summaryrefslogtreecommitdiff
path: root/pages
diff options
context:
space:
mode:
Diffstat (limited to 'pages')
-rw-r--r--pages/account/10.php65
-rw-r--r--pages/account/13.php3
-rw-r--r--pages/account/16.php102
-rw-r--r--pages/account/20.php61
-rw-r--r--pages/account/3.php131
-rw-r--r--pages/account/41.php2
-rw-r--r--pages/account/43.php1856
-rw-r--r--pages/account/44.php12
-rw-r--r--pages/account/49.php2
-rw-r--r--pages/account/52.php10
-rw-r--r--pages/account/53.php2
-rw-r--r--pages/account/54.php2
-rw-r--r--pages/account/55.php12
-rw-r--r--pages/account/57.php22
-rw-r--r--pages/account/59.php308
-rw-r--r--pages/account/6.php2
-rw-r--r--pages/index/0.php6
-rw-r--r--pages/index/1.php70
-rw-r--r--pages/index/10.php2
-rw-r--r--pages/index/16.php2
-rw-r--r--pages/index/3.php4
-rw-r--r--pages/index/52.php32
-rw-r--r--pages/index/feed.rss47
-rw-r--r--pages/wot/1.php4
-rw-r--r--pages/wot/10.php14
-rw-r--r--pages/wot/12.php6
-rw-r--r--pages/wot/13.php6
-rw-r--r--pages/wot/15.php2
-rw-r--r--pages/wot/16.php143
-rw-r--r--pages/wot/4.php15
-rw-r--r--pages/wot/5.php47
-rw-r--r--pages/wot/6.php26
-rw-r--r--pages/wot/9.php6
33 files changed, 1992 insertions, 1032 deletions
diff --git a/pages/account/10.php b/pages/account/10.php
index 8908400..17999a7 100644
--- a/pages/account/10.php
+++ b/pages/account/10.php
@@ -30,17 +30,66 @@
<p><?=_("If you are a valid organisation and would like the organisation name in the certificates you can apply for an organisation assurance. Contact us via support@cacert.org for more information.")?></p>
<form method="post" action="account.php">
+<p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
+ <input type="text" id="description" name="description" maxlength="80" size="80" />
+</p>
+<p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br />
+ <textarea id="CSR" name="CSR" cols="80" rows="15"></textarea>
+</p>
+
+<fieldset>
+<legend>
+ <input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" />
+ <label for="expertbox"><?=_("Advanced Options")?></label>
+</legend>
+<div id="advanced_options">
+
<? if($_SESSION['profile']['points'] >= 50) { ?>
-<input type="radio" name="rootcert" value="1"/> <?=_("Sign by class 1 root certificate")?><br />
-<input type="radio" name="rootcert" value="2" checked/> <?=_("Sign by class 3 root certificate")?><br />
+<ul class="no_indent">
+ <li>
+ <input type="radio" id="root1" name="rootcert" value="1" />
+ <label for="root1"><?=_("Sign by class 1 root certificate")?></label>
+ </li>
+ <li>
+ <input type="radio" id="root2" name="rootcert" value="2" checked="checked" />
+ <label for="root2"><?=_("Sign by class 3 root certificate")?></label>
+ </li>
+</ul>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<? } ?>
-<p><?=_("Optional comment, only used in the certificate overview")?><br>
- <input type="text" name="description" maxlength="80" size=80/></p>
-<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p>
-<textarea name="CSR" cols="80" rows="15"></textarea><br />
-<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
- <?=_("Please Note: You need to accept the CCA to proceed.")?></p>
+
+<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p>
+<ul class="no_indent">
+<?
+foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
+?>
+ <li>
+ <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label>
+ </li>
+<?
+}
+?>
+</ul>
+
+</div>
+</fieldset>
+
+<p><input type="checkbox" id="CCA" name="CCA" /> <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
+ <?=_("Please note: You need to accept the CCA to proceed.")?></label></p>
<input type="submit" name="process" value="<?=_("Submit")?>" />
<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
+
+
+<script language="javascript">
+function showExpert(a)
+{
+ var options=document.getElementById("advanced_options");
+ options.style.display = (a) ? "" : "none";
+
+ var checkbox=document.getElementById("expertbox");
+ checkbox.style.display = "";
+}
+showExpert(false);
+</script>
diff --git a/pages/account/13.php b/pages/account/13.php
index 08f325d..7e2adfc 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -124,6 +124,9 @@
</tr>
<? } ?>
<tr>
+ <td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=$_SESSION['profile']['id']?>"><?=_('Show account history')?></a></td>
+ </tr>
+ <tr>
<td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=!$showdetails?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
</tr>
<? if($showdetails){ ?>
diff --git a/pages/account/16.php b/pages/account/16.php
index 564463e..28aa614 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -25,47 +25,101 @@
<tr>
<td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td>
-<? if(array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails']))
- foreach($_SESSION['_config']['emails'] as $val) { ?>
+<?
+if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) {
+ $i = 1;
+ foreach($_SESSION['_config']['emails'] as $val) {
+?>
<tr>
- <td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"/></td>
+ <td class="DataTD"><label for="email<?=$i?>"><?=_("Email")?></label></td>
+ <td class="DataTD"><input type="text" id="email<?=$i?>" name="emails[]" value="<?=$val?>"/></td>
</tr>
-<? } ?>
+<?
+ $i++;
+ }
+} ?>
<tr>
- <td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="emails[]"/></td>
+ <td class="DataTD"><label for="email0"><?=_("Email")?></td>
+ <td class="DataTD"><input type="text" id="email0" name="emails[]"/></td>
</tr>
<tr>
- <td class="DataTD"><?=_("Name")?>:</td>
- <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td>
+ <td class="DataTD"><label for="name"><?=_("Name")?></label></td>
+ <td class="DataTD"><input type="text" id="name" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td>
</tr>
<tr>
- <td class="DataTD"><?=_("Department")?>:</td>
- <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td>
+ <td class="DataTD"><label for="OU"><?=_("Department")?></label></td>
+ <td class="DataTD"><input type="text" id="OU" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td>
</tr>
- <tr>
+
+ <tr name="expertoff" style="display:none">
+ <td class="DataTD">
+ <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" />
+ </td>
+ <td class="DataTD">
+ <label for="expertbox"><?=_("Show advanced options")?></label>
+ </td>
+ </tr>
+ <tr name="expert">
+ <td class="DataTD" colspan="2" align="left">
+ <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br />
+ <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br />
+ <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 60))?>
+ </td>
+ </tr>
+
+ <tr name="expert">
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br />
- <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br />
- <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?>
+ <?=_("Hash algorithm used when signing the certificate:")?><br />
+ <?
+ foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
+ ?>
+ <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br />
+ <?
+ }
+ ?>
</td>
</tr>
+
<? if($_SESSION['profile']['codesign'] && $_SESSION['profile']['points'] >= 100) { ?>
- <tr>
- <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td>
+ <tr name="expert">
+ <td class="DataTD" colspan="2" align="left">
+ <input type="checkbox" id="codesign" name="codesign" value="1" />
+ <label for="codesign"><?=_("Code Signing")?></label>
+ </td>
</tr>
<? } ?>
- <tr>
- <td class="DataTD" colspan="2" align="left">
- <?=_("Optional comment, only used in the certificate overview")?><br />
- <input type="text" name="description" maxlength="80" size=80 />
- </td>
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
+ <input type="text" id="description" name="description" maxlength="80" size="80" />
+ </td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>">
- <input type="submit" name="process" value="<?=_("Next")?>" /></td>
+ <td class="DataTD" colspan="2">
+ <input type="submit" name="add_email" value="<?=_("Add Another Email Address")?>">
+ <input type="submit" name="process" value="<?=_("Next")?>" />
+ </td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
+
+<script language="javascript">
+function showExpert(a)
+{
+ b=document.getElementsByName("expert");
+ for(i=0;b.length>i;i++)
+ {
+ if(!a) {b[i].setAttribute("style","display:none"); }
+ else {b[i].removeAttribute("style");}
+ }
+ b=document.getElementsByName("expertoff");
+ for(i=0;b.length>i;i++)
+ {
+ b[i].removeAttribute("style");
+ }
+
+}
+showExpert(false);
+</script>
diff --git a/pages/account/20.php b/pages/account/20.php
index ee16dd4..89bbc30 100644
--- a/pages/account/20.php
+++ b/pages/account/20.php
@@ -27,13 +27,60 @@
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<form method="post" action="account.php">
-<input type="radio" name="rootcert" value="1" /> <?=_("Sign by class 1 root certificate")?><br />
-<input type="radio" name="rootcert" value="2" checked /> <?=_("Sign by class 3 root certificate")?><br />
-<p> <?=_("Optional comment, only used in the certificate overview")?><br />
- <input type="text" name="description" maxlength="80" size=80 /></p>
+<p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
+ <input type="text" id="description" name="description" maxlength="80" size="80" />
+</p>
+<p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br />
+ <textarea id="CSR" name="CSR" cols="80" rows="15"></textarea>
+</p>
+
+<fieldset>
+<legend>
+ <input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" />
+ <label for="expertbox"><?=_("Advanced Options")?></label>
+</legend>
+<div id="advanced_options">
+<ul class="no_indent">
+ <li>
+ <input type="radio" id="root1" name="rootcert" value="1" />
+ <label for="root1"><?=_("Sign by class 1 root certificate")?></label>
+ </li>
+ <li>
+ <input type="radio" id="root2" name="rootcert" value="2" checked="checked" />
+ <label for="root2"><?=_("Sign by class 3 root certificate")?></label>
+ </li>
+</ul>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
-<p><?=_("Paste your CSR below...")?></p>
-<textarea name="CSR" cols="80" rows="15"></textarea><br />
+
+<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p>
+<ul class="no_indent">
+<?
+foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
+?>
+ <li>
+ <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label>
+ </li>
+<?
+}
+?>
+</ul>
+
+</div>
+</fieldset>
+
<input type="submit" name="process" value="<?=_("Submit")?>" />
<input type="hidden" name="oldid" value="<?=$id?>" />
-</form> \ No newline at end of file
+</form>
+
+<script language="javascript">
+function showExpert(a)
+{
+ var options=document.getElementById("advanced_options");
+ options.style.display = (a) ? "" : "none";
+
+ var checkbox=document.getElementById("expertbox");
+ checkbox.style.display = "";
+}
+showExpert(false);
+</script>
diff --git a/pages/account/3.php b/pages/account/3.php
index 7e34300..cd62ce0 100644
--- a/pages/account/3.php
+++ b/pages/account/3.php
@@ -34,6 +34,7 @@
<tr>
<td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td>
+ </tr>
<?
