summaryrefslogtreecommitdiff
path: root/www/wot.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/wot.php')
-rw-r--r--www/wot.php127
1 files changed, 87 insertions, 40 deletions
diff --git a/www/wot.php b/www/wot.php
index 7200517..e0b9d91 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -21,7 +21,6 @@ require_once("../includes/lib/l10n.php");
require_once("../includes/notary.inc.php");
-
function show_page($target,$message,$error)
{
showheader(_("My CAcert.org Account!"));
@@ -80,6 +79,9 @@ function show_page($target,$message,$error)
case '15':
case 'MyPointsNew': includeit(15, "wot");
break;
+ case '16':
+ case 'TTPForm': includeit(16, "wot");
+ break;
}
showfooter();
@@ -182,7 +184,7 @@ function send_reminder()
if($oldid == 5)
{
- $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
+ $query = "select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) != 1)
{
@@ -198,8 +200,19 @@ function send_reminder()
show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
exit;
}
+ if ($_SESSION['profile']['ttpadmin'] != 1) {
+ $_SESSION['assuresomeone']['year'] = mysql_real_escape_string(stripslashes($_POST['year']));
+ $_SESSION['assuresomeone']['month'] = mysql_real_escape_string(stripslashes($_POST['month']));
+ $_SESSION['assuresomeone']['day'] = mysql_real_escape_string(stripslashes($_POST['day']));
+ $dob = $_SESSION['assuresomeone']['year'] . '-' . sprintf('%02d',$_SESSION['assuresomeone']['month']) . '-' . sprintf('%02d', $_SESSION['assuresomeone']['day']);
+
+ if ( $_SESSION['_config']['notarise']['dob'] != $dob) {
+ show_page("EnterEmail","",_("The data entered is not matching with an account."));
+ exit;
+ }
+ }
}
- $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
+ $query = "select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
$res = mysql_query($query);
if(mysql_num_rows($res) >= 1)
{
@@ -225,7 +238,7 @@ function send_reminder()
}
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
- `to`='".$_SESSION['_config']['notarise']['id']."'";
+ `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -236,7 +249,7 @@ function send_reminder()
if($oldid == 6)
{
-$iecho= "c";
+ $iecho= "c";
//date checks
if(trim($_REQUEST['date']) == '')
{
@@ -332,27 +345,28 @@ $iecho= "c";
if($newpoints < 0)
$newpoints = $awarded = 0;
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0 group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
+ $oldpoints = intval($drow['total']);
$_POST['expire'] = 0;
- if(($drow['total'] + $newpoints) > 100 && $max < 100)
- $newpoints = 100 - $drow['total'];
- if(($drow['total'] + $newpoints) > $max && $max >= 100)
- $newpoints = $max - $drow['total'];
+ if(($oldpoints + $newpoints) > 100 && $max < 100)
+ $newpoints = 100 - $oldpoints;
+ if(($oldpoints + $newpoints) > $max && $max >= 100)
+ $newpoints = $max - $oldpoints;
if($newpoints < 0)
$newpoints = 0;
- if(mysql_escape_string(stripslashes($_POST['date'])) == "")
+ if(mysql_real_escape_string(stripslashes($_POST['date'])) == "")
$_POST['date'] = date("Y-m-d H:i:s");
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
`to`='".$_SESSION['_config']['notarise']['id']."' AND
`awarded`='$awarded' AND
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."' AND
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."' and `deleted` = 0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -366,17 +380,20 @@ $iecho= "c";
$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
`to`='".$_SESSION['_config']['notarise']['id']."',
`points`='$newpoints', `awarded`='$awarded',
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
`when`=NOW()";
//record active acceptance by Assurer
if (check_date_format(trim($_REQUEST['date']),2010)) {
write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);
write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']);
}
- if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
+ if($_SESSION['profile']['ttpadmin'] >= 1 && $_POST['method'] == 'TTP-Assisted') {
$query .= ",\n`method`='TTP-Assisted'";
}
+ if($_SESSION['profile']['ttpadmin'] == 2 && $_POST['method'] == 'TTP-TOPUP') {
+ $query .= ",\n`method`='TTP-TOPUP'";
+ }
mysql_query($query);
fix_assurer_flag($_SESSION['_config']['notarise']['id']);
