summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
Diffstat (limited to 'www')
-rw-r--r--www/account.php43
-rw-r--r--www/api/ccsr.php24
-rw-r--r--www/api/cemails.php9
-rw-r--r--www/cap.php2
-rw-r--r--www/certs/CAcert_Root_Certificates.msibin0 -> 1593344 bytes
-rw-r--r--www/disputes.php82
-rw-r--r--www/gpg.php279
-rw-r--r--www/images/btn_paynowCC_LG.gifbin2432 -> 2410 bytes
-rw-r--r--www/images/btn_subscribeCC_LG.gifbin0 -> 2172 bytes
-rw-r--r--www/index.php219
-rw-r--r--www/keygenIE.js611
-rw-r--r--www/policy/CAcertCommunityAgreement.php1087
-rw-r--r--www/policy/DisputeResolutionPolicy.php407
-rw-r--r--www/policy/OrganisationAssurancePolicy.php141
-rw-r--r--www/policy/PrivacyPolicy.html4
-rw-r--r--www/sqldump.php22
-rw-r--r--www/stats.php427
-rw-r--r--www/styles/default.css478
-rw-r--r--www/wot.php284
19 files changed, 2513 insertions, 1606 deletions
diff --git a/www/account.php b/www/account.php
index 0b32c2c..c7f34a3 100644
--- a/www/account.php
+++ b/www/account.php
@@ -25,34 +25,35 @@
} else if($id == 19) {
include_once("../pages/account/19.php");
exit;
- } else if($oldid == 40 && $_REQUEST['process'] != "" && $_POST['support'] != "yes") {
- $who = stripslashes($_REQUEST['who']);
- $email = stripslashes($_REQUEST['email']);
- $subject = stripslashes($_REQUEST['subject']);
- $message = stripslashes($_REQUEST['message']);
-
- $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
-
- sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, $email, "", "CAcert Website");
- showheader(_("Welcome to CAcert.org"));
- echo _("Your message has been sent.");
- showfooter();
- exit;
- } else if($oldid == 40 && $_REQUEST['process'] != "" && $_POST['support'] == "yes") {
+ } else if($oldid == 40 && $_REQUEST['process'] != "") {
$who = stripslashes($_REQUEST['who']);
$email = stripslashes($_REQUEST['email']);
$subject = stripslashes($_REQUEST['subject']);
$message = stripslashes($_REQUEST['message']);
+ //check for spam via honeypot
+ if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
+ echo _("Form could not be sent.");
+ showfooter();
+ exit;
+ }
- $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
+ $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
+ if (isset($process[0])){
+ sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
+ showheader(_("Welcome to CAcert.org"));
+ echo _("Your message has been sent to the general support list.");
+ showfooter();
+ exit;
+ }
+ if (isset($process[1])){
+ sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");
+ showheader(_("Welcome to CAcert.org"));
+ echo _("Your message has been sent.");
+ showfooter();
+ exit;
+ }
- sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert Website");
-
- showheader(_("Welcome to CAcert.org"));
- echo _("Your message has been sent to the general support list.");
- showfooter();
- exit;
} else if($id == 51 && $_GET['img'] == "show") {
$query = "select * from `tverify` where `id`='".intval($_GET['photoid'])."' and `modified`=0";
$res = mysql_query($query);
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index 7efdf8d..3bfe55a 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -31,7 +31,7 @@ require_once '../../includes/lib/check_weak_key.php';
foreach($_REQUEST['email'] as $email)
{
$email = mysql_real_escape_string(trim($email));
- $query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0 and `email`='$email'";
+ $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0 and `email`='$email'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -42,7 +42,7 @@ require_once '../../includes/lib/check_weak_key.php';
}
if(count($emails) <= 0)
die("404,Wasn't able to match any emails sent against your account");
- $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
@@ -62,18 +62,20 @@ require_once '../../includes/lib/check_weak_key.php';
$codesign = 1;
$CSR = trim($_REQUEST['optionalCSR']);
-
+
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
{
die("403, $weakKey");
}
-
+
$incsr = tempnam("/tmp", "ccsrIn");
$checkedcsr = tempnam("/tmp", "ccsrOut");
$fp = fopen($incsr, "w");
fputs($fp, $CSR);
fclose($fp);
- $do = `/usr/bin/openssl req -in $incsr -out $checkedcsr`;
+ $incsr_esc = escapeshellarg($incsr);
+ $checkedcsr_esc = escapeshellarg($checkedcsr);
+ $do = shell_exec("/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc");
@unlink($incsr);
if(filesize($checkedcsr) <= 0)
die("404,Invalid or missing CSR");
@@ -82,9 +84,9 @@ require_once '../../includes/lib/check_weak_key.php';
foreach($emails as $id => $email)
$csrsubject .= "/emailAddress=".$email;
- $query = "insert into `emailcerts` set `CN`='".$user['email']."', `keytype`='MS',
- `memid`='".$user['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
- `subject`='$csrsubject', `codesign`='$codesign'";
+ $query = "insert into `emailcerts` set `CN`='".mysql_real_escape_string($user['email'])."', `keytype`='MS',
+ `memid`='".intval($user['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
+ `subject`='".mysql_real_escape_string($csrsubject)."', `codesign`='".intval($codesign)."'";
mysql_query($query);
$certid = mysql_insert_id();
$CSRname = generatecertpath("csr","client",$certid);
@@ -93,14 +95,14 @@ require_once '../../includes/lib/check_weak_key.php';
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");
foreach($emails as $emailid => $email)
- mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='$emailid'");
+ mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'");
- $do = `../../scripts/runclient`;
+ $do = shell_exec("../../scripts/runclient");
sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED
$query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
- die("404,Your certificate request has failed. ID: $certid");
+ die("404,Your certificate request has failed. ID: ".intval($certid));
$cert = mysql_fetch_assoc($res);
echo "200,Authentication Ok\n";
readfile("../".$cert['crt_name']);
diff --git a/www/api/cemails.php b/www/api/cemails.php
index 0d067ea..f937069 100644
--- a/www/api/cemails.php
+++ b/www/api/cemails.php
@@ -25,7 +25,7 @@
echo "200,Authentication Ok\n";
$user = mysql_fetch_assoc($res);
$memid = $user['id'];
- $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
echo "CS=".intval($user['codesign'])."\n";
@@ -40,8 +40,9 @@
if($user['mname'] != "" && $user['suffix'] != "")
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
}
- $query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0";
+ $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0";
$res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- echo "EMAIL=".$row['email']."\n";
+ while($row = mysql_fetch_assoc($res)) {
+ echo "EMAIL=".sanitizeHTML($row['email'])."\n";
+ }
?>
diff --git a/www/cap.php b/www/cap.php
index 73380e1..dc283fb 100644
--- a/www/cap.php
+++ b/www/cap.php
@@ -48,7 +48,7 @@
$this->SetFont('Arial','I',8);
if($_SESSION['_config']['language'] == "ja")
$this->SetFont('SJIS','I',8);
- $this->Cell(0,0,'CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia - http://www.CAcert.org',0,0,'C');
+ $this->Cell(0,0,'CAcert Inc. - PO Box 66 - Oatley NSW 2223 - Australia - http://www.CAcert.org',0,0,'C');
$this->Ln(3);
$this->SetFont('Arial','',6);
if($_SESSION['_config']['language'] == "ja")
diff --git a/www/certs/CAcert_Root_Certificates.msi b/www/certs/CAcert_Root_Certificates.msi
new file mode 100644
index 0000000..f60567e
--- /dev/null
+++ b/www/certs/CAcert_Root_Certificates.msi
Binary files differ
diff --git a/www/disputes.php b/www/disputes.php
index 4d8d804..96c7c75 100644
--- a/www/disputes.php
+++ b/www/disputes.php
@@ -17,6 +17,7 @@
*/ ?>
<?
