("Content-Length: ".strlen($cert)); + + $fname = sanitizeFilename($row['CN']); + if ($fname=="") $fname="certificate"; + header("Content-Disposition: inline; filename=\"${fname}.cer\""); + + echo $cert; exit; } - $row = mysql_fetch_assoc($res); +} else { + + showheader(_("My CAcert.org Account!")); + echo "<h3>"._("Install your certificate")."</h3>\n"; + + echo "<p><a href='account.php?id=6&cert=$certid&install'>". + _("Install the certificate into your browser"). + "</a></p>\n"; + + echo "<p><a href='account.php?id=6&cert=$certid&format=pem'>". + _("Download the certificate in PEM format")."</a></p>\n"; + + echo "<p><a href='account.php?id=6&cert=$certid&format=der'>". + _("Download the certificate in DER format")."</a></p>\n"; + + showfooter(); + exit; +} - $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname`; - if($row['keytype'] == "NS") - { - if(array_key_exists('install',$_REQUEST) && $_REQUEST['install'] == 1) - { - header("Content-Type: application/x-x509-user-cert"); - header("Content-Length: ".strlen($cert)); - $fname=sanitizeFilename($row['CN']); - if($fname=="") $fname="certificate"; - header('Content-Disposition: inline; filename="'.$fname.'.crt"'); - echo $cert; - exit; - } else { - showheader(_("My CAcert.org Account!")); - echo "<h3>"._("Installing your certificate")."</h3>\n"; - echo "<p>"._("You are about to install a certificate, if you are using mozilla/netscape based browsers you will not be informed that the certificate was installed successfully, you can go into the options dialog box, security and manage certificates to view if it was installed correctly however.")."</p>\n"; - echo "<p><a href='account.php?id=6&cert=$certid&install=1'>"._("Click here")."</a> "._("to install your certificate.")."</p>\n"; - showfooter(); - exit; - } - } else { - showheader(_("My CAcert.org Account!")); ?> +<!-- to be converted to JavaScript --> <h3><?=_("Installing your certificate")?></h3> <p><?=_("Hit the 'Install your Certificate' button below to install the certificate into MS IE 5.x and above.")?> @@ -125,12 +174,3 @@ End Sub </SCRIPT> -<p><?=_("Your certificate:")?></p> -<pre><?=$cert?></pre> -<? - - showfooter(); - exit; - } -?> - diff --git a/pages/account/60.php b/pages/account/60.php new file mode 100644 index 0000000..3c2cb79 --- /dev/null +++ b/pages/account/60.php @@ -0,0 +1,142 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? +/* + $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['orgid'])."'"; + $row = mysql_fetch_assoc(mysql_query($query)); + $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; + $org = mysql_fetch_assoc(mysql_query($query)); + $query = "select * from `users` where `id`='".intval($_REQUEST['memid'])."'"; + $user = mysql_fetch_assoc(mysql_query($query)); + + $_SESSION['_config']['domain'] = $row['domain']; + */ + + + $delcount = 0; + if(array_key_exists('delid',$_REQUEST) && is_array($_REQUEST['delid'])) + { + + +/* + foreach($_REQUEST['delid'] as $id) + { + $id = intval($id); + $query = "select * from `email` where `id`='$id' and `memid`='".intval($_SESSION['profile']['id'])."' and + `email`!='".$_SESSION['profile']['email']."'"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + $row = mysql_fetch_assoc($res); + echo $row['email']."<br>\n"; + */ +/* + $query = "select `emailcerts`.`id` + from `emaillink`,`emailcerts` where + `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and + `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 + group by `emailcerts`.`id`"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)) + mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'"); + + $query = "update `email` set `deleted`=NOW() where `id`='$id'"; + mysql_query($query); + */ +/* $delcount++; + } + } */ + +?