$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''";
@@ -41,8 +42,8 @@
while($row = mysql_fetch_assoc($res))
{ ?>
<tr>
- <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td>
- <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
+ <td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id'])?>" name="addid[]" value="<?=intval($row['id'])?>"></td>
+ <td class="DataTD" align="left"><label for="addid<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></label></td>
</tr>
<? }
if($_SESSION['profile']['points'] >= 50)
@@ -52,81 +53,120 @@ if($_SESSION['profile']['points'] >= 50)
$lname = $_SESSION['profile']['lname'];
$suffix = $_SESSION['profile']['suffix'];
?>
- <td class="DataTD" colspan="2" align="left">
- <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br />
- <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br />
- <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
- </td>
- </tr>
<tr>
<td class="DataTD" colspan="2" align="left">
- <input type="radio" name="incname" value="0" checked /> <?=_("No Name")?><br />
- <? if($fname && $lname) { ?><input type="radio" name="incname" value="1" /> <?=_("Include")?> '<?=$fname." ".$lname?>'<br /><? } ?>
- <? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br /><? } ?>
- <? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3" /> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br /><? } ?>
- <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br /><? } ?>
+ <input type="radio" id="incname0" name="incname" value="0" checked="checked" />
+ <label for="incname0"><?=_("No Name")?></label><br />
+ <? if($fname && $lname) { ?>
+ <input type="radio" id="incname1" name="incname" value="1" />
+ <label for="incname1"><?=_("Include")?> '<?=$fname." ".$lname?>'</label><br />
+ <? } ?>
+ <? if($fname && $mname && $lname) { ?>
+ <input type="radio" id="incname2" name="incname" value="2" />
+ <label for="incname2"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'</label><br />
+ <? } ?>
+ <? if($fname && $lname && $suffix) { ?>
+ <input type="radio" id="incname3" name="incname" value="3" />
+ <label for="incname3"><?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'</label><br />
+ <? } ?>
+ <? if($fname && $mname && $lname && $suffix) { ?>
+ <input type="radio" id="incname4" name="incname" value="4" />
+ <label for="incname4"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'</label><br />
+ <? } ?>
</td>
</tr>
<? } ?>
-<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
+
<tr>
<td class="DataTD">
- <input type="checkbox" name="codesign" value="1" />
+ <input type="checkbox" id="login" name="login" value="1" checked="checked" />
</td>
<td class="DataTD" align="left">
- <?=_("Code Signing")?><br />
- <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
+ <label for="login"><?=_("Enable certificate login with this certificate")?><br />
+ <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?></label>
</td>
</tr>
-<? } ?>
-
<tr>
+ <td class="DataTD" colspan="2" align="left">
+ <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
+ <input type="text" id="description" name="description" maxlength="100" size="100" />
+ </td>
+ </tr>
+
+ <tr name="expertoff" style="display:none">
<td class="DataTD">
- <input type="checkbox" name="login" value="1" checked="checked" />
+ <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" />
</td>
- <td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br />
- <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/>
+ <td class="DataTD" align="left">
+ <label for="expertbox"><?=_("Show advanced options")?></label>
</td>
</tr>
- <tr>
- <td class="DataTD" colspan="2" align="left">
- <?=_("Optional comment, only used in the certificate overview")?><br />
- <input type="text" name="description" maxlength="100" size="100" />
- </td>
+
+<?
+if($_SESSION['profile']['points'] >= 50)
+{
+?>
+ <tr name="expert">
+ <td class="DataTD" colspan="2" align="left">
+ <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br />
+ <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br />
+ <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 125))?>
+ </td>
</tr>
+<? } ?>
- <tr name="expertoff" style="display:none">
+ <tr name="expert">
+ <td class="DataTD" colspan="2" align="left">
+ <?=_("Hash algorithm used when signing the certificate:")?><br />
+ <?
+ foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
+ ?>
+ <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
+ <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br />
+ <?
+ }
+ ?>
+ </td>
+ </tr>
+
+<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
+ <tr name="expert">
<td class="DataTD">
- <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)" />
+ <input type="checkbox" id="codesign" name="codesign" value="1" />
</td>
+ <td class="DataTD" align="left">
+ <label for="codesign"><?=_("Code Signing")?><br />
+ <?=_("Please note: By ticking this box you will automatically have your name included in the certificate.")?></label>
+ </td>
+ </tr>
+<? } ?>
+
+ <tr name="expert">
<td class="DataTD">
- <?=_("Show advanced options")?>
+ <input type="checkbox" id="SSO" name="SSO" value="1" />
+ </td>
+ <td class="DataTD" align="left">
+ <label for="SSO"><?=_("Add Single Sign On ID Information")?><br />
+ <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
+ <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a></label>
</td>
</tr>
<tr name="expert">
- <td class="DataTD" colspan="2" align="left">
- <input type="radio" name="SSO" value="0" checked /> <?=_("No Single Sign On ID")?><br />
- <input type="radio" name="SSO" value="1" /> <?=_("Add Single Sign On ID Information")?><br />
- <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
- <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a>
+ <td class="DataTD" colspan="2">
+ <label for="optionalCSR"><?=_("Optional Client CSR, no information on the certificate will be used")?></label><br />
+ <textarea id="optionalCSR" name="optionalCSR" cols="80" rows="5"></textarea>
</td>
</tr>
- <tr name="expert">
- <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td>
- </tr>
- <tr name="expert">
- <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td>
- </tr>
- <tr>
+ <tr>
<td class="DataTD">
- <input type="checkbox" name="CCA" />
+ <input type="checkbox" id="CCA" name="CCA" />
</td>
<td class="DataTD" align="left">
- <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
- <?=_("Please Note: You need to accept the CCA to proceed.")?>
+ <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
+ <?=_("Please note: You need to accept the CCA to proceed.")?></label>
</td>
</tr>
<tr>
@@ -154,4 +194,3 @@ function showExpert(a)
}
showExpert(false);
</script>
-
diff --git a/pages/account/41.php b/pages/account/41.php
index d61d8db..f644025 100644
--- a/pages/account/41.php
+++ b/pages/account/41.php
@@ -57,7 +57,7 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'"));
+ $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
diff --git a/pages/account/43.php b/pages/account/43.php
index 53b24d3..2e094c8 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -18,26 +18,41 @@
<?
include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+$ticketno='';
+$ticketvalidation=FALSE;
+
+if (isset($_SESSION['ticketno'])) {
+ $ticketno = $_SESSION['ticketno'];
+ $ticketvalidation = valid_ticket_number($ticketno);
+}
+if (isset($_SESSION['ticketmsg'])) {
+ $ticketmsg = $_SESSION['ticketmsg'];
+} else {
+ $ticketmsg = '';
+}
+
if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
{
$assurance = mysql_escape_string(intval($_REQUEST['assurance']));
$row = 0;
- $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
+ $res = mysql_query("select `to` from `notary` where `id`='$assurance' and `deleted` = 0");
if ($res) {
$row = mysql_fetch_assoc($res);
- }
- mysql_query("delete from `notary` where `id`='$assurance'");
- if ($row) {
- fix_assurer_flag($row['to']);
+ mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'");
+ if ($row) {
+ fix_assurer_flag($row['to']);
+ }
}
}
- if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
- {
+
+// search for an account by email search, if more than one is found display list to choose
+if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
+{
$_REQUEST['userid'] = 0;
- $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
+ $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
@@ -45,877 +60,1024 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
// bug-975 ted+uli changes --- begin
if(preg_match("/^[0-9]+$/", $email)) {
- // $email consists of digits only ==> search for IDs
- // Be defensive here (outer join) if primary mail is not listed in email table
- $query = "select `users`.`id` as `id`, `email`.`email` as `email`
- from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
- where (`email`.`id`='$email' or `users`.`id`='$email')
- and `users`.`deleted`=0
- group by `users`.`id` limit 100";
+ // $email consists of digits only ==> search for IDs
+ // Be defensive here (outer join) if primary mail is not listed in email table
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email`
+ from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
+ where (`email`.`id`='$email' or `users`.`id`='$email')
+ and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
} else {
- // $email contains non-digits ==> search for mail addresses
- // Be defensive here (outer join) if primary mail is not listed in email table
- $query = "select `users`.`id` as `id`, `email`.`email` as `email`
- from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
- where (`email`.`email` like '$emailsearch'
- or `users`.`email` like '$emailsearch')
- and `users`.`deleted`=0
- group by `users`.`id` limit 100";
+ // $email contains non-digits ==> search for mail addresses
+ // Be defensive here (outer join) if primary mail is not listed in email table
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email`
+ from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
+ where (`email`.`email` like '$emailsearch'
+ or `users`.`email` like '$emailsearch')
+ and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
}
// bug-975 ted+uli changes --- end
$res = mysql_query($query);
- if(mysql_num_rows($res) > 1) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("User ID")?></td>
- <td class="DataTD"><?=_("Email")?></td>
- </tr>
-<?
- while($row = mysql_fetch_assoc($res))
- { ?>
- <tr>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
- </tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
- <tr>
- <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
- </tr>
-<? } else { ?>
- <tr>
- <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
- </tr>
-<? } ?>
-</table><br><br>
-<? } elseif(mysql_num_rows($res) == 1) {
- $row = mysql_fetch_assoc($res);
- $_REQUEST['userid'] = $row['id'];
- } else {
- printf(_("No users found matching %s"), sanitizeHTML($email));
- }
- }
-
- if(intval($_REQUEST['userid']) > 0)
- {
- $userid = intval($_REQUEST['userid']);
- $query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
- } else {
- $row = mysql_fetch_assoc($res);
- $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
+ if(mysql_num_rows($res) > 1) {
?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("First Name")?>:</td>
- <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
- <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
- <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Middle Name")?>:</td>
- <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Last Name")?>:</td>
- <td class="DataTD"> <input type="hidden" name="oldid" value="43">
- <input type="hidden" name="action" value="updatedob">
- <input type="hidden" name="userid" value="<?=intval($userid)?>">
- <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Suffix")?>:</td>
- <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Date of Birth")?>:</td>
- <td class="DataTD">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("User ID")?></td>
+ <td class="DataTD"><?=_("Email")?></td>
+ </tr>
<?
- $year = intval(substr($row['dob'], 0, 4));
- $month = intval(substr($row['dob'], 5, 2));
- $day = intval(substr($row['dob'], 8, 2));
- ?><nobr><select name="day">
-<?