require_once("../includes/loggedin.php");
+ require_once("../includes/notary.inc.php");
require_once("../includes/lib/l10n.php");
loadem("account");
@@ -59,24 +60,13 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
- $query = "select `emailcerts`.`id`
- from `emaillink`,`emailcerts` where
- `emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
- `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
- group by `emailcerts`.`id`";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($drow['id'])."'");
-
- $do = `../scripts/runclient`;
- $query = "update `email` set `deleted`=NOW() where `id`='".intval($emailid)."'";
- mysql_query($query);
+ account_email_delete($row['id']);
}
mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
- $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
- $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
- $res = mysql_query("select * from `users` where `id`='$oldmemid'");
- $user = mysql_fetch_assoc($res);
+ $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
+ $rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
+ $res = mysql_query("select * from `users` where `id`='$oldmemid'");
+ $user = mysql_fetch_assoc($res);
if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
{
mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'");
@@ -161,17 +151,13 @@
showheader(_("Domain Dispute"));
echo "<p>"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."</p>";
echo "<p>"._("The following accounts have been removed:")."<br>\n";
+ //new account_domain_delete($domainid, $memberID)
$query = "select * from `domains` where `id`='$domainid' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
- echo $_SESSION['_config']['domain']."<br>\n";
- mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'");
- $query = "select * from `domlink` where `domid`='$domainid'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
- $do = `../scripts/runserver`;
+ echo $_SESSION['_config']['domain']."<br>\n";
+ account_domain_delete($domainid);
}
mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
showfooter();
@@ -237,6 +223,23 @@
exit;
}
+ //check if email belongs to locked account
+ $res = mysql_query("select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+ if(mysql_num_rows($res) > 0)
+ {
+ showheader(_("Email Dispute"));
+ printf(_("Sorry, the email address '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($email),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
+ $duser=$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'];
+ $body = sprintf("Someone has just attempted to dispute this email '%s', which belongs to a locked account:\n".
+ "Username(ID): %s (%s)\n".
+ "email: %s\n".
+ "IP/Hostname: %s\n", $email, $duser, $_SESSION['profile']['id'], $_SESSION['profile']['email'], $_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:""));
+ sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $duser);
+
+ showfooter();
+ exit;
+ }
+
$res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''");
if(mysql_num_rows($res) > 0)
{
@@ -265,7 +268,7 @@
echo _("You aren't allowed to dispute your own email addresses. Can't continue.");
showfooter();
exit;
- }
+ }
$res = mysql_query("select * from `users` where `id`='$oldmemid'");
$user = mysql_fetch_assoc($res);
@@ -313,6 +316,23 @@
exit;
}
+ //check if domain belongs to locked account
+ $res = mysql_query("select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+ if(mysql_num_rows($res) > 0)
+ {
+ showheader(_("Domain Dispute"));
+ printf(_("Sorry, the domain '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($domain),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
+ $duser=$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'];
+ $body = sprintf("Someone has just attempted to dispute this domain '%s', which belongs to a locked account:\n".
+ "Username(ID): %s (%s)\n".
+ "email: %s\n".
+ "IP/Hostname: %s\n", $domain, $duser, $_SESSION['profile']['id'], $_SESSION['profile']['email'], $_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:""));
+ sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $duser);
+
+ showfooter();
+ exit;
+ }
+
$query = "select * from `disputedomain` where `domain`='$domain' and hash!=''";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
@@ -324,12 +344,20 @@
}
unset($oldid);
$query = "select * from `domains` where `domain`='$domain' and `deleted`=0";
- $email = ""; if(array_key_exists('email',$_REQUEST)) $email=trim(mysql_real_escape_string($_REQUEST['email']));
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
+ $query = "select 1 from `orgdomains` where `domain`='$domain'";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ showheader(_("Domain Dispute"));
+ printf(_("The domain '%s' is included in an organisation account. Please send a mail to %s to dispute this domain."), sanitizeHTML($domain),'<a href="mailto:support@cacert.org">support@cacert.org</a>');
+ showfooter();
+ exit;
+ }
showheader(_("Domain Dispute"));
- printf(_("The domain '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($email));
+ printf(_("The domain '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($domain));
showfooter();
exit;
}
@@ -341,7 +369,7 @@
echo _("You aren't allowed to dispute your own domains. Can't continue.");
showfooter();
exit;
- }
+ }
$domainid = $row['id'];
$_SESSION['_config']['domainid'] = $domainid;
diff --git a/www/gpg.php b/www/gpg.php
index 345b559..cb72475 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -17,6 +17,8 @@
*/ ?>
<?
require_once("../includes/loggedin.php");
+ require_once("../includes/lib/general.php");
+ require_once('../includes/notary.inc.php');
$id = 0; if(array_key_exists('id',$_REQUEST)) $id=intval($_REQUEST['id']);
$oldid = $_REQUEST['oldid'] = array_key_exists('oldid',$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
@@ -52,7 +54,7 @@ if(0)
{
showheader(_("Welcome to CAcert.org"));
echo "The OpenPGP signing system is currently shutdown due to a maintenance. We hope to get it fixed within the next few hours. We are very sorry for the inconvenience.";
-
+
exit(0);
}
}
@@ -61,12 +63,18 @@ if(0)
function verifyName($name)
{
if($name == "") return 0;
- if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']) return 1;
- if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']) return 1;
- if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']) return 1;
- if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']) return 1;
- return 0;
+ if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'])) return 1; // John Doe
+ if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname'])) return 1; // John Joseph Doe
+ if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname'][0]." ".$_SESSION['profile']['lname'])) return 1; // John J Doe
+ if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname'][0].". ".$_SESSION['profile']['lname'])) return 1; // John J. Doe
+
+ if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])) return 1; // John Doe Jr.