> + +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="4" class="title"><?=_("Delete User Account Email(s)")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Default")?></td> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=_("Delete")?></td> + <td class="DataTD"><?=_("Address")?></td> + </tr> +<? +// $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0"; +// $res = mysql_query($query); +// while($row = mysql_fetch_assoc($res)) + foreach($_REQUEST['delid'] as $did) + { + $did = intval($did); + $query = "select * from `email` where `id`='$did' and `memid`='".intval($_SESSION['profile']['id'])."' and + `email`!='".$_SESSION['profile']['email']."'"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + $row = mysql_fetch_assoc($res); +// echo $row['email']."<br>\n"; + + { + if($row['hash'] == "") + $verified = _("Verified"); + else + $verified = _("Unverified"); +?> + <tr> + <td class="DataTD"> </td> + <td class="DataTD"><?=$verified?></td> + <td class="DataTD"><input type="hidden" name="delid[]" value="<?=$row['id']?>"><b>X</b></td> + <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> + </tr> +<? } + } + } + ?> + <!-- tr> + <td class="DataTD" colspan="2"><input type="submit" name="makedefault" value="<?=_("Make Default")?>"></td> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Delete")?>"></td> + </tr --> + <tr> + <td class="DataTD" colspan="4"><span style="color:red;"><? printf(_("Are you really sure you want to remove above listed emails from your account?")); ?></span></td> + </tr> + <tr> + <td class="DataTD" colspan="4"><span style="color:red;"><? printf(_("This revokes also all client certificates for above listed email addresses.")); ?></span></td> + </tr> + + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>"></td> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Delete")?>"></td> + </tr> + +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="csrf" value="<?=make_csrf('chgdefcnfd')?>" /> +</form> +<p> +<?=_("Please Note: You can not set an unverified email as a default email, and you can not remove a default email. To remove the default email you must set another verified email as the default.")?> +</p> +<? + } else { + echo _("You did not select any email accounts for removal."); + echo _("You failed to select any email addresses to be removed, or you attempted to remove the default email address. No action was taken."); + $oldid = 0; + $id = 0; + showfooter(); + exit; + + } +?> diff --git a/pages/gpg/0.php b/pages/gpg/0.php index ce3b72a..319c2f9 100644 --- a/pages/gpg/0.php +++ b/pages/gpg/0.php @@ -19,6 +19,8 @@ ?> <p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p> <form method="post" action="gpg.php"> +<p> <?=_("Optional comment, only used in the certifictate overview")?><br> + <input type="text" name="description" maxlength="80" size=80></p> <textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br> <input type="submit" name="process" value="<?=_("Submit")?>"> <input type="hidden" name="oldid" value="<?=$id?>"> diff --git a/pages/gpg/2.php b/pages/gpg/2.php index e10935e..fd26367 100644 --- a/pages/gpg/2.php +++ b/pages/gpg/2.php @@ -24,13 +24,13 @@ <td class="DataTD"><?=_("Email Address")?></td> <td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Key ID")?></td> - + <td class="DataTD"><?=_("Comment")?></td> <? $query = "select UNIX_TIMESTAMP(`issued`) as `issued`, UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`expire`) as `expired`, `expire` as `expires`, `id`, `level`, - `email`,`keyid` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."' + `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."' ORDER BY `issued` desc"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -62,7 +62,7 @@ <? } ?