- for($i = 1; $i <= 31; $i++)
+ while($row = mysql_fetch_assoc($res))
{
- echo "<option";
- if($day == $i)
- echo " selected='selected'";
- echo ">$i</option>";
- }
?>
- </select>
- <select name="month">
+ <tr>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
+ </tr>
<?
- for($i = 1; $i <= 12; $i++)
- {
- echo "<option value='$i'";
- if($month == $i)
- echo " selected='selected'";
- echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
}
+
+ if(mysql_num_rows($res) >= 100) {
?>
- </select>
- <input type="text" name="year" value="<?=$year?>" size="4">
- <input type="submit" value="Go"></form></nobr></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("CCA accepted")?>:</td>
- <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Trainings")?>:</td>
- <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Is Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Account Locking")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Code Signing")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Org Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("TTP Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Location Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Ad Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Tverify Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("General Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Country Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Regional Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Change Password")?>:</td>
- <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Delete Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
- </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
+ </tr>
<?
- // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
- if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") {
+ } else {
?>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
- </tr>
-<? } else { ?>
- <tr>
- <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD"><?=_("Assurance Points")?>:</td>
- <td class="DataTD"><?=intval($drow['points'])?></td>
- </tr>
-</table>
-<br><?
- $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
- and `email`!='".mysql_escape_string($row['email'])."'";
- $dres = mysql_query($query);
- if(mysql_num_rows($dres) > 0) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
- </tr><?
- $rc = mysql_num_rows($dres);
- while($drow = mysql_fetch_assoc($dres))
- { ?>
- <tr>
- <td class="DataTD"><?=_("Secondary Emails")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
- </tr>
-<? } ?>
-</table>
-<br><? } ?>
-<?
- $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
- $dres = mysql_query($query);
- if(mysql_num_rows($dres) > 0) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Verified Domains")?></td>
- </tr><?
- $rc = mysql_num_rows($dres);
- while($drow = mysql_fetch_assoc($dres))
- { ?>
- <tr>
- <td class="DataTD"><?=_("Domain")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
- </tr>
-<? } ?>
-</table>
-<br>
-<? } ?>
-<? // Begin - Debug infos ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("Account State")?></td>
- </tr>
-
+ <tr>
+ <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ </tr>
<?
- // --- bug-975 begin ---
- // potential db inconsistency like in a20110804.1
- // Admin console -> don't list user account
- // User login -> impossible
- // Assurer, assure someone -> user displayed
- /* regular user account search with regular settings
-
- --- Admin Console find user query
- $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
- where `users`.`id`=`email`.`memid` and
- (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
- `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
- group by `users`.`id` limit 100";
- => requirements
- 1. email.hash = ''
- 2. email.deleted = 0
- 3. users.deleted = 0
- 4. email.email = primary-email (???) or'd
- not covered by admin console find user routine, but may block users login
- 5. users.verified = 0|1
- further "special settings"
- 6. users.locked (setting displayed in display form)
- 7. users.assurer_blocked (setting displayed in display form)
-
- --- User login user query
- select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
- `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
- => requirements
- 1. users.verified = 1
- 2. users.deleted = 0
- 3. users.locked = 0
- 4. users.email = primary-email
-
- --- Assurer, assure someone find user query
- select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
- and `deleted`=0
- => requirements
- 1. users.deleted = 0
- 2. users.email = primary-email
- Admin User Assurer
- bit Console Login assure someone
-
- 1. email.hash = '' Yes No No
- 2. email.deleted = 0 Yes No No
- 3. users.deleted = 0 Yes Yes Yes
- 4. users.verified = 1 No Yes No
- 5. users.locked = 0 No Yes No
- 6. users.email = prim-email No Yes Yes
- 7. email.email = prim-email Yes No No
-
- full usable account needs all 7 requirements fulfilled
- so if one setting isn't set/cleared there is an inconsistency either way
- if eg email.email is not avail, admin console cannot open user info
- but user can login and assurer can display user info
- if user verified is not set to 1, admin console displays user record
- but user cannot login, but assurer can search for the user and the data displays
-
- consistency check:
- 1. search primary-email in users.email
- 2. search primary-email in email.email
- 3. userid = email.memid
- 4. check settings from table 1. - 5.
-
- */
-
- $inconsistency = 0;
- $inconsistencydisp = "";
- $inccause = "";
- // current userid intval($row['id'])
- $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
- from `users` where `id`='".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $uemail = $drow['uemail'];
- $udeleted = $drow['udeleted'];
- $uverified = $drow['verified'];
- $ulocked = $drow['locked'];
-
- $query = "select `hash`, `email` as `eemail` from `email`
- where `memid`='".intval($row['id'])."' and
- `email` ='".$uemail."' and
- `deleted` = 0";
- $dres = mysql_query($query);
- if ($drow = mysql_fetch_assoc($dres)) {
- $drow['edeleted'] = 0;
- } else {
- // try if there are deleted entries
- $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
- where `memid`='".intval($row['id'])."' and
- `email` ='".$uemail."'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- }
-
- if ($drow) {
- $eemail = $drow['eemail'];
- $edeleted = $drow['edeleted'];
- $ehash = $drow['hash'];
- if ($udeleted!=0) {
- $inconsistency += 1;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
- }
- if ($uverified!=1) {
- $inconsistency += 2;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
- }
- if ($ulocked!=0) {
- $inconsistency += 4;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
- }
- if ($edeleted!=0) {
- $inconsistency += 8;
- $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
- }
- if ($ehash!='') {
- $inconsistency += 16;
- $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
- }
- } else {
- $inconsistency = 32;
- $inccause = _("Prim. email, Email record doesn't exist");
- }
- if ($inconsistency>0) {
- // $inconsistencydisp = _("Yes");
-?>
- <tr>
- <td class="DataTD"><?=_("Account inconsistency")?>:</td>
- <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
- </tr>
- <tr>
- <td colspan="2" class="DataTD" style="max-width: 75ex">
- <?=_("Account inconsistency can cause problems in daily account ".
- "operations and needs to be fixed manually through arbitration/critical ".
- "team.")?>
- </td>
- </tr>
-<? }
-
- // --- bug-975 end ---
+ }
?>
-</table>
-<br>
+ </table><br><br>
<?
- // End - Debug infos
-?>
+ } elseif(mysql_num_rows($res) == 1) {
+ $row = mysql_fetch_assoc($res);
+ $_REQUEST['userid'] = $row['id'];
+ } else {
+ printf(_("No users found matching %s"), sanitizeHTML($email));
+ }
+}
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="6" class="title"><?=_("Certificates")?></td>
- </tr>
-
- <tr>
- <td class="DataTD"><?=_("Cert Type")?>:</td>
- <td class="DataTD"><?=_("Total")?></td>
- <td class="DataTD"><?=_("Valid")?></td>
- <td class="DataTD"><?=_("Expired")?></td>
- <td class="DataTD"><?=_("Revoked")?></td>
- <td class="DataTD"><?=_("Latest Expire")?></td>
- </tr>
-<!-- server certificates -->
- <tr>
- <td class="DataTD"><?=_("Server")?>:</td>
- <?
- $query = "select COUNT(*) as `total`,
- MAX(`domaincerts`.`expire`) as `maxexpire`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."'
- and `revoked` = '0000-00-00 00:00:00'
- and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."'
- and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."'
- and `revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-<!-- client certificates -->
- <tr>
- <td class="DataTD"><?=_("Client")?>:</td>
- <?
- $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."'
- and `revoked` = '0000-00-00 00:00:00'
- and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."'
- and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."'
- and `revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-<!-- gpg certificates -->
- <tr>
- <td class="DataTD"><?=_("GPG")?>:</td>
- <?
- $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
- from `gpg`
- where `memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `gpg`
- where `memid` = '".intval($row['id'])."'
- and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `gpg`
- where `memid` = '".intval($row['id'])."'
- and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-<!-- org server certificates -->
- <tr>
- <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
- <?
- $query = "select COUNT(*) as `total`,
- MAX(`orgcerts`.`expire`) as `maxexpire`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
- and `orgcerts`.`expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-<!-- org client certificates -->
- <tr>
- <td class="DataTD"><?=_("Org Client")?>:</td>
- <?
- $query = "select COUNT(*) as `total`,
- MAX(`orgcerts`.`expire`) as `maxexpire`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
- and `orgcerts`.`expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
- <tr>
- <td colspan="6" class="title">
- <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;">
- <input type="hidden" name="action" value="revokecert">
- <input type="hidden" name="oldid" value="43">
- <input type="hidden" name="userid" value="<?=intval($userid)?>">
- <input type="submit" value="<?=_('revoke certificates')?>">
- </form>
- </td>
- </tr>
-</table>
-<br>
-
-
-<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
- (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
-<br />
-<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
- (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
-<br />
+// display user information for given user id
+if(intval($_REQUEST['userid']) > 0) {
+ $userid = intval($_REQUEST['userid']);
+ $res =get_user_data($userid);
+ if(mysql_num_rows($res) <= 0) {
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ } else {
+ $row = mysql_fetch_assoc($res);
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $alerts =get_alerts(intval($row['id']));
-<?
-// if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
+//display account data
-function showassuredto()
-{
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="8" class="title"><?=_("Assurance Points")?></td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("ID")?></b></td>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Who")?></b></td>
- <td class="DataTD"><b><?=_("Email")?></b></td>
- <td class="DataTD"><b><?=_("Points")?></b></td>
- <td class="DataTD"><b><?=_("Location")?></b></td>
- <td class="DataTD"><b><?=_("Method")?></b></td>
- <td class="DataTD"><b><?=_("Revoke")?></b></td>
- </tr>
-<?
- $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'";
- $dres = mysql_query($query);
- $points = 0;
- while($drow = mysql_fetch_assoc($dres))
- {
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
- $points += $drow['points'];
-?>
- <tr>
- <td class="DataTD"><?=$drow['id']?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
- <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
- <td class="DataTD"><?=intval($drow['points'])?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD" colspan="3">&nbsp;</td>
- </tr>
-</table>
-<? } ?>
+//deletes an assurance
+ if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
+ {
+ $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
+ $trow = 0;
+ $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
+ if ($res) {
+ $trow = mysql_fetch_assoc($res);
+ }
+ mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'");
+ if ($trow) {
+ fix_assurer_flag($trow['to']);
+ write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno);
+ }
+ } elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) {
+ $ticketmsg=_('No assurance revoked. Ticket number is missing!');
+ }
-<?