+ if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])) return 1; //John Joseph Doe Jr.
+ if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname'][0]." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])) return 1; //John J Doe Jr.
+ if(!strcasecmp($name, $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname'][0].". ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])) return 1; //John J. Doe Jr.
+
+ return 0;
}
function verifyEmail($email)
@@ -82,17 +90,44 @@ function verifyEmail($email)
$state=0;
if($oldid == "0" && $CSR != "")
{
- $debugkey = $gpgkey = clean_gpgcsr($CSR);
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
- $tnam = tempnam('/tmp/', '__gpg');
- $fp = fopen($tnam, 'w');
- fwrite($fp, $gpgkey);
- fclose($fp);
- $debugpg = $gpg = trim(`gpg --with-colons --homedir /tmp 2>&1 < $tnam`);
- unlink($tnam);
+ $err = runCommand('mktemp --directory /tmp/cacert_gpg.XXXXXXXXXX',
+ "",
+ $tmpdir);
+ if (!$tmpdir)
+ {
+ $err = true;
+ }
+
+ if (!$err)
+ {
+ $err = runCommand("gpg --with-colons --homedir $tmpdir 2>&1",
+ clean_gpgcsr($CSR),
+ $gpg);
+
+ shell_exec("rm -r $tmpdir");
+ }
+
+ if ($err)
+ {
+ showheader(_("Welcome to CAcert.org"));
+
+ echo "<p style='color:#ff0000'>"._("There was an error parsing your key.")."</p>";
+ unset($_REQUEST['process']);
+ $id = $oldid;
+ unset($oldid);
+ exit();
+ }
$lines = "";
- $gpgarr = explode("\n", $gpg);
+ $gpgarr = explode("\n", trim($gpg));
foreach($gpgarr as $line)
{
#echo "Line[]: $line <br/>\n";
@@ -143,7 +178,7 @@ function verifyEmail($email)
$uidformatwrong=0;
if(sizeof($bits)<10) $uidformatwrong=1;
-
+
if(preg_match("/\@.*\@/",$bits[9]))
{
showheader(_("Welcome to CAcert.org"));
@@ -158,18 +193,18 @@ function verifyEmail($email)
// Name (Comment) <Email>
if(preg_match("/^([^\(\)\[@<>]+) \(([^\(\)@<>]*)\) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
{
- $name=trim(hex2bin($matches[1]));
+ $name=trim(gpg_hex2bin($matches[1]));
$nocomment=0;
- $comm=trim(hex2bin($matches[2]));
- $mail=trim(hex2bin($matches[3]));
+ $comm=trim(gpg_hex2bin($matches[2]));
+ $mail=trim(gpg_hex2bin($matches[3]));
}
// Name <EMail>
elseif(preg_match("/^([^\(\)\[@<>]+) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches))
{
- $name=trim(hex2bin($matches[1]));
+ $name=trim(gpg_hex2bin($matches[1]));
$nocomment=1;
$comm="";
- $mail=trim(hex2bin($matches[2]));
+ $mail=trim(gpg_hex2bin($matches[2]));
}
// Unrecognized format
else
@@ -251,7 +286,6 @@ function verifyEmail($email)
}
$resulttable.="</table>";
-
if($nok==0)
{
showheader(_("Welcome to CAcert.org"));
@@ -261,7 +295,6 @@ function verifyEmail($email)
unset($_REQUEST['process']);
$id = $oldid;
unset($oldid);
- $do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
exit();
}
elseif($nerr)
@@ -275,17 +308,27 @@ function verifyEmail($email)
if($oldid == "0" && $CSR != "")
{
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
+ //set variable for comment
+ if(trim($_REQUEST['description']) == ""){
+ $description= "";
+ }else{
+ $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }
+
$query = "insert into `gpg` set `memid`='".intval($_SESSION['profile']['id'])."',
`email`='".mysql_real_escape_string($lastvalidemail)."',
`level`='1',
`expires`='".mysql_real_escape_string($expires)."',
`multiple`='".mysql_real_escape_string($multiple)."',
- `keyid`='".mysql_real_escape_string($keyid)."'";
+ `keyid`='".mysql_real_escape_string($keyid)."',
+ `description`='".mysql_real_escape_string($description)."'";
mysql_query($query);
- $id = mysql_insert_id();
+ $insert_id = mysql_insert_id();
- $cwd = '/tmp/gpgspace'.$id;
+ $cwd = '/tmp/gpgspace'.$insert_id;
mkdir($cwd,0755);
$fp = fopen("$cwd/gpg.csr", "w");
@@ -296,7 +339,8 @@ function verifyEmail($email)
system("gpg --homedir $cwd --import $cwd/gpg.csr");
- $debugpg = $gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $keyid 2>&1`);
+ $cmd_keyid = escapeshellarg($keyid);
+ $gpg = trim(shell_exec("gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $cmd_keyid 2>&1"));
$lines = "";
$gpgarr = explode("\n", $gpg);
foreach($gpgarr as $line)
@@ -319,13 +363,13 @@ function verifyEmail($email)
$pos = strlen($bits[9]);
}
- $name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
+ $name = trim(gpg_hex2bin(trim(substr($bits[9], 0, $pos))));
$nameok=verifyName($name);
if($nocomment == 0)
{
$pos += 2;
$pos2 = strpos($bits[9], ")");
- $comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
+ $comm = trim(gpg_hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
if($comm != "")
$comment[] = $comm;
$pos = $pos2 + 3;
@@ -334,15 +378,15 @@ function verifyEmail($email)
}
$mail="";
- if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
+ if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
//echo "Found: ".$match[1];
- $mail = trim(hex2bin($match[1]));
+ $mail = trim(gpg_hex2bin($match[1]));
}
else
{
//echo "Not found!\n";
}
-
+
$emailok=verifyEmail($mail);
$uidid=$bits[7];
@@ -384,95 +428,90 @@ function verifyEmail($email)
}
}
+ if(count($ToBeDeleted)>0)
+ {
+ $descriptorspec = array(
+ 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
+ 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
+ 2 => array("pipe", "w") // stderr is a file to write to
+ );