> <td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['keyid']?></a></td> - + <td class="DataTD"><?=$row['description']?></td> </tr> <? } ?> <? } ?> diff --git a/pages/index/0.php b/pages/index/0.php index d1d3fef..81ab2b1 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -121,6 +121,7 @@ <ul> <li>Account Name: CAcert Inc</li> +<li>SWIFT: WPACAU2S</li> <li>BSB: 032073</li> <li>Account No.: 180264</li> </ul> @@ -128,44 +129,3 @@ <?=_("If you want to participate in CAcert.org, have a look")?> <a href="http://wiki.cacert.org/wiki/HelpingCAcert"><?=_("here")?></a> <?=_("and")?> <a href="http://wiki.cacert.org/wiki/SystemTasks"><?=_("here")?></a>. -<!-- -<h3><?=_("For CAcert Association Members")?></h3> - -<b><?=_("Have you paid your CAcert Association membership fees for the year?")?></b> -<p><?=_("If not then select this PayPal button to pay your US$10 membership fee for the year.")?></p> -<form action="https://www.paypal.com/cgi-bin/webscr" method="post"> -<input type="hidden" name="cmd" value="_s-xclick"> -<input type="image" src="/images/payment2.png" border="0" name="submit" alt="Make payments with PayPal"> -<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHiAYJKoZIhvcNAQcEoIIHeTCCB3UCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAVW/F7PUYp3SMSCdOj1L4lNmZk8TPLmyFBXiYe/dP6bdcsvvx0A58mLC/3j961TCs95gXWqYx5vDD9znDEii5An7weRqtaxFa9B+UplKT2kcQJpi45zsGKzhwtHF/g0aJQdLmzrDYNnWd16UvhuasUIV501LaZB3ykq5j2eDJV/DELMAkGBSsOAwIaBQAwggEEBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECJHKnDgLaYrEgIHgjYPDm0r2cH9hexIMEuCuiO9eOIsYxpzC50y9+ZWltUA9Eqp8avPT3ExC4qaw6FS8eo4+UWweESWXpAk3QrNTXgeV+Zf/4RjUEurpkRECinPUCtTgJvs6XLaPU50hAAaV9QmknT4DICcmB7djry0tB1FbLOmnqMyOTpT2pKDuL7r6hgEIAnCyASBtO5E8YJWFgSneQ53PbtT+YuAcVwIOD83wFRDAjlwYhs50VD6ugK07SXxC5I8RFV65PZS/qIiEEBCv7yiXi/U9DK4QG+3ojuxkP6ZjwshGb/99uK1NZCqgggOHMIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wHhcNMDQwMjEzMTAxMzE1WhcNMzUwMjEzMTAxMzE1WjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFHTt38RMxLXJyO2SmS+Ndl72T7oKJ4u4uw+6awntALWh03PewmIJuzbALScsTS4sZoS1fKciBGoh11gIfHzylvkdNe/hJl66/RGqrj5rFb08sAABNTzDTiqqNpJeBsYs/c2aiGozptX2RlnBktH+SUNpAajW724Nv2Wvhif6sFAgMBAAGjge4wgeswHQYDVR0OBBYEFJaffLvGbxe9WT9S1wob7BDWZJRrMIG7BgNVHSMEgbMwgbCAFJaffLvGbxe9WT9S1wob7BDWZJRroYGUpIGRMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIFfOlaagFrl71+jq6OKidbWFSE+Q4FqROvdgIONth+8kSK//Y/4ihuE4Ymvzn5ceE3S/iBSQQMjyvb+s2TWbQYDwcp129OPIbD9epdr4tJOUNiSojw7BHwYRiPh58S1xGlFgHFXwrEBb3dgNbMUa+u4qectsMAXpVHnD9wIyfmHMYIBmjCCAZYCAQEwgZQwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMDMwNzA2NDdaMCMGCSqGSIb3DQEJBDEWBBQQVDeJMeMteu3fuP5xIdpSiYrfLDANBgkqhkiG9w0BAQEFAASBgHIt5M/R6uPXFU0bVQJWcoO++ETE4nPbp+Nz+o7bclXsxIQL+yG5C5vQdpgNeCLuq42sPv+QUuVoMxio6hecCgHewwqAxkrUUr+teGOFSEqpfXBhjWfkUvZLvOy1ix6pSpjLnUu4bbJxaA5eM0gZQDZCJ8nh0HxPScdi5BhVuPSk-----END PKCS7----- -"> -</form> -<p><?=_("If you are located in Australia, you can use bank transfer instead and pay the equivalent of US$10 in AU$.")?></p> - -<p><?=_("Please also include Your name in the transaction so we know who it came from or send an email to robert at cacert dot org with the details:")?></p> - -<ul> -<li>Account Name: CAcert Inc</li> -<li>BSB: 032073</li> -<li>Account No.: 180264</li> -</ul> -<br/><br/> ---> - - -<!-- -<h3><?=_("Introduction")?></h3> - -<p><?=_("It's been a long time coming, but the wait was worthwhile, finally you are able to get security at the right price... Free!")?></p> - -<p><?=_("For years we've all been charged high amounts of money to pay for security that doesn't and shouldn't cost the earth.")?></p> - -<p><?=_("The primary goals are:")?> -<ul> -<li><?