-function showassuredby()
-{
+//Ticket number
?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("ID")?></b></td>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Who")?></b></td>
- <td class="DataTD"><b><?=_("Email")?></b></td>
- <td class="DataTD"><b><?=_("Points")?></b></td>
- <td class="DataTD"><b><?=_("Location")?></b></td>
- <td class="DataTD"><b><?=_("Method")?></b></td>
- <td class="DataTD"><b><?=_("Revoke")?></b></td>
- </tr>
+
+<form method="post" action="account.php?id=43&userid=<?=intval($_REQUEST['userid'])?>">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_('Ticket handling') ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Ticket no')?>:</td>
+ <td class="DataTD"><input type="text" name="ticketno" value="<?=$ticketno?>"/></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="DataTDError"><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
+ </tr>
+ <tr>
+ <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
+ </tr>
+ </table>
+</form>
+<br/>
+
+
+<!-- display data table -->
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("First Name")?>:</td>
+ <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
+ <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
+ <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>">
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Middle Name")?>:</td>
+ <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Last Name")?>:</td>
+ <td class="DataTD"> <input type="hidden" name="oldid" value="43">
+ <input type="hidden" name="action" value="updatedob">
+ <input type="hidden" name="userid" value="<?=intval($userid)?>">
+ <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>">
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Suffix")?>:</td>
+ <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Date of Birth")?>:</td>
+ <td class="DataTD">
+ <?
+ $year = intval(substr($row['dob'], 0, 4));
+ $month = intval(substr($row['dob'], 5, 2));
+ $day = intval(substr($row['dob'], 8, 2));
+ ?>
+ <nobr>
+ <select name="day">
+ <?
+ for($i = 1; $i <= 31; $i++) {
+ echo "<option";
+ if($day == $i) {
+ echo " selected='selected'";
+ }
+ echo ">$i</option>";
+ }
+ ?>
+ </select>
+ <select name="month">
+ <?
+ for($i = 1; $i <= 12; $i++) {
+ echo "<option value='$i'";
+ if($month == $i)
+ echo " selected='selected'";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
+ }
+ ?>
+ </select>
+ <input type="text" name="year" value="<?=$year?>" size="4">
+ <input type="submit" value="Go">
+ <input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
+ </form>
+ </nobr>
+ </td>
+ </tr>
+
+ <? // list of flags ?>
+ <tr>
+ <td class="DataTD"><?=_("CCA accepted")?>:</td>
+ <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Trainings")?>:</td>
+ <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Is Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>&amp;ticketno=<?=$ticketno?>"><?=$row['assurer']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>&amp;ticketno=<?=$ticketno?>"><?=$row['assurer_blocked']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Account Locking")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>&amp;ticketno=<?=$ticketno?>"><?=$row['locked']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Code Signing")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>&amp;ticketno=<?=$ticketno?>"><?=$row['codesign']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Org Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['orgadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("TTP Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['ttpadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['locadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['admin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Ad Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
+ </tr>
+ <!-- presently not needed
+ <tr>
+ <td class="DataTD"><?=_("Tverify Account")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['tverify']?></a></td>
+ </tr>
+ -->
+ <tr>
+ <td class="DataTD"><?=_("General Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['general']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['country']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Regional Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['regional']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['radius']?></a></td>
+ </tr>
+ <? //change password, view secret questions and delete account section ?>
+ <tr>
+ <td class="DataTD"><?=_("Change Password")?>:</td>
+ <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=_("Change Password")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Delete Account")?>:</td>
+ <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>&amp;ticketno=<?=$ticketno?>"><?=_("Delete Account")?></a></td>
+ </tr>
+ <?
+ // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
+ if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
+ write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno);
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
+ </tr>
+ <?
+ } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes&amp;ticketno=<?=$ticketno?>"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <?
+ } else {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes&amp;ticketno=<?=$ticketno?>"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <? }
+
+ // list assurance points
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Assurance Points")?>:</td>
+ <td class="DataTD"><?=intval($drow['points'])?></td>
+ </tr>
+ <?
+ // show account history
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=59&amp;oldid=43&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=$ticketno?>"><?=_('Show account history')?></a></td>
+ </tr>
+ </table>
+ <br/>
+ <?
+ //list secondary email addresses
+ $dres = get_email_address(intval($row['id']),mysql_real_escape_string($row['email']));
+ if(mysql_num_rows($dres) > 0) {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
+ </tr>
+ <?
+ $rc = mysql_num_rows($dres);
+ while($drow = mysql_fetch_assoc($dres)) {
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Secondary Emails")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
+ </tr>
+ <?
+ }
+ ?>
+ </table>
+ <br/>
+ <?
+ }
+
+ // list of domains domains
+ $dres=get_domains(intval($row['id']));
+ if(mysql_num_rows($dres) > 0) {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Verified Domains")?></td>
+ </tr>
+ <?
+ $rc = mysql_num_rows($dres);
+ while($drow = mysql_fetch_assoc($dres)) {
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
+ </tr>
+ <?
+ }
+ ?>
+ </table>
+ <br/>
+ <?
+ }
+ ?>
+ <? // Begin - Debug infos ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Account State")?></td>
+ </tr>
+
+ <?
+ // --- bug-975 begin ---
+ // potential db inconsistency like in a20110804.1
+ // Admin console -> don't list user account
+ // User login -> impossible
+ // Assurer, assure someone -> user displayed
+ /* regular user account search with regular settings
+
+ --- Admin Console find user query
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
+ where `users`.`id`=`email`.`memid` and
+ (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
+ `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
+ => requirements
+ 1. email.hash = ''
+ 2. email.deleted = 0
+ 3. users.deleted = 0
+ 4. email.email = primary-email (???) or'd
+ not covered by admin console find user routine, but may block users login
+ 5. users.verified = 0|1
+ further "special settings"
+ 6. users.locked (setting displayed in display form)
+ 7. users.assurer_blocked (setting displayed in display form)
+
+ --- User login user query
+ select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
+ `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
+ => requirements
+ 1. users.verified = 1
+ 2. users.deleted = 0
+ 3. users.locked = 0
+ 4. users.email = primary-email
+
+ --- Assurer, assure someone find user query
+ select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
+ and `deleted`=0
+ => requirements
+ 1. users.deleted = 0
+ 2. users.email = primary-email
+
+ Admin User Assurer
+ bit Console Login assure someone
+
+ 1. email.hash = '' Yes No No
+ 2. email.deleted = 0 Yes No No
+ 3. users.deleted = 0 Yes Yes Yes
+ 4. users.verified = 1 No Yes No
+ 5. users.locked = 0 No Yes No
+ 6. users.email = prim-email No Yes Yes
+ 7. email.email = prim-email Yes No No
+
+ full usable account needs all 7 requirements fulfilled
+ so if one setting isn't set/cleared there is an inconsistency either way
+ if eg email.email is not avail, admin console cannot open user info
+ but user can login and assurer can display user info
+ if user verified is not set to 1, admin console displays user record
+ but user cannot login, but assurer can search for the user and the data displays
+
+ consistency check:
+ 1. search primary-email in users.email
+ 2. search primary-email in email.email
+ 3. userid = email.memid
+ 4. check settings from table 1. - 5.
+
+ */
+
+ $inconsistency = 0;
+ $inconsistencydisp = "";
+ $inccause = "";
+
+ // current userid intval($row['id'])
+ $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
+ from `users` where `id`='".intval($row['id'])."' ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $uemail = $drow['uemail'];
+ $udeleted = $drow['udeleted'];
+ $uverified = $drow['verified'];
+ $ulocked = $drow['locked'];
+
+ $query = "select `hash`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."' and
+ `deleted` = 0";
+ $dres = mysql_query($query);
+ if ($drow = mysql_fetch_assoc($dres)) {
+ $drow['edeleted'] = 0;
+ } else {
+ // try if there are deleted entries
+ $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."'";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ }
+
+ if ($drow) {
+ $eemail = $drow['eemail'];
+ $edeleted = $drow['edeleted'];
+ $ehash = $drow['hash'];
+ if ($udeleted!=0) {
+ $inconsistency += 1;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
+ }
+ if ($uverified!=1) {
+ $inconsistency += 2;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
+ }
+ if ($ulocked!=0) {
+ $inconsistency += 4;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
+ }
+ if ($edeleted!=0) {
+ $inconsistency += 8;
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
+ }
+ if ($ehash!='') {
+ $inconsistency += 16;
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
+ }
+ } else {
+ $inconsistency = 32;
+ $inccause = _("Prim. email, Email record doesn't exist");
+ }
+ if ($inconsistency>0) {
+ // $inconsistencydisp = _("Yes");
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Account inconsistency")?>:</td>
+ <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="DataTD" style="max-width: 75ex;">
+ <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?>
+ </td>
+ </tr>
+ <?
+ }
+
+ // --- bug-975 end ---
+ ?>
+ </table>
+ <br />
+ <?
+ // End - Debug infos
+
+ // certificate overview
+ ?>
+
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="6" class="title"><?=_("Certificates")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Cert Type")?>:</td>
+ <td class="DataTD"><?=_("Total")?></td>
+ <td class="DataTD"><?=_("Valid")?></td>
+ <td class="DataTD"><?=_("Expired")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Latest Expire")?></td>
+ </tr>
+ <!-- server certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Server")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`domaincerts`.`expire`) as `maxexpire`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `revoked` = '0000-00-00 00:00:00'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- client certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Client")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `revoked` = '0000-00-00 00:00:00'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- gpg certificates -->
+ <tr>
+ <td class="DataTD"><?=_("GPG")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- org server certificates -->
+ <tr>
+ <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`orgcerts`.`expire`) as `maxexpire`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
+ and `orgcerts`.`expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- org client certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Org Client")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`orgcerts`.`expire`) as `maxexpire`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
+ and `orgcerts`.`expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <tr>
+ <td colspan="6" class="title">
+ <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;">
+ <input type="hidden" name="action" value="revokecert">
+ <input type="hidden" name="oldid" value="43">
+ <input type="hidden" name="userid" value="<?=intval($userid)?>">
+ <input type="submit" value="<?=_('revoke certificates')?>">
+ <input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
+ </form>
+ </td>
+ </tr>
+ </table>
+ <br />
+ <? // list assurances ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="DataTD">
+ <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto&amp;ticketno=<?=$ticketno?>"><?=_("Show Assurances the user got")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15&amp;ticketno=<?=$ticketno?>"><?=_("New calculation")?></a>)
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby&amp;ticketno=<?=$ticketno?>"><?=_("Show Assurances the user gave")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15&amp;ticketno=<?=$ticketno?>"><?=_("New calculation")?></a>)
+ </td>
+ </tr>
+ </table>
+ <?
+ // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
+
+ function showassuredto($ticketno)
+ {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="8" class="title"><?=_("Assurance Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Email")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ <td class="DataTD"><b><?=_("Revoke")?></b></td>
+ </tr>
+ <?
+ $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $points = 0;
+ while($drow = mysql_fetch_assoc($dres)) {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
+ $points += $drow['points'];
+ ?>
+ <tr>
+ <td class="DataTD"><?=$drow['id']?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
+ <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
+ <td class="DataTD"><?=intval($drow['points'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
+ </tr>
+ <?
+ }
+ ?>
+ <tr>
+ <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD" colspan="3">&nbsp;</td>
+ </tr>
+ </table>
+ <?
+ }
+
+ function showassuredby($ticketno)
+ {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Email")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ <td class="DataTD"><b><?=_("Revoke")?></b></td>
+ </tr>
+ <?
+ $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $points = 0;
+ while($drow = mysql_fetch_assoc($dres)) {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
+ $points += $drow['points'];
+ ?>
+ <tr>
+ <td class="DataTD"><?=$drow['id']?></td>
+ <td class="DataTD"><?=$drow['date']?></td>
+ <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
+ <td class="DataTD"><?=$drow['points']?></td>
+ <td class="DataTD"><?=$drow['location']?></td>
+ <td class="DataTD"><?=$drow['method']?></td>
+ <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
+ </tr>
+ <?
+ }
+ ?>
+ <tr>
+ <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD" colspan="3">&nbsp;</td>
+ </tr>
+ </table>
+ <?} ?>
+<br/><br/>
<?
- $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'";
- $dres = mysql_query($query);
- $points = 0;
- while($drow = mysql_fetch_assoc($dres))
- {
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
- $points += $drow['points'];
-?>
- <tr>
- <td class="DataTD"><?=$drow['id']?></td>
- <td class="DataTD"><?=$drow['date']?></td>
- <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
- <td class="DataTD"><?=$drow['points']?></td>
- <td class="DataTD"><?=$drow['location']?></td>
- <td class="DataTD"><?=$drow['method']?></td>
- <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD" colspan="3">&nbsp;</td>
- </tr>
-</table>
-<? } ?>
-<br><br>
-<? } }
+} }
if(isset($_GET['shownotary'])) {
switch($_GET['shownotary']) {
case 'assuredto':
- showassuredto();
+ showassuredto($ticketno);
break;
case 'assuredby':
- showassuredby();
+ showassuredby($ticketno);
break;
case 'assuredto15':
- output_received_assurances(intval($_GET['userid']),1);
+ output_received_assurances(intval($_GET['userid']),1,$ticketno);
break;
case 'assuredby15':
- output_given_assurances(intval($_GET['userid']),1);
+ output_given_assurances(intval($_GET['userid']),1, $ticketno);
break;
}
}
diff --git a/pages/account/44.php b/pages/account/44.php
index fd34612..16bfa8c 100644
--- a/pages/account/44.php
+++ b/pages/account/44.php
@@ -15,7 +15,16 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); }
+
+$ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
+if (!valid_ticket_number($ticketno)) {
+ printf(_("I'm sorry, you did not enter a ticket number!%sYou cannot reset the password.%s"), '<br/>', '<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>');
+ showfooter();
+ exit;
+ }
+?>
+
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -35,4 +44,5 @@
</table>
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
</form>
diff --git a/pages/account/49.php b/pages/account/49.php
index 0218fa0..fed1cb9 100644
--- a/pages/account/49.php
+++ b/pages/account/49.php
@@ -19,7 +19,7 @@
$userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']);
if($userid <= 0)
{
- $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain']));
+ $domainsearch = $domain = mysql_real_escape_string(stripslashes($_POST['domain']));
if(!strstr($domain, "%"))
$domainsearch = "%$domain%";
if(preg_match("/^\d+$/",$domain))
diff --git a/pages/account/52.php b/pages/account/52.php
index 77a3bae..ce2025f 100644
--- a/pages/account/52.php
+++ b/pages/account/52.php
@@ -35,7 +35,7 @@
exit;
}
- $query = "select sum(`points`) as `points` from `notary` where `to`='$memid'";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' and `deleted` = 0";
$notary = mysql_fetch_assoc(mysql_query($query));
$query = "select * from `users` where `id`='$memid'";
$user = mysql_fetch_assoc(mysql_query($query));
@@ -65,7 +65,7 @@
<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
<input type="hidden" name="uid" value="<?=$uid?>">
</form>
-<? } else {
+<? } else {
$query = "select * from `tverify` where `id`='$uid' and `modified`=1";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
@@ -74,7 +74,7 @@
} else {
if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
}
-
+
// Search for open requests:
$query = "select * from `tverify` where `modified`=0";
$res = mysql_query($query);
@@ -83,14 +83,14 @@
echo "<br/>"._("The following requests are still open:")."<br/><ul>";
while($row = mysql_fetch_assoc($res))
{
- $uid=intval($row['id']);
+ $uid=intval($row['id']);
$query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
$rc3 = mysql_num_rows(mysql_query($query3));
if($rc3 <= 0)
{
echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
}
- }
+ }
echo "</ul>\n<br>\n";
}
else
diff --git a/pages/account/53.php b/pages/account/53.php
index cc9e2d6..1ec04b2 100644
--- a/pages/account/53.php
+++ b/pages/account/53.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):"";
+ $town = array_key_exists('town',$_REQUEST)?mysql_real_escape_string(stripslashes($_REQUEST['town'])):"";
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0;
diff --git a/pages/account/54.php b/pages/account/54.php
index 753b4af..35dce33 100644
--- a/pages/account/54.php
+++ b/pages/account/54.php
@@ -19,7 +19,7 @@
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
- $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";
+ $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string($_REQUEST['name']):"";
if($ccid > 0 && $_REQUEST['action'] == "add") { ?>
<form method="post" action="account.php">
diff --git a/pages/account/55.php b/pages/account/55.php
index ec401a0..0358504 100644
--- a/pages/account/55.php
+++ b/pages/account/55.php
@@ -23,7 +23,7 @@
<tr>
<td colspan="5" class="title"><?=_("Your passed Tests")?></td>
</tr>
- <tr>
+ <tr>
<td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
</tr>
</table>
@@ -60,9 +60,9 @@
" FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
" WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
" ORDER BY `CP`.`pass_date`";
-
+
$res = mysql_query($query);
-
+
$HaveTest=0;
while($row = mysql_fetch_array($res, MYSQL_NUM))
{
@@ -75,19 +75,19 @@
<td class="DataTD"><?=$row[1]?></td>
<td class="DataTD"><?=$row[2]?></td>
</tr>
-<? }
+<? }
?>
</table>
<br>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
+ <tr>
<?
if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
?>
<tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
<? } else {
$query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
- ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '.
+ ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() and and `n`.`deleted` = 0'.
' GROUP BY `u`.id, `u`.`assurer`';
$res = mysql_query($query);
if (!$res) {
diff --git a/pages/account/57.php b/pages/account/57.php
index 76eee27..0356eeb 100644
--- a/pages/account/57.php
+++ b/pages/account/57.php
@@ -17,12 +17,12 @@
*/ ?>
<?
include_once($_SESSION['_config']['filepath'].'/includes/notary.inc.php');
-
+
if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
echo _('You do not have access to this page');
- } else {
+ } else {
$user_id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
$res = mysql_query($query);
@@ -38,7 +38,7 @@
</tr>
</table>
-
+
<br>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -57,8 +57,8 @@
?>
<tr>
<td class="DataTD"><?=_('First active CCA')?></td>
- <td class="DataTD"><?=$data['date']?></td>
- <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td>
+ <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td>
<td class="DataTD"><?=$type?></td>
</tr>
<?
@@ -71,8 +71,8 @@
?>
<tr>
<td class="DataTD"><?=_('First passive CCA')?></td>
- <td class="DataTD"><?=$data['date']?></td>
- <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td>
+ <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td>
<td class="DataTD"><?=$type?></td>
</tr>
<?
@@ -87,19 +87,19 @@
?>
<tr>
<td class="DataTD"><?=_('Last CCA')?></td>
- <td class="DataTD"><?=$data['date']?></td>
- <td class="DataTD"><?=$data['method']?></td>
+ <td class="DataTD"><?=isset($data['date'])?$data['date']:''?></td>
+ <td class="DataTD"><?=isset($data['method'])?$data['method']:''?></td>
<td class="DataTD"><?=$type?></td>
</tr>
</table>
<br>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
+ <tr>
<?
if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
?>
<tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
-<? }
+<? }
?> </table>
<?
}
diff --git a/pages/account/59.php b/pages/account/59.php
new file mode 100644
index 0000000..51eb6ef
--- /dev/null
+++ b/pages/account/59.php
@@ -0,0 +1,308 @@
+<?/*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+
+
+$colspandefault=2;
+$userid = intval($_REQUEST['userid']);
+$res =get_user_data($userid);
+
+
+
+if(mysql_num_rows($res) <= 0)
+{
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ exit;
+}
+
+$row = mysql_fetch_assoc($res);
+
+$fname = $row['fname'];
+$mname = $row['mname'];
+$lname = $row['lname'];
+$suffix = $row['suffix'];
+$dob = $row['dob'];
+$username = $fname." ".$mname." ".$lname." ".$suffix;
+$email = $row['email'];
+$alerts =get_alerts($userid);
+$support=0;
+if(intval($_REQUEST['oldid'])==43){
+ $support=$_SESSION['profile']['admin'];
+}
+$ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
+if (!valid_ticket_number($ticketno) && $support == 1) {
+ printf(_("I'm sorry, you did not enter a ticket number!%sSupport is not allowed to view the account history without a ticket number.%s"), '<br/>', '<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>');
+ showfooter();
+ exit;
+}
+if ( $support == 1) {
+ write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $_REQUEST['ticketno']);
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspandefault ?>" class="title"><?=sprintf(_('Account history of %s'),$username)?></td>
+ </tr>
+ <tr>
+ <td colspan="<?=$colspandefault ?>" class="title"><?=_('User actions')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('User name')?></td>
+ <td class="DataTD"><?=$username?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Date of Birth')?></td>
+ <td class="DataTD"><?=$dob?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Is Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['assurer']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['assurer_blocked']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Account Locking")?>:</td>
+ <td class="DataTD"><?= ($row['locked']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Code Signing")?>:</td>
+ <td class="DataTD"><?= ($row['codesign']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Org Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['orgadmin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("TTP Admin")?>:</td>
+ <td class="DataTD"><?= $row['ttpadmin']._(' - 0 = none, 1 = TTP Admin, 2 = TTP TOPUP admin')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location Admin")?>:</td>
+ <td class="DataTD"><?= ($row['locadmin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Admin")?>:</td>
+ <td class="DataTD"><?= ($row['admin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Ad Admin")?>:</td>
+ <td class="DataTD"><?= $row['adadmin']._(' - 0 = none, 1 = submit, 2 = approve')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("General Announcements")?>:</td>
+ <td class="DataTD"><?= ($alerts['general']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Regional Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
+</table>
+<br/>
+<?