+ $stderr = fopen('php://stderr', 'w');
+ //echo "Keyid: $keyid\n";
- if(count($ToBeDeleted)>0)
- {
+ $cmd_keyid = escapeshellarg($keyid);
+ $process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $cmd_keyid", $descriptorspec, $pipes);
+ //echo "Process: $process\n";
+ //fputs($stderr,"Process: $process\n");
+
+ if (is_resource($process)) {
+ //echo("it is a resource\n");
+ // $pipes now looks like this:
+ // 0 => writeable handle connected to child stdin
+ // 1 => readable handle connected to child stdout
+ // Any error output will be appended to /tmp/error-output.txt
+ while (!feof($pipes[1]))
+ {
+ $buffer = fgets($pipes[1], 4096);
+ //echo $buffer;
- $descriptorspec = array(
- 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
- 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
- 2 => array("pipe", "w") // stderr is a file to write to
- );
-
- $stderr = fopen('php://stderr', 'w');
-
-
- //echo "Keyid: $keyid\n";
-
- $process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
-
- //echo "Process: $process\n";
- //fputs($stderr,"Process: $process\n");
-
- if (is_resource($process)) {
- //echo("it is a resource\n");
- // $pipes now looks like this:
- // 0 => writeable handle connected to child stdin
- // 1 => readable handle connected to child stdout
- // Any error output will be appended to /tmp/error-output.txt
- while (!feof($pipes[1]))
- {
- $buffer = fgets($pipes[1], 4096);
- //echo $buffer;
-
- if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
- {
- fputs($pipes[0],"yes\n");
- }
- elseif($buffer == "[GNUPG:] GOT_IT\n")
- {
- }
- elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
- {
- fputs($pipes[0],"yes\n");
- }
- elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
- {
- if(count($ToBeDeleted)>0)
- {
- $delthisuid=array_pop($ToBeDeleted);
- //echo "Deleting an UID $delthisuid\n";
- fputs($pipes[0],"uid ".$delthisuid."\n");
- }
- else
- {
- //echo "Saving\n";
- fputs($pipes[0],$state?"save\n":"deluid\n");
- $state++;
- }
- }
- elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
- {
- }
- elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
- {
- echo "Key expired!\n";
- exit;
- }
- elseif($buffer == "")
- {
- //echo "Empty!\n";
- }
- else
- {
- echo "ERROR: UNKNOWN $buffer\n";
- }
+ if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
+ {
+ fputs($pipes[0],"yes\n");
+ }
+ elseif($buffer == "[GNUPG:] GOT_IT\n")
+ {
+ }
+ elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
+ {
+ fputs($pipes[0],"yes\n");
+ }
+ elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
+ {
+ if(count($ToBeDeleted)>0)
+ {
+ $delthisuid=array_pop($ToBeDeleted);
+ //echo "Deleting an UID $delthisuid\n";
+ fputs($pipes[0],"uid ".$delthisuid."\n");
+ }
+ else
+ {
+ //echo "Saving\n";
+ fputs($pipes[0],$state?"save\n":"deluid\n");
+ $state++;
+ }
+ }
+ elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
+ {
+ }
+ elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
+ {
+ echo "Key expired!\n";
+ exit;
+ }
+ elseif($buffer == "")
+ {
+ //echo "Empty!\n";
+ }
+ else
+ {
+ echo "ERROR: UNKNOWN $buffer\n";
+ }
}
//echo "Fertig\n";
fclose($pipes[0]);
-
+
//echo stream_get_contents($pipes[1]);
fclose($pipes[1]);
-
+
// It is important that you close any pipes before calling
// proc_close in order to avoid a deadlock
$return_value = proc_close($process);
-
+
//echo "command returned $return_value\n";
}
else
@@ -484,15 +523,16 @@ function verifyEmail($email)
}
- $csrname=generatecertpath("csr","gpg",$id);
- $do=`gpg --homedir $cwd --batch --export-options export-minimal --export $keyid >$csrname`;
+ $csrname=generatecertpath("csr","gpg",$insert_id);
+ $cmd_keyid = escapeshellarg($keyid);
+ $do=shell_exec("gpg --homedir $cwd --batch --export-options export-minimal --export $cmd_keyid >$csrname");
- mysql_query("update `gpg` set `csr`='$csrname' where `id`='$id'");
- waitForResult('gpg', $id);
+ mysql_query("update `gpg` set `csr`='$csrname' where `id`='$insert_id'");
+ waitForResult('gpg', $insert_id);
showheader(_("Welcome to CAcert.org"));
echo $resulttable;
- $query = "select * from `gpg` where `id`='$id' and `crt`!=''";
+ $query = "select * from `gpg` where `id`='$insert_id' and `crt`!=''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@@ -500,7 +540,7 @@ function verifyEmail($email)
echo _("If this is a re-occuring problem, please send a copy of the key you are trying to signed to support@cacert.org. Thank you.");
} else {
echo "<pre>";
- readfile(generatecertpath("crt","gpg",$id));
+ readfile(generatecertpath("crt","gpg",$insert_id));
echo "</pre>";
}
@@ -508,6 +548,23 @@ function verifyEmail($email)
exit;
}
+ if($oldid == 2 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `gpg` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
$id = intval($id);
showheader(_("Welcome to CAcert.org"));
diff --git a/www/images/btn_paynowCC_LG.gif b/www/images/btn_paynowCC_LG.gif
index f2edb8f..99fda23 100644
--- a/www/images/btn_paynowCC_LG.gif
+++ b/www/images/btn_paynowCC_LG.gif
Binary files differ
diff --git a/www/images/btn_subscribeCC_LG.gif b/www/images/btn_subscribeCC_LG.gif
new file mode 100644
index 0000000..a5cd278
--- /dev/null
+++ b/www/images/btn_subscribeCC_LG.gif
Binary files differ
diff --git a/www/index.php b/www/index.php