=_("Inclusion into mainstream browsers!")?></li> -<li><?=_("To provide a trust mechanism to go with the security aspects of encryption.")?></li> -</ul> - -<p><?=sprintf(_("For general documentation and help please see our %s site"), "<a href='http://wiki.CAcert.org'>"._("Wiki Documentation")."</a>")?>.</p> ---> - - diff --git a/pages/index/11.php b/pages/index/11.php index 60c8941..01eca3a 100644 --- a/pages/index/11.php +++ b/pages/index/11.php @@ -65,16 +65,7 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s </form> <p><b><?=_("Security Issues")?></b></p> -<p><?=_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on <a href='https://bugs.cacert.org/'>bugs.cacert.org</a> and mark it as private.")?></p> - -<p><b><?=_("Snail Mail")?></b></p> -<p><?=_("Alternatively you can get in contact with us via the following methods:")?></p> - -<p><?=_("Postal Address:")?><br> -CAcert Inc.<br> -P.O. Box 4107<br> -Denistone East NSW 2112<br> -Australia</p> +<p><?=sprintf(_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on %s and mark it as private."),"<a href='https://bugs.cacert.org/'>bugs.cacert.org</a>")?></p> <script type="text/javascript"> <!-- diff --git a/pages/index/13.php b/pages/index/13.php index f2ea173..612422f 100644 --- a/pages/index/13.php +++ b/pages/index/13.php @@ -35,8 +35,9 @@ printf(_("CAcert Inc. is a non-profit association which is legally able to accep <pre> Account Name: CAcert Inc -BSB: 032073 -Account No.: 180264 +SWIFT: WPACAU2S +BSB: 032073 +Account No.: 180264 </pre> <p><?=_("ANY amount will be appreciated - the more funding CAcert receives, the sooner it can achieve the goals of the community.")?></p> diff --git a/pages/index/21.php b/pages/index/21.php index 4d2599c..fa1b22f 100644 --- a/pages/index/21.php +++ b/pages/index/21.php @@ -40,6 +40,7 @@ <ul> <li>Account Name: CAcert Inc</li> +<li>SWIFT: WPACAU2S</li> <li>BSB: 032073</li> <li>Account No.: 180264</li> </ul> diff --git a/pages/index/feed.rss b/pages/index/feed.rss new file mode 100644 index 0000000..eb62c13 --- /dev/null +++ b/pages/index/feed.rss @@ -0,0 +1,69 @@ +<?xml version="1.0" encoding="UTF-8"?><!-- generator="WordPress/2.5.1" --> +<rss version="0.92"> +<channel> + <title>CAcert NEWS Blog</title> + <link>http://blog.cacert.org</link> + <description>CAcert NEWS and up coming events.</description> + <lastBuildDate>Fri, 20 Aug 2010 11:54:30 +0000</lastBuildDate> + <docs>http://backend.userland.com/rss092</docs> + <language>en</language> + + <item> + <title>Looking for confirmation email on creating account?</title> + <description>Please go to https://ca-mgr1.it-sls.de/login login with your just created account and password. +Under MAIL you'll find your individual confirmation email.</description> + <link>https://ca-mgr1.it-sls.de/testsystemdoc.html</link> + </item> + <item> + <title>You are interested in helping Testing ?</title> + <description>Create your test account on the Testserver. Beware of the confirmation email (see above) Entry page for Testers: https://wiki.cacert.org/Software/CurrentTest. Please contact Ulrich becoming a Testteam member.</description> + <link>https://wiki.cacert.org/Software/CurrentTest</link> + </item> + <item> + <title>Dear Testers</title> + <description>We had one work with no activity on the testserver +caused by inactivity by the Software-Assessment +team, caused by router problems at the hosting +site of the testserver. +Probably latter has been fixed. + +The reported bugs can be categorized into +1. Testserver-Mgmt-System related +2. Production Server recovery process to Testserver + and +3. general software errors + +Group 1+2 are essential for our current test phase, +as they covers the problems in building the +base testserver