+$dres = get_email_address($userid,'',1);
+if(mysql_num_rows($dres) > 0) {
+?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Email addresses')?></td>
+ </tr>
+<?
+ output_log_email_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_email($drow,$email);
+ } ?>
+</table>
+<br/>
+<?}
+$dres = get_domains($userid,'',1);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Domains')?></td>
+ </tr>
+<?
+if(mysql_num_rows($dres) > 0) {
+ output_log_domains_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_domains($drow,$email);
+ }
+}ELSE{?>
+ <td colspan="3" ><?=_('no entry avialable')?></td>
+<?}?>
+</table>
+<br/>
+
+<?
+$dres = get_training_result($userid);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Trainings')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_training_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_training($drow);
+ }
+ }ELSE{
+ ?><td colspan="3" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_user_agreement($userid,'',1);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="4" class="title"><?=_('User agreements')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_agreement_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_agreement($drow);
+ }
+ }ELSE{
+ ?><td colspan="4" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_client_certs($userid,1);
+$colspan=10;
+if (1==$support) {
+ $colspan=7;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Client certificates')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_client_cert_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_client_cert($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_server_certs($userid,1);
+$colspan = 8;
+if (1 == $support) {
+ $colspan = 5;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Server certificates')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_server_certs_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_server_certs($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_gpg_certs($userid,1);
+$colspan = 6;
+if (1 == $support) {
+ $colspan = 4;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('GPG/PGP certificates')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_gpg_certs_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_gpg_certs($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+
+output_log_given_assurances($userid, $support);
+?><br/><?
+
+output_log_received_assurances($userid, $support);
+?><br/><?
+
+$dres = get_se_log($userid);
+$colspan = 2;
+if (1 == $support) {
+ $colspan = 4;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Admin log')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_se_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_se($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }
+ if ($support==1) {
+ ?><td colspan="<?=$colspan?>" ><a href="account.php?id=43&amp;userid=<?= $userid ?>"><?= _('Back to previous page.')?></a></td><?
+ }
+
+ ?>
+
+</table>
diff --git a/pages/account/6.php b/pages/account/6.php
index 8455499..2dc4277 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -113,8 +113,8 @@ if (array_key_exists('format', $_REQUEST)) {
$crtname=escapeshellarg($row['crt_name']);
$cert = `/usr/bin/openssl x509 -in $crtname -outform PEM`;
echo "<pre>$cert</pre>";
+?>
- ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Information about the certificate")?></td>
diff --git a/pages/index/0.php b/pages/index/0.php
index c5301d3..de5cb7c 100644
--- a/pages/index/0.php
+++ b/pages/index/0.php
@@ -19,11 +19,11 @@
<p><?=_("CAcert.org is a community-driven Certificate Authority that issues certificates to the public at large for free.")?></p>
-<p><?=_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer Protocol (SSL or TLS) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.")?></p>
+<p><?=_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer protocol (SSL or TLS) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.")?></p>
<p><?=sprintf(_("If you want to have free certificates issued to you, %s join the CAcert Community %s."),'<a href="https://www.cacert.org/index.php?id=1">', '</a>')?></p>
-<p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Root Distribution License %s."),'<a href="/policy/RootDistributionLicense.php">',"</a>")?>
+<p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Root Distribution License %s."),'<a href="/policy/RootDistributionLicense.html">',"</a>")?>
<?=sprintf(_("This license applies to using the CAcert %s root keys %s."),'<a href="/index.php?id=3">','</a>')?></p>
@@ -87,7 +87,7 @@
<p><?=sprintf(_("Have you passed the CAcert %s Assurer Challenge %s yet?"),'<a href="http://wiki.cacert.org/wiki/AssurerChallenge">','</a>')?></p>
-<p><?=sprintf(_("Have you read the CAcert %sCommunity Agreement%s yet?"),'<a href="/policy/CAcertCommunityAgreement.php">','</a>')?></p>
+<p><?=sprintf(_("Have you read the CAcert %sCommunity Agreement%s yet?"),'<a href="/policy/CAcertCommunityAgreement.html">','</a>')?></p>
<p><?=sprintf(_("For general documentation and help, please visit the CAcert %sWiki Documentation site %s."),'<a href="http://wiki.CAcert.org">','</a>')?>
<?=sprintf(_("For specific policies, see the CAcert %sApproved Policies page%s."),'<a href="/policy/">',"</a>")?></p>
diff --git a/pages/index/1.php b/pages/index/1.php
index 4f0ca83..05e59df 100644
--- a/pages/index/1.php
+++ b/pages/index/1.php
@@ -35,32 +35,32 @@
<tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td>
- <td class="DataTD" width="125"><input type="text" name="fname" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td>
- <td rowspan="4" class="DataTD" width="125"><? printf(_("Help on Names %sin the wiki%s"),'<a href="//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm" target="_blank">','</a>')?></td>
+ <td class="DataTD" width="125"><input type="text" name="fname" size="30" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" tabindex="1" autocomplete="off"></td>
+ <td rowspan="4" class="DataTD" width="125"><? printf(_("Help on Names %sin the wiki%s"),'<a tabindex="1" href="//wiki.cacert.org/FAQ/HowToEnterNamesInJoinForm" target="_blank">','</a>')?></td>
</tr>
<tr>
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>)
</td>
- <td class="DataTD"><input type="text" name="mname" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td>
+ <td class="DataTD"><input type="text" name="mname" size="30" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" tabindex="3" autocomplete="off"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>: </td>
- <td class="DataTD"><input type="text" name="lname" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td>
+ <td class="DataTD"><input type="text" name="lname" size="30" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" tabindex="4" autocomplete="off"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td>
- <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td>
+ <td class="DataTD"><input type="text" name="suffix" size="30" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" tabindex="5" autocomplete="off"><br><?=sprintf(_("Please only write Name Suffixes into this field."))?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?><br>
(<?=_("dd/mm/yyyy")?>)</td>
- <td class="DataTD"><nobr><select name="day">
+ <td class="DataTD"><nobr><select name="day" tabindex="6">
<?
for($i = 1; $i <= 31; $i++)
{
@@ -71,7 +71,7 @@
}
?>
</select>
- <select name="month">
+ <select name="month" tabindex="7">
<?
for($i = 1; $i <= 12; $i++)
{
@@ -82,25 +82,25 @@
}
?>
</select>
- <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['signup']) ? sanitizeHTML($_SESSION['signup']['year']):""?>" size="4" autocomplete="off"></nobr>
+ <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['signup']) ? sanitizeHTML($_SESSION['signup']['year']):""?>" size="4" tabindex="8" autocomplete="off"></nobr>
</td>
<td class="DataTD">&nbsp;</td>
</tr>
<tr>
<td class="DataTD"><?=_("Email Address")?>: </td>
- <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"></td>
+ <td class="DataTD"><input type="text" name="email" size="30" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" tabindex="9" autocomplete="off"></td>
<td class="DataTD"><?=_("I own or am authorised to control this email address")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase")?><font color="red">*</font>: </td>
- <td class="DataTD"><input type="password" name="pword1" autocomplete="off"></td>
+ <td class="DataTD"><input type="password" name="pword1" size="30" tabindex="10" autocomplete="off"></td>
<td class="DataTD" rowspan="2">&nbsp;</td>
</tr>
<tr>
<td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td>
- <td class="DataTD"><input type="password" name="pword2" autocomplete="off"></td>
+ <td class="DataTD"><input type="password" name="pword2" size="30" tabindex="11" autocomplete="off"></td>
</tr>
<tr>
@@ -112,29 +112,39 @@
</tr>
<tr>
- <td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td>
- <td class="DataTD"><input type="text" name="A1" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td>
- <td class="DataTD" rowspan="5">&nbsp;</td>
+ <td class="DataTD">&nbsp;</td>
+ <td class="DataTD"><?=_("Question")?></td>
+ <td class="DataTD"><?=_("Answer")?></td>
</tr>
<tr>
- <td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td>
- <td class="DataTD"><input type="text" name="A2" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td>
+ <td class="DataTD">1)</td>
+ <td class="DataTD"><input type="text" name="Q1" size="30" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>" tabindex="12"></td>
+ <td class="DataTD"><input type="text" name="A1" size="30" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" tabindex="13" autocomplete="off"></td>
</tr>
<tr>
- <td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td>
- <td class="DataTD"><input type="text" name="A3" value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td>
+ <td class="DataTD">2)</td>
+ <td class="DataTD"><input type="text" name="Q2" size="30" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>" tabindex="14"></td>
+ <td class="DataTD"><input type="text" name="A2" size="30" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" tabindex="15" autocomplete="off"></td>
</tr>
<tr>
- <td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td>
- <td class="DataTD"><input type="text" name="A4" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td>
+ <td class="DataTD">3)</td>
+ <td class="DataTD"><input type="text" name="Q3" size="30" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>" tabindex="16"></td>
+ <td class="DataTD"><input type="text" name="A3" size="30"value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" tabindex="17" autocomplete="off"></td>
</tr>
<tr>
- <td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td>
- <td class="DataTD"><input type="text" name="A5" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td>