index 41b6d7a..e6fc06a 100644
--- a/www/index.php
+++ b/www/index.php
@@ -17,6 +17,7 @@
*/
require_once('../includes/lib/l10n.php');
+require_once('../includes/notary.inc.php');
$id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
$oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
@@ -124,7 +125,7 @@ require_once('../includes/lib/l10n.php');
showfooter();
exit;
}
- }
+ }
}
if($oldid == 5 && $process != "")
@@ -147,18 +148,19 @@ require_once('../includes/lib/l10n.php');
}
}
+ //client login
if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
{
include_once("../includes/lib/general.php");
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
$_SERVER['SSL_CLIENT_I_DN_CN']);
-
+
if($user_id >= 0)
{
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
- "select * from `users` where
+ "select * from `users` where
`id`='$user_id' and `deleted`=0 and `locked`=0"));
-
+
if($_SESSION['profile']['id'] != 0)
{
$_SESSION['profile']['loggedin'] = 1;
@@ -170,79 +172,13 @@ require_once('../includes/lib/l10n.php');
}
}
+
if($id == 4 && array_key_exists('profile',$_SESSION) && array_key_exists('loggedin',array($_SESSION['profile'])) && $_SESSION['profile']['loggedin'] == 1)
{
header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
exit;
}
- function getOTP64($otp)
- {
- $lookupChar = "123456789abcdefhkmnprstuvwxyzABCDEFGHKMNPQRSTUVWXYZ=+[]&@#*!-?%:";
-
- for($i = 0; $i < 6; $i++)
- $val[$i] = hexdec(substr($otp, $i * 2, 2));
-
- $tmp1 = $val[0] >> 2;
- $OTP = $lookupChar[$tmp1 & 63];
- $tmp2 = $val[0] - ($tmp1 << 2);
- $tmp1 = $val[1] >> 4;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
- $tmp2 = $val[1] - ($tmp1 << 4);
- $tmp1 = $val[2] >> 6;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
- $tmp2 = $val[2] - ($tmp1 << 6);
- $OTP .= $lookupChar[$tmp2 & 63];
- $tmp1 = $val[3] >> 2;
- $OTP .= $lookupChar[$tmp1 & 63];
- $tmp2 = $val[3] - ($tmp1 << 2);
- $tmp1 = $val[4] >> 4;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
- $tmp2 = $val[4] - ($tmp1 << 4);
- $tmp1 = $val[5] >> 6;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
- $tmp2 = $val[5] - ($tmp1 << 6);
- $OTP .= $lookupChar[$tmp2 & 63];
-
- return $OTP;
- }
-
- function getOTP32($otp)
- {
- $lookupChar = "0123456789abcdefghkmnoprstuvwxyz";
-
- for($i = 0; $i < 7; $i++)
- $val[$i] = hexdec(substr($otp, $i * 2, 2));
-
- $tmp1 = $val[0] >> 3;
- $OTP = $lookupChar[$tmp1 & 31];
- $tmp2 = $val[0] - ($tmp1 << 3);
- $tmp1 = $val[1] >> 6;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
- $tmp2 = ($val[1] - ($tmp1 << 6)) >> 1;
- $OTP .= $lookupChar[$tmp2 & 31];
- $tmp2 = $val[1] - (($val[1] >> 1) << 1);
- $tmp1 = $val[2] >> 4;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
- $tmp2 = $val[2] - ($tmp1 << 4);
- $tmp1 = $val[3] >> 7;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
- $tmp2 = ($val[3] - ($tmp1 << 7)) >> 2;
- $OTP .= $lookupChar[$tmp2 & 31];
- $tmp2 = $val[3] - (($val[3] - ($tmp1 << 7)) >> 2) << 2;
- $tmp1 = $val[4] >> 5;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
- $tmp2 = $val[4] - ($tmp1 << 5);
- $OTP .= $lookupChar[$tmp2 & 31];
- $tmp1 = $val[5] >> 3;
- $OTP .= $lookupChar[$tmp1 & 31];
- $tmp2 = $val[5] - ($tmp1 << 3);
- $tmp1 = $val[6] >> 6;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
-
- return $OTP;
- }
-
if($oldid == 4)
{
$oldid = 0;
@@ -255,70 +191,24 @@ require_once('../includes/lib/l10n.php');
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
$res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- $otpquery = "select * from `users` where `email`='$email' and `otphash`!='' and `verified`=1 and `deleted`=0 and `locked`=0";
- $otpres = mysql_query($otpquery);
- if(mysql_num_rows($otpres) > 0)
- {
- $otp = mysql_fetch_assoc($otpres);
- $otphash = $otp['otphash'];
- $otppin = $otp['otppin'];
- if(strlen($pword) == 6)
- {
- $matchperiod = 18;
- $time = round(gmdate("U") / 10);
- } else {
- $matchperiod = 3;
- $time = round(gmdate("U") / 60);
- }
-
- $query = "delete from `otphashes` where UNIX_TIMESTAMP(`when`) <= UNIX_TIMESTAMP(NOW()) - 600";
- mysql_query($query);
-
- $query = "select * from `otphashes` where `username`='$email' and `otp`='$pword'";
- if(mysql_num_rows(mysql_query($query)) <= 0)
- {
- $query = "insert into `otphashes` set `when`=NOW(), `username`='$email', `otp`='$pword'";
- mysql_query($query);
- for($i = $time - $matchperiod; $i <= $time + $matchperiod * 2; $i++)
- {
- if($otppin > 0)
- $tmpmd5 = md5("$i$otphash$otppin");
- else
- $tmpmd5 = md5("$i$otphash");
-
- if(strlen($pword) == 6)
- $md5 = substr(md5("$i$otphash"), 0, 6);
- else if(strlen($pword) == 8)
- $md5 = getOTP64(md5("$i$otphash"));
- else
- $md5 = getOTP32(md5("$i$otphash"));
-
- if($pword == $md5)
- $res = mysql_query($otpquery);
- }
- }
- }
- }
if(mysql_num_rows($res) > 0)
{
$_SESSION['profile'] = "";
unset($_SESSION['profile']);
$_SESSION['profile'] = mysql_fetch_assoc($res);
- $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".$_SESSION['profile']['id']."'";
+ $query = "update `users` set `modified`=NOW(), `password`=sha1('$pword') where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
if($_SESSION['profile']['language'] == "")
{
$query = "update `users` set `language`='".L10n::get_translation()."'