include_once("../includes/notary.inc.php");
@@ -391,8 +408,8 @@ $iecho= "c";
$query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
`to`='".$_SESSION['profile']['id']."',
`points`='$addpoints', `awarded`='$addpoints',
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
`method`='Administrative Increase',
`when`=NOW()";
mysql_query($query);
@@ -404,18 +421,19 @@ $iecho= "c";
$my_translation = L10n::get_translation();
L10n::set_translation($_SESSION['_config']['notarise']['language']);
- $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
- if($_POST['points'] != $newpoints)
- $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
+ $assurer = $_SESSION['profile']['fname'].' '.$_SESSION['profile']['lname'];
+ $body = sprintf(_("You are receiving this email because you have been assured by %s (%s)."), $assurer, $_SESSION['profile']['email'])."\n\n";
+ if(($oldpoints + $newpoints) >= 100)
+ $body .= sprintf(_("You were issued %s points. However the system only counts up to 100 assurance points."), $awarded)."\n\n";
else
- $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
+ $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $awarded, ($newpoints + $oldpoints))."\n\n";
- if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
+ if(($oldpoints + $newpoints) < 100 && ($oldpoints + $newpoints) >= 50)
{
$body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
}
- if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
+ if(($oldpoints + $newpoints) >= 100 && $newpoints > 0)
{
$body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the Assurer Challenge")." ( https://cats.cacert.org )\n\n";
$body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n";
@@ -431,11 +449,9 @@ $iecho= "c";
L10n::set_translation($my_translation);
- $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
- if($_POST['points'] != $newpoints)
- $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
- else
- $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
+ $assuree = $_SESSION['_config']['notarise']['fname'].' '.$_SESSION['_config']['notarise']['lname'];
+ $body = sprintf(_("You are receiving this email because you have assured %s (%s)."), $assuree, $_SESSION['_config']['notarise']['email'])."\n\n";
+ $body .= sprintf(_("You issued %s points."), $awarded)."\n\n";
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
@@ -446,16 +462,47 @@ $iecho= "c";
echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
?><form method="post" action="wot.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Assure Someone")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <?=_("Date of Birth")?><br/>
+ (<?=_("yyyy/mm/dd")?>)</td>
+ <td class="DataTD">
+ <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) ? sanitizeHTML($_SESSION['assuresomeone']['year']):""?>" size="4" autocomplete="off"></nobr>
+ <select name="month">
+ <?
+for($i = 1; $i <= 12; $i++)
+{
+ echo "<option value='$i'";
+ if(array_key_exists('month',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['month'] == $i)
+ echo " selected=\"selected\"";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
+}
+ ?>
+ </select>
+ <select name="day">
+ <?
+for($i = 1; $i <= 31; $i++)
+{
+ echo "<option";
+ if(array_key_exists('day',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['day'] == $i)
+ echo " selected=\"selected\"";
+ echo ">$i</option>";
+}
+ ?>
+ </select>
+ </td>
+ </tr>
+
<tr>
- <td colspan="2" class="title"><?=_("Assure Someone")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
- </tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
</table>
<input type="hidden" name="oldid" value="5">
</form>
@@ -478,7 +525,7 @@ $iecho= "c";
{
csrf_check("chgcontact");
- $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
+ $info = mysql_real_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
$listme = intval($_POST['listme']);
if($listme < 0 || $listme > 1)
$listme = 0;
@@ -509,7 +556,7 @@ $iecho= "c";
$userid = intval($_REQUEST['userid']);
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
- where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
+ where `to`='".$user['id']."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
if($points > 0)
{
$my_translation = L10n::get_translation();