+ <td class="DataTD">4)</td>
+ <td class="DataTD"><input type="text" name="Q4" size="30"" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>" tabindex="18"></td>
+ <td class="DataTD"><input type="text" name="A4" size="30" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" tabindex="19" autcomplete="off"></td>
+ </tr>
+
+ <tr>
+ <td class="DataTD">5)</td>
+ <td class="DataTD"><input type="text" name="Q5" size="30" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>" tabindex="20"></td>
+ <td class="DataTD"><input type="text" name="A5" size="30" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" tabindex="21" autocomplete="off"></td>
</tr>
<tr>
@@ -144,10 +154,10 @@
<tr>
<td class="DataTD" valign="top"><?=_("Alert me if")?>: </td>
<td class="DataTD" align="left">
- <input type="checkbox" name="general" value="1" <?=array_key_exists('general',$_SESSION['signup'])? ($_SESSION['signup']['general'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("General Announcements")?><br>
- <input type="checkbox" name="country" value="1" <?=array_key_exists('country',$_SESSION['signup'])? ($_SESSION['signup']['country'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Country Announcements")?><br>
- <input type="checkbox" name="regional" value="1" <?=array_key_exists('regional',$_SESSION['signup'])? ($_SESSION['signup']['regional'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Regional Announcements")?><br>
- <input type="checkbox" name="radius" value="1" <?=array_key_exists('radius',$_SESSION['signup'])? ($_SESSION['signup']['radius'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Within 200km Announcements")?></td>
+ <input type="checkbox" name="general" value="1" tabindex="22" <?=array_key_exists('general',$_SESSION['signup'])? ($_SESSION['signup']['general'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("General Announcements")?><br>
+ <input type="checkbox" name="country" value="1" tabindex="23" <?=array_key_exists('country',$_SESSION['signup'])? ($_SESSION['signup']['country'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Country Announcements")?><br>
+ <input type="checkbox" name="regional" value="1" tabindex="24" <?=array_key_exists('regional',$_SESSION['signup'])? ($_SESSION['signup']['regional'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Regional Announcements")?><br>
+ <input type="checkbox" name="radius" value="1" tabindex="25" <?=array_key_exists('radius',$_SESSION['signup'])? ($_SESSION['signup']['radius'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Within 200km Announcements")?></td>
<td class="DataTD">&nbsp;</td>
</tr>
@@ -155,11 +165,15 @@
<td class="DataTD" colspan="3"><?=_("When you click on next, we will send a confirmation email to the email address you have entered above.")?></td>
</tr>
<tr>
- <td class="DataTD" colspan="3"><input type="checkbox" name="cca_agree" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> ><?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.php">http://www.cacert.org/policy/CAcertCommunityAgreement.php</a></td>
+ <td class="DataTD" colspan="3">
+ <input type="checkbox" name="cca_agree" tabindex="26" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> >
+ <br/>
+ <?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.html" tabindex="28" >http://www.cacert.org/policy/CAcertCommunityAgreement.php</a>
+ </td>
</tr>
<tr>
- <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=_("Next")?>" tabindex="27"></td>
</tr>
</table>
diff --git a/pages/index/10.php b/pages/index/10.php
index 7280e09..7dd8200 100644
--- a/pages/index/10.php
+++ b/pages/index/10.php
@@ -17,5 +17,5 @@
*/
header('HTTP/1.0 301 Moved Permanently');
- header('Location: http://www.cacert.org/policy/CertificationPracticeStatement.php');
+ header('Location: http://www.cacert.org/policy/CertificationPracticeStatement.html');
exit();
diff --git a/pages/index/16.php b/pages/index/16.php
index c2cb391..ba3b4ed 100644
--- a/pages/index/16.php
+++ b/pages/index/16.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.php'>","</a>")?></p>
+<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.html'>","</a>")?></p>
<p>
Class 1 <?=_("PKI Key")?><br>
diff --git a/pages/index/3.php b/pages/index/3.php
index a107c29..7c52447 100644
--- a/pages/index/3.php
+++ b/pages/index/3.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.php'>","</a>")?></p>
+<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.html'>","</a>")?></p>
<h3><?=_("Windows Installer") ?></h3>
<ul class="no_indent">
@@ -29,6 +29,7 @@
<ul class="no_indent">
<li><a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a></li>
<li><a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a></li>
+ <li><a href="certs/root.cer"><?=_("Root Certificate (CER Format base64 encoded)")?></a></li>
<li><a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a></li>
<li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a></li>
<li><?=_("SHA1 Fingerprint:")?> 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33</li>
@@ -39,6 +40,7 @@
<ul class="no_indent">
<li><a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li>
<li><a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a></li>
+ <li><a href="certs/class3.der"><?=_("Intermediate Certificate (CER Format base64 encoded)")?></a></li>
<li><a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li>
<li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a></li>
<?php /*
diff --git a/pages/index/52.php b/pages/index/52.php
new file mode 100644
index 0000000..9132b8b
--- /dev/null
+++ b/pages/index/52.php
@@ -0,0 +1,32 @@
+<?/*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+?>
+
+<div style="text-align: center;">
+ <h1><?=_('CAcert Community Agreement Acceptance')?></h1>
+ <p><?=sprintf(_('To get access to your account you need to accept the %s CAcert Community Agreement %s (CCA).'),'<a href="/policy/CAcertCommunityAgreement.php">', '</a>')?></p>
+ <p><?=_('#### Explanation why #### Please replace me ####')?></p>
+ <p><?=sprintf(_('If you do not want to accept the CCA you should think about closing your account. In this case please send an email to support (%s).'),'<a href="mailto:support@cacert.org">support@cacert.org</a>')?></p>
+ <form method="post" action="index.php">
+ <input type="submit" name="agree" value="<?=_('I agree CCA')?>">
+ <input type="submit" name="disagree" value="<?=_('I do not want to accept the CCA')?>">
+
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ </form>
+</div>
diff --git a/pages/index/feed.rss b/pages/index/feed.rss
new file mode 100644
index 0000000..def221f
--- /dev/null
+++ b/pages/index/feed.rss
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?><!-- generator="WordPress/2.5.1" -->
+<rss version="0.92">
+ <channel>
+ <title>CAcert NEWS Blog</title>
+ <link>http://blog.cacert.org</link>
+ <description>CAcert NEWS and up coming events.</description>
+ <lastBuildDate>Fri, 20 Aug 2010 11:54:30 +0000</lastBuildDate>
+ <docs>http://backend.userland.com/rss092</docs>
+ <language>en</language>
+
+ <item>
+ <title>Looking for confirmation email on creating account?</title>
+ <description>Please go to https://ca-mgr1.it-sls.de/login login with your just created account and password. Under MAIL you'll find your individual confirmation email.
+ </description>
+ <link>https://ca-mgr1.it-sls.de/testsystemdoc.html</link>
+ </item>
+ <item>
+ <title>You are interested in helping Testing ?</title>
+ <description>Create your test account on the Testserver. Beware of the confirmation email (see above) Entry page for Testers: https://wiki.cacert.org/Software/CurrentTest. Please contact Ulrich becoming a Testteam member.</description>
+ <link>https://wiki.cacert.org/Software/CurrentTest</link>
+ </item>
+ <item>
+ <title>Dear Testers</title>
+ <description>We had one work with no activity on the testserver caused by inactivity by the Software-Assessment team, caused by router problems at the hosting site of the testserver. Probably latter has been fixed.
+
+ The reported bugs can be categorized into
+ 1. Testserver-Mgmt-System related
+ 2. Production Server recovery process to Testserver
+ 3. general software errors
+
+ Group 1+2 are essential for our current test phase, as they covers the problems in building the base testserver environment that is needed for testing.
+
+ So language and country selection support is an essential feature we've worked on the last week.
+
+ One problem couldn't be solved till today: secondary language selection all other country and language related bugs should be fixed in the meantime.
+
+ Also the Show my Points details now has the correct script (after some confusion in the Software-Assessment team and one developer), comparable to the script on the production website.
+
+ On the main entry page for testers https://wiki.cacert.org/Software/CurrentTest the updates on the bugs are marked with (i) so here comes the 2nd test round ...
+
+ Please report your found bugs and also success reports to the listed bug numbers
+
+ Thanks for your assistance .... ;)</description>
+ <link>https://cacert1.it-sls.de/</link>
+ </item>
+ </channel>
+</rss>
diff --git a/pages/wot/1.php b/pages/wot/1.php
index a45b5df..99c2b9f 100644
--- a/pages/wot/1.php
+++ b/pages/wot/1.php
@@ -91,7 +91,7 @@
{
$query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and
`ccid`='".$ccid."' and `regid`='".$regid."' and
- `locid`='".$locid."' and `users`.`id`=`notary`.`to`
+ `locid`='".$locid."' and `users`.`id`=`notary`.`to` and `notary`.`deleted`=0
group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
$list = mysql_query($query);
if(mysql_num_rows($list) > 0)
@@ -115,7 +115,7 @@
<td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td>
</tr>
-<? }
+<? }
}
?>
</table>
diff --git a/pages/wot/10.php b/pages/wot/10.php
index bc76a86..24b8a70 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -24,7 +24,7 @@
<td colspan="5" class="title"><?=_("Assurer Ranking")?></td>
</tr>
<tr>
-<?
+<?// the rank calculation is not adjusted to the new deletion method
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
@@ -36,8 +36,8 @@
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
*/
- $query = "SELECT count(*) AS `list` FROM `users`
- inner join `notary` on `users`.`id` = `notary`.`from`
+ $query = "SELECT count(*) AS `list` FROM `users`
+ inner join `notary` on `users`.`id` = `notary`.`from`
GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
$rank = mysql_num_rows(mysql_query($query)) + 1;
@@ -64,11 +64,11 @@
<td class="DataTD"><b><?=_("Method")?></b></td>
</tr>
<?
- $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
+ $query = "select `id`, `date`, `points`, `location`, `method` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'"));
+ $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'"));
?>
<tr>
<td class="DataTD"><?=$row['id']?></td>
@@ -114,11 +114,11 @@ if ($thawte)
</tr>
<?