- where `id`='".$_SESSION['profile']['id']."'";
+ where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
} else {
L10n::set_translation($_SESSION['profile']['language']);
L10n::init_gettext();
}
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
@@ -330,12 +220,16 @@ require_once('../includes/lib/l10n.php');
$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
$_SESSION['_config']['oldlocation'] = "account.php?id=13";
}
+ if (!isset($_SESSION['_config']['oldlocation'])){
+ $_SESSION['_config']['oldlocation']='';
+ }
if (checkpwlight($pword) < 3)
$_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
- if($_SESSION['_config']['oldlocation'] != "")
+ if($_SESSION['_config']['oldlocation'] != ""){
header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
- else
+ }else{
header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
+ }
exit;
}
@@ -350,6 +244,40 @@ require_once('../includes/lib/l10n.php');
}
}
+// check for CCA acceptance prior to login
+if ($oldid == 52 )
+{
+ // Check if the user is already authenticated
+ if (!array_key_exists('profile',$_SESSION)
+ || !array_key_exists('loggedin',$_SESSION['profile'])
+ || $_SESSION['profile']['loggedin'] != 1)
+ {
+ header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
+ exit;
+ }
+
+ if (array_key_exists('agree',$_REQUEST) && $_REQUEST['agree'] != "")
+ {
+ write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
+ $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
+
+ if (array_key_exists("oldlocation",$_SESSION['_config'])
+ && $_SESSION['_config']['oldlocation']!="")
+ {
+ header("Location: https://{$_SERVER['HTTP_HOST']}/{$_SESSION['_config']['oldlocation']}");
+ exit;
+ } else {
+ header("Location: https://{$_SERVER['HTTP_HOST']}/account.php");
+ exit;
+ }
+ }
+
+ // User didn't agree
+ header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
+ exit;
+}
+
+
if($process && $oldid == 1)
{
$id = 2;
@@ -498,7 +426,7 @@ require_once('../includes/lib/l10n.php');
if($checkemail != "OK")
{
$id = 1;
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
$_SESSION['_config']['errmsg'] .= _("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.");
} else {
@@ -544,6 +472,7 @@ require_once('../includes/lib/l10n.php');
`regional`='".$_SESSION['signup']['regional']."',
`radius`='".$_SESSION['signup']['radius']."'";
mysql_query($query);
+ write_user_agreement($memid, "CCA", "account creation", "", 1);
$body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
@@ -564,6 +493,13 @@ require_once('../includes/lib/l10n.php');
$message = stripslashes($_REQUEST['message']);
$secrethash = $_REQUEST['secrethash2'];
+ //check for spam via honeypot
+ if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
+ echo _("Form could not be sent.");
+ showfooter();
+ exit;
+ }
+
if($_SESSION['_config']['secrethash'] != $secrethash || $secrethash == "" || $_SESSION['_config']['secrethash'] == "")
{
$id = $oldid;
@@ -603,26 +539,23 @@ require_once('../includes/lib/l10n.php');
}
}
- if($oldid == 11 && $process != "" && $_REQUEST['support'] != "yes")
- {
- $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
-
- sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");
- showheader(_("Welcome to CAcert.org"));
- echo _("Your message has been sent.");
- showfooter();
- exit;
- }
-
- if($oldid == 11 && $process != "" && $_REQUEST['support'] == "yes")
+ if($oldid == 11 && $process != "")
{
$message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
-
- sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
- showheader(_("Welcome to CAcert.org"));
- echo _("Your message has been sent to the general support list.");
- showfooter();
- exit;
+ if (isset($process[0])){
+ sendmail("cacert-support@lists.cacert.org", "[website form email]: ".$subject, $message, "website-form@cacert.org", "cacert-support@lists.cacert.org, $email", "", "CAcert-Website");
+ showheader(_("Welcome to CAcert.org"));
+ echo _("Your message has been sent to the general support list.");
+ showfooter();
+ exit;
+ }
+ if (isset($process[1])){
+ sendmail("support@cacert.org", "[CAcert.org] ".$subject, $message, $email, "", "", "CAcert Support");
+ showheader(_("Welcome to CAcert.org"));
+ echo _("Your message has been sent.");
+ showfooter();
+ exit;
+ }
}
if(!array_key_exists('signup',$_SESSION) || $_SESSION['signup']['year'] < 1900)
@@ -634,7 +567,7 @@ require_once('../includes/lib/l10n.php');
$newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
}
-
+
if ($id == 19)
{
$protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
@@ -648,7 +581,7 @@ require_once('../includes/lib/l10n.php');
$newUrl = $protocol . '://wiki.cacert.org/Board';
header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
}
-
+
showheader(_("Welcome to CAcert.org"));
includeit($id);
showfooter();
diff --git a/www/keygenIE.js b/www/keygenIE.js
new file mode 100644
index 0000000..4c15b23
--- /dev/null
+++ b/www/keygenIE.js
@@ -0,0 +1,611 @@
+/*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2012 CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+var CAcert_keygen_IE = function () {
+
+ /// Makes a new DOM text node
+ var textnode = function (text) {
+ return document.createTextNode(text);
+ }
+
+ /// makes a new <p> element
+ var paragraph = function (text) {
+ var paragraph = document.createElement("p");
+ paragraph.appendChild(textnode(text));
+ return paragraph;
+ }
+
+ /// makes a new <pre> elemtent
+ var pre = function (text) {
+ var pre = document.createElement("pre");
+ pre.appendChild(textnode(text));
+ return pre;