environment that is needed for +testing. + +So language and country selection support is +an essential feature we've worked on the +last week. + +One problem couldn't be solved till today: +secondary language selection +all other country and language related bugs +should be fixed in the meantime. + +Also the Show my Points details now +has the correct script (after some +confusion in the Software-Assessment team +and one developer), comparable to the +script on the production website. + +On the main entry page for testers +https://wiki.cacert.org/Software/CurrentTest +the updates on the bugs are marked with (i) +so here comes the 2nd test round ... + +Please report your found bugs and also success +reports to the listed bug numbers + +Thanks for your assistance .... ;) +</description> + <link>https://cacert1.it-sls.de/</link> + </item> +</channel> +</rss> diff --git a/pages/wot/1.php b/pages/wot/1.php index a45b5df..fa391a0 100644 --- a/pages/wot/1.php +++ b/pages/wot/1.php @@ -109,7 +109,7 @@ <? while($row = mysql_fetch_assoc($list)) { ?> <tr> <td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td> - <td class="DataTD"><?=maxpoints($row['id'])?></td> + <td class="DataTD"><?=max_points($row['id'])?></td> <td class="DataTD"><?=$row['contactinfo']?></td> <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td> <td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td> diff --git a/pages/wot/12.php b/pages/wot/12.php index a0bbf50..85d986b 100644 --- a/pages/wot/12.php +++ b/pages/wot/12.php @@ -119,9 +119,7 @@ document.f.location.focus(); </tr> <? while($row = mysql_fetch_assoc($res)) { - $points = maxpoints($row['uid']); - if($points > 35) - $points = 35; + $points = max_points($row['uid']); ?> <tr> <td class="DataTD" width="100"><nobr><?=$row['name']?></nobr></td> diff --git a/pages/wot/15.php b/pages/wot/15.php index 8579588..0ad7fa2 100644 --- a/pages/wot/15.php +++ b/pages/wot/15.php @@ -16,8 +16,6 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ - include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); - $userid = intval($_SESSION['profile']['id']); output_ranking($userid); diff --git a/pages/wot/6.php b/pages/wot/6.php index 28c1875..a27fccd 100644 --- a/pages/wot/6.php +++ b/pages/wot/6.php @@ -40,19 +40,17 @@ $name = $fname." ".$mname." ".$lname." ".$suffix; $_SESSION['_config']['wothash'] = md5($name."-".$dob); - include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); - AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname)); AssureTextLine(_("Name"),$name); AssureTextLine(_("Date of Birth"),$dob." ("._("YYYY-MM-DD").")"); AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person"), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"",""); AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("Please adjust the date if you assured the person on a different day")); - AssureMethodLine(_("Method"),$methods,_("Only tick the next box if the Assurance was face to face.")); + AssureMethodLine(_("Method"),$methods,""); AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); AssureBoxLine("rules",_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); AssureTextLine(_("Policy"),"<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); - AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")"); + AssureInboxLine("points",_("Points"),"","<br />(Max. ".max_points($_SESSION['profile']['id']).")"); AssureCCABoxLine("CCAAgreed",sprintf(_("Check this box only if %s agreed to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"),$fname)); AssureCCABoxLine("CCAAgree",_("Check this box only if YOU agree to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>")); AssureFoot($id,_("I confirm this Assurance")); |