$points = 0;
- $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'";
+ $query = "select `id`, `date`, `points`, `to`, `location`, `method` from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."' and `deleted`=0" ;
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'"));
+ $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'"));
$points += $row['points'];
$name = trim($fromuser['fname']." ".$fromuser['lname']);
if($name == "")
diff --git a/pages/wot/12.php b/pages/wot/12.php
index a0bbf50..e6b20ca 100644
--- a/pages/wot/12.php
+++ b/pages/wot/12.php
@@ -65,9 +65,9 @@ document.f.location.focus();
{
$bits = explode(",", $_REQUEST['location']);
- $loc = trim(mysql_escape_string($bits['0']));
- $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1']));
- $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2']));
+ $loc = trim(mysql_real_escape_string($bits['0']));
+ $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_real_escape_string($bits['1']));
+ $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_real_escape_string($bits['2']));
$query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
diff --git a/pages/wot/13.php b/pages/wot/13.php
index eac7e18..1143769 100644
--- a/pages/wot/13.php
+++ b/pages/wot/13.php
@@ -21,9 +21,9 @@ if(array_key_exists('location',$_REQUEST) && $_REQUEST['location'] != "") {
{
$bits = explode(",", $_REQUEST['location']);
- $loc = trim(mysql_escape_string($bits['0']));
- $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1']));
- $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2']));
+ $loc = trim(mysql_real_escape_string($bits['0']));
+ $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_real_escape_string($bits['1']));
+ $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_real_escape_string($bits['2']));
$query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
`locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
`locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
diff --git a/pages/wot/15.php b/pages/wot/15.php
index cca2702..c1f3e0f 100644
--- a/pages/wot/15.php
+++ b/pages/wot/15.php
@@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
+*/
require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
diff --git a/pages/wot/16.php b/pages/wot/16.php
new file mode 100644
index 0000000..069b7a2
--- /dev/null
+++ b/pages/wot/16.php
@@ -0,0 +1,143 @@
+<?php
+/*LibreSSL - CAcert web application
+Copyright (C) 2004-2008 CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+//******************* TTP Console ************
+
+if ($_SESSION['profile']['ttpadmin'] < 1) {
+ echo _("You are not allowed to view this page.");
+ exit;
+}
+
+//Check for test or productive environment, in case of test the user data for the print out is extended by 'test system'
+$testserver='';
+if ($_SESSION['_config']['normalhostname']=='cacert1.it-sls.de') {
+ $testserver=' test system';
+}
+
+$row = $_SESSION['_config']['notarise'];
+$fname = $row['fname'];
+$mname = $row['mname'];
+$lname = $row['lname'];
+$suffix = $row['suffix'];
+$fullname = $fname." ".$mname." ".$lname." ".$suffix;
+$email = $row['email'];
+$dob = date_format(new DateTime($row['dob']), 'Y-m-d');
+$userid = $row['id'];
+
+//List TTP Assurances and TotalPoints
+//changed get_received_assurances ($userid, $support)
+
+//include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php");
+include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+
+output_received_assurances(intval($userid),2); //support==2 => TTP
+
+
+$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($userid)."'";
+$dres = mysql_query($query);
+$drow = mysql_fetch_assoc($dres);
+
+$points=$drow['points'];
+if ($points<1) {
+ $points=0;
+}
+
+$res = get_received_assurances(intval($userid), 2);
+$ttp_assurances_count=$num_rows = mysql_num_rows($res);
+
+//Form
+?>
+<table align="center" class="wrapper">
+ <tr>
+ <td class="title"><?=sprintf(_('Total assurance points for %s'),$fullname)?></td>
+ </tr>
+ <tr>
+ <td><?=sprintf(_('%s points'), $points)?></td>
+ </tr>
+</table>
+<br/>
+<form action="https://pdf.cacert.eu/cacertpdf.php" method="get" accept-charset="UTF-8">
+ <table align="center" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?= _('TTP CAP form creation')?></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="title"><?= _('User information')?></td>
+ </tr>
+ <tr>
+ <td><?=_('Fullname')?><input type="hidden" name="fullname" value="<?=$fullname.$testserver?>"/></td>
+ <td><?=$fullname?></td>
+ </tr>
+ <tr>
+ <td><?=_('Date of Birth')?><input type="hidden" name="dob" value="<?=$dob.$testserver?>"/></td>
+ <td><?=$dob?></td>
+ </tr>
+ <tr>
+ <td><?=_('Email')?><input type="hidden" name="email" value="<?=$email.$testserver?>"/></td>
+ <td><?=$email?></td>
+ </tr>
+ <tr></tr>
+ <tr>
+ <td><?=_('Country where the TTP will be visited')?></td>
+ <td>
+ <?
+ $ttpcountries=get_array_from_ini('../config/ttp.ini');
+ echo create_selectbox_HTML('type',$ttpcountries, '',TRUE);
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" class="title"><?=_('TTP Admin postal address, including name, street, country etc.')?></td>
+ </tr>
+ <tr>
+ <td><?=_('Line').' 1'?></td>
+ <td><input type="text" name="adress" /></td>
+ </tr>
+ <tr>
+ <td><?=_('Line').' 2'?></td>
+ <td><input type="text" name="adress1" /></td>
+ </tr>
+ <tr>
+ <td><?=_('Line').' 3'?></td>
+ <td><input type="text" name="adress2" /></td>
+ </tr>
+ <tr>
+ <td><?=_('Line').' 4'?></td>
+ <td><input type="text" name="adress3" /></td>
+ </tr>
+ <tr>
+ <td><?=_('Line').' 5'?></td>
+ <td><input type="text" name="adress4" /></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="title">
+ <?
+ if ($points>=100 || $ttp_assurances_count>=2) {
+ echo _('No TTP assurance allowed');
+ }else{
+ ?><input type="submit" value="<?=_('Create TTP CAP pdf file')?>"/><?
+ }?>
+ </td>
+ </tr>
+ </table>
+ <input type="hidden" name="lang" value="en"/>
+</form>
+
+<div class="blockcenter">
+ <a href="wot.php?id=6&amp;userid=<?=$userid ?>"><?=_("Back")?></a>
+</div>
diff --git a/pages/wot/4.php b/pages/wot/4.php
index 628e6a5..954bc76 100644
--- a/pages/wot/4.php
+++ b/pages/wot/4.php
@@ -43,12 +43,13 @@ if ($_SESSION['profile']['points']<100){
<form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td class="DataTD"><?=_("Country where you want to visit the TTP")?></td>
- <td class="DataTD"><select size="1" name="country">
- <option>Australia</option>
- <option>Puerto Rico</option>
- <option>USA</option>
- </select></td>
+ <td class="DataTD"><?=_('Country where you want to visit the TTP')?></td>
+ <td class="DataTD">
+ <?
+ $ttpcountries=get_array_from_ini('../config/ttp.ini');
+ echo create_selectbox_HTML('country',$ttpcountries, _('Choose country'));
+ ?>
+ </td>
</tr>
<tr>
<td class="DataTD"><?=_("I want to take part in the TTP Topup programme")?></td>
@@ -72,7 +73,7 @@ if ($_SESSION['profile']['points']<100){
</form>
*/
?>
- <p><?=_("We are working to develop the TTP TOPUP process to be able to fill the gap of the missing 30 assurance points to 100 assurance points. Meanwhile you have to close this gap with face to face assurances from CAcert Assurers. Think not only travelling to populated countries, but as well to assurers visiting your country or area.")?></p>
+ <p><?=_("We are working to develop the TTP TOPUP process to be able to fill the gap of the missing 30 assurance points to 100 assurance points. Meanwhile you have to close this gap with face to face assurances from CAcert Assurers. Think not only travelling to populated countries, but as well to assurers visiting your country or area.")?></p>
<?
}
} else {
diff --git a/pages/wot/5.php b/pages/wot/5.php
index c1a6438..a9c3dcb 100644
--- a/pages/wot/5.php
+++ b/pages/wot/5.php
@@ -18,14 +18,24 @@
include_once("../includes/shutdown.php");
require_once("../includes/lib/l10n.php");
?>
-<?
- if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
+<?
+ if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
{
?><font color="orange" size="+1">
<? echo _("ERROR").": ".$_SESSION['_config']['error'] ?>
</font>
<?unset($_SESSION['_config']['error']);
- }
+ }
+
+ if (!isset($_SESSION['assuresomeone']['year'])) {
+ $_SESSION['assuresomeone']['year'] = '';
+ }
+ if (!isset($_SESSION['assuresomeone']['month'])) {
+ $_SESSION['assuresomeone']['month'] = '';
+ }
+ if (!isset($_SESSION['assuresomeone']['day'])) {
+ $_SESSION['assuresomeone']['day'] = '';
+ }
?>
<? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>
<form method="post" action="wot.php">
@@ -60,6 +70,37 @@
<td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td>
<? } ?>
</tr>
+ <tr>
+ <td class="DataTD">
+ <?=_("Date of Birth")?><br/>
+ (<?=_("yyyy/mm/dd")?>)</td>
+ <td class="DataTD">
+ <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) ? sanitizeHTML($_SESSION['assuresomeone']['year']):""?>" size="4" autocomplete="off"></nobr>
+ <select name="month">
+<?
+for($i = 1; $i <= 12; $i++)
+{
+ echo "<option value='$i'";
+ if(array_key_exists('month',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['month'] == $i)
+ echo " selected=\"selected\"";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
+}
+?>
+ </select>
+ <select name="day">
+<?
+for($i = 1; $i <= 31; $i++)
+{
+ echo "<option";
+ if(array_key_exists('day',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['day'] == $i)
+ echo " selected=\"selected\"";
+ echo ">$i</option>";
+}
+?>
+ </select>
+ </td>
+ </tr>
+
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
diff --git a/pages/wot/6.php b/pages/wot/6.php
index a565aa7..d48fc21 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -17,20 +17,23 @@
*/ ?>
<?
- if(!array_key_exists('notarise',$_SESSION['_config']))
+if(!array_key_exists('notarise',$_SESSION['_config']))
{
- echo "Error: No user data found.";
- exit;
+ echo "Error: No user data found.";
+ exit;
}
$row = $_SESSION['_config']['notarise'];
+ $_SESSION['assuresomeone']['year'] = '';
+ $_SESSION['assuresomeone']['month'] = '';
+ $_SESSION['assuresomeone']['day'] = '';
- if($_SESSION['profile']['ttpadmin'] == 1)
-// $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP");
-// else
- $methods = array("Face to Face Meeting", "Trusted 3rd Parties");
+ if($_SESSION['profile']['ttpadmin'] == 2)
+ $methods = array('Face to Face Meeting', 'TTP-Assisted', 'TTP-TOPUP');
+ elseif($_SESSION['profile']['ttpadmin'] == 1)
+ $methods = array('Face to Face Meeting', 'TTP-Assisted');
else
- $methods = array("Face to Face Meeting");
+ $methods = array('Face to Face Meeting');
$mnames = array(
'01' => _('January'),
@@ -79,7 +82,12 @@
AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
- AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
+ AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.html\" target=\"_blank\">"._("CAcert Community Agreement")."</a> - <a href=\"/policy/AssurancePolicy.html\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")");
AssureFoot($id,_("I confirm this Assurance"));
+
+ if($_SESSION['profile']['ttpadmin'] >= 1) {
+ ?><div class='blockcenter'><a href="wot.php?id=16"><?=_('Show TTP details')?></a></div><?
+ }
+
?>
diff --git a/pages/wot/9.php b/pages/wot/9.php
index bfa7a98..b492ff6 100644
--- a/pages/wot/9.php
+++ b/pages/wot/9.php
@@ -15,9 +15,9 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-
+
require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
-
+
$res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
if(mysql_num_rows($res) <= 0)
@@ -28,7 +28,7 @@
$user = mysql_fetch_array($res);
$userlang = $user['language'];
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
- where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
+ where `to`='".$user['id']."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0"));
if($points <= 0)
{
echo _("Sorry, I was unable to locate that user.");