+ }
+
+ /// makes a new <option> element
+ var option = function (text, value) {
+ var option = document.createElement("option");
+ if (value !== undefined) {
+ option.setAttribute("value", value);
+ }
+ option.appendChild(textnode(text));
+ return option;
+ }
+
+ /// Removes all child nodes from the element
+ var removeChildren = function (element) {
+ element.innerHTML = "";
+ }
+
+ /// Show error message to user from exception
+ var showError = function (message, exception) {
+ window.alert(
+ message +
+ "\n\nError: " + exception.message +
+ " (0x" + (0xFFFFFFFF + exception.number + 1).toString(16) +
+ " / " + exception.number + ")"
+ );
+ }
+
+ // Get important elements from the DOM
+ var form = document.getElementById("CertReqForm");
+ var securityLevel = document.getElementById("SecurityLevel");
+ var customSettings = document.getElementById("customSettings");
+ var provider = document.getElementById("CspProvider");
+ var algorithm = document.getElementById("algorithm");
+ var algorithmParagraph = document.getElementById("algorithmParagraph");
+ var keySize = document.getElementById("keySize");
+ var keySizeMin = document.getElementById("keySizeMin");
+ var keySizeMax = document.getElementById("keySizeMax");
+ var keySizeStep = document.getElementById("keySizeStep");
+ var genReq = document.getElementById("GenReq");
+ var csr = document.getElementById("CSR");
+ var noActiveX = document.getElementById("noActiveX");
+ var generatingKeyNotice = document.getElementById("generatingKeyNotice");
+ var createRequestErrorChooseAlgorithm = document.getElementById("createRequestErrorChooseAlgorithm");
+ var createRequestErrorConfirmDialogue = document.getElementById("createRequestErrorConfirmDialogue");
+ var createRequestErrorConnectDevice = document.getElementById("createRequestErrorConnectDevice");
+ var createRequestError = document.getElementById("createRequestError");
+ var invalidKeySizeError = document.getElementById("invalidKeySizeError");
+ var unsupportedPlatformError = document.getElementById("unsupportedPlatformError");
+
+ /// Initialise the CertEnroll code (Vista and higher)
+ /// returns false if initialisation fails
+ var initCertEnroll = function () {
+ var factory = null;
+ var providerList = null;
+ var cspStats = null;
+
+ // Try to initialise the ActiveX element. Requires permissions by the user
+ try {
+ factory = new ActiveXObject("X509Enrollment.CX509EnrollmentWebClassFactory");
+ if (!factory) {
+ throw {
+ name: "NoObjectError",
+ message: "Got null at object creation"
+ };
+ }
+
+ // also try to create a useless object here so the library gets
+ // initialised and we don't need to check everytime later
+ factory.CreateObject("X509Enrollment.CObjectId");
+
+ form.style.display = "";
+ noActiveX.style.display = "none";
+ } catch (e) {
+ return false;
+ }
+
+ /// Get the selected provider
+ var getProvider = function () {
+ var providerIndex = provider.options[provider.selectedIndex].value;
+ return providerList.ItemByIndex(providerIndex);
+ }
+
+ /// Get the selected algorithm
+ var getAlgorithm = function () {
+ var algorithmIndex = algorithm.options[algorithm.selectedIndex].value;
+ return alg = cspStats.ItemByIndex(algorithmIndex).CspAlgorithm;
+ }
+
+ /// Get the selected key size
+ var getKeySize = function () {
+ var alg = getAlgorithm();
+
+ var bits = parseInt(keySize.value, 10);
+ if (
+ (bits < alg.MinLength) ||
+ (bits > alg.MaxLength) ||
+ (
+ alg.IncrementLength &&
+ ((bits - alg.MinLength) % alg.IncrementLength !== 0)
+ )
+ ) {
+ return false;
+ }
+
+ return bits;
+ }
+
+ /// Fill the key size list
+ var getKeySizeList = function () {
+ if (!cspStats) {
+ return false;
+ }
+
+ var alg = getAlgorithm();
+
+ // HTML5 attributes
+ keySize.setAttribute("min", alg.MinLength);
+ keySize.setAttribute("max", alg.MaxLength);
+ keySize.setAttribute("step", alg.IncrementLength);
+ keySize.setAttribute("value", alg.DefaultLength);
+ keySize.value = ""+alg.DefaultLength;
+
+ // ugly, but buggy otherwise if done with text nodes
+ keySizeMin.innerHTML = alg.MinLength;
+ keySizeMax.innerHTML = alg.MaxLength;
+ keySizeStep.innerHTML = alg.IncrementLength;
+
+ return true;
+ }
+
+ /// Fill the algorithm list
+ var getAlgorithmList = function () {
+ var i;
+
+ if (!providerList) {
+ return false;
+ }
+
+ var csp = getProvider();
+
+ cspStats = providerList.GetCspStatusesFromOperations(
+ 0x1c, //XCN_NCRYPT_ANY_ASYMMETRIC_OPERATION
+ //0x10, //XCN_NCRYPT_SIGNATURE_OPERATION
+ //0x8, //XCN_NCRYPT_SECRET_AGREEMENT_OPERATION
+ //0x4, //XCN_NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION
+ csp
+ );
+
+ removeChildren(algorithm);
+ for (i = 0; i < cspStats.Count; i++) {
+ var alg = cspStats.ItemByIndex(i).CspAlgorithm;
+ algorithm.appendChild(option(alg.Name, i));
+ }
+
+ return getKeySizeList();
+ }
+
+ /// Fill the crypto provider list
+ var getProviderList = function () {
+ var i;
+
+ var csps = factory.CreateObject("X509Enrollment.CCspInformations");
+
+ // Get provider information
+ csps.AddAvailableCsps();
+
+ removeChildren(provider);
+
+ for (i = 0; i < csps.Count; i++) {
+ var csp = csps.ItemByIndex(i);
+ provider.appendChild(option(csp.Name, i));
+ }
+
+ providerList = csps;
+
+ return getAlgorithmList();
+ }
+
+ /// Generate a key and create and submit the actual CSR
+ var createCSR = function () {
+ var providerName, algorithmOid, bits;
+
+ var level = securityLevel.options[securityLevel.selectedIndex];
+ if (level.value === "custom") {
+ providerName = getProvider().Name;
+ var alg = getAlgorithm();
+ algorithmOid = alg.GetAlgorithmOid(0, 0)
+ bits = getKeySize();
+ if (!bits) {
+ window.alert(invalidKeySizeError.innerHTML);
+ return false;
+ }
+ } else {
+ providerName = "Microsoft Software Key Storage Provider";
+
+ algorithmOid = factory.CreateObject("X509Enrollment.CObjectId");
+ algorithmOid.InitializeFromValue("1.2.840.113549.1.1.1"); // RSA
+ // "1.2.840.10040.4.1" == DSA
+ // "1.2.840.10046.2.1" == DH
+
+ if (level.value === "high") {
+ bits = 4096;
+ } else { // medium
+ bits = 2048;
+ }
+ }
+
+ var privateKey = factory.CreateObject("X509Enrollment.CX509PrivateKey");
+ privateKey.ProviderName = providerName;
+ privateKey.Algorithm = algorithmOid;
+ privateKey.Length = bits;
+ privateKey.KeyUsage = 0xffffff; // XCN_NCRYPT_ALLOW_ALL_USAGES
+ privateKey.ExportPolicy = 0x1; // XCN_NCRYPT_ALLOW_EXPORT_FLAG
+
+ var request = factory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
+ request.InitializeFromPrivateKey(
+ 1, // ContextUser
+ privateKey,
+ "" // don't use a template
+ );
+
+ var enroll = factory.CreateObject("X509Enrollment.CX509Enrollment");
+ enroll.InitializeFromRequest(request);
+
+ generatingKeyNotice.style.display = "";
+
+ // The request needs to be created after we return so the "please wait"
+ // message gets rendered
+ var createCSRHandler = function () {
+ try {
+ csr.value = enroll.CreateRequest(0x1); //XCN_CRYPT_STRING_BASE64
+ form.submit();
+ } catch (e) {
+ showError(createRequestErrorChooseAlgorithm.innerHTML, e);
+ }
+
+ generatingKeyNotice.style.display = "none";
+ }
+
+ window.setTimeout(createCSRHandler, 0);
+
+ // Always return false, form is submitted by deferred method
+ return false;
+ }
+
+ /// Call if securityLevel has changed
+ var refreshSecurityLevel = function () {
+ var level = securityLevel.options[securityLevel.selectedIndex];
+ if (level.value === "custom") {
+ getProviderList();
+ customSettings.style.display = "";
+ } else {
+ customSettings.style.display = "none";
+ }
+ }
+
+ securityLevel.onchange = refreshSecurityLevel;
+ provider.onchange = getAlgorithmList;
+ algorithm.onchange = getKeySizeList;
+ genReq.onclick = createCSR;
+
+ return true;
+ } // end of initCertEnroll()
+
+ /// Initialise Xenroll code (XP and lower)
+ /// returns false if initialisation fails
+ var initXEnroll = function () {
+ cenroll = null;
+
+ providerTypes = Array(
+ 1, //PROV_RSA_FULL
+ 2, //PROV_RSA_SIG
+ 3, //PROV_DSS
+ 4, //PROV_FORTEZZA
+ 5, //PROV_MS_EXCHANGE
+ 6, //PROV_SSL
+ 12, //PROV_RSA_SCHANNEL
+ 13, //PROV_DSS_DH
+ 14, //PROV_EC_ECDSA_SIG
+ 15, //PROV_EC_ECNRA_SIG
+ 16, //PROV_EC_ECDSA_FULL
+ 17, //PROV_EC_ECNRA_FULL
+ 18, //PROV_DH_SCHANNEL
+ 20, //PROV_SPYRUS_LYNKS
+ 21, //PROV_RNG
+ 22, //PROV_INTEL_SEC
+ 23, //PROV_REPLACE_OWF
+ 24 //PROV_RSA_AES
+ );
+
+ algClasses = Array(
+ 1 << 13, //ALG_CLASS_SIGNATURE
+ //2 << 13, //ALG_CLASS_MSG_ENCRYPT
+ //3 << 13, //ALG_CLASS_DATA_ENCRYPT
+ //4 << 13, //ALG_CLASS_HASH
+ 5 << 13 //ALG_CLASS_KEY_EXCHANGE
+ );
+
+ // Try to initialise the ActiveX element.
+ try {
+ cenroll = new ActiveXObject("CEnroll.CEnroll");
+
+ if (!cenroll) {
+ throw {
+ name: "NoObjectError",
+ message: "Got null at object creation"
+ };
+ }
+
+ form.style.display = "";
+ algorithm.disabled = true;
+ noActiveX.style.display = "none";
+ } catch (e) {
+ return false;
+ }
+
+ /// Get the name of the selected provider
+ var getProviderName = function () {
+ return provider.options[provider.selectedIndex].text;
+ }
+
+ /// Get the type of the selected provider
+ var getProviderType = function () {
+ return parseInt(provider.options[provider.selectedIndex].value, 10);
+ }
+
+ var refreshProvider = function () {
+ cenroll.ProviderName = getProviderName();
+ cenroll.ProviderType = getProviderType();
+ }
+
+ /// Get the ID of the selected algorithm
+ var getAlgorithmId = function () {
+ return parseInt(algorithm.options[algorithm.selectedIndex].value, 10);
+ }
+
+ /// Minimum bit length for exchange keys
+ var getMinExKeyLength = function () {
+ refreshProvider();
+
+ try {
+ return cenroll.GetKeyLen(true, true);
+ } catch (e) {
+ return false;
+ }
+ }
+
+ /// Maximum bit length for exchange keys
+ var getMaxExKeyLength = function () {
+ refreshProvider();
+
+ try {
+ return cenroll.GetKeyLen(false, true);
+ } catch (e) {
+ return false;
+ }
+ }
+
+ /// Step size for exchange keys
+ /// This might not be available on older platforms
+ var getStepExKeyLength = function () {
+ refreshProvider();
+
+ try {
+ return cenroll.GetKeyLenEx(3, 1);
+ } catch (e) {
+ return false;
+ }
+ }
+
+ /// Minimum bit length for signature keys
+ var getMinSigKeyLength = function () {
+ refreshProvider();
+
+ try {
+ return cenroll.GetKeyLen(true, false);
+ } catch (e) {
+ return false;
+ }
+ }
+
+ /// Maximum bit length for signature keys
+ var getMaxSigKeyLength = function () {
+ refreshProvider();
+
+ try {
+ return cenroll.GetKeyLen(false, false);
+ } catch (e) {
+ return false;
+ }
+ }
+
+ /// Step size for signature keys
+ /// This might not be available on older platforms
+ var getStepSigKeyLength = function () {
+ refreshProvider();
+
+ try {
+ return cenroll.GetKeyLenEx(3, 2);
+ } catch (e) {
+ return false;
+ }
+ }
+
+ /// Get the selected key size
+ var getKeySize = function () {
+ var bits = parseInt(keySize.value, 10);
+ if (
+ (bits < getMinSigKeyLength()) ||
+ (bits > getMaxSigKeyLength()) ||
+ (
+ getStepSigKeyLength() &&
+ ((bits - getMinSigKeyLength()) % getStepSigKeyLength() !== 0)
+ )
+ ) {
+ return false;
+ }
+
+ return bits;
+ }
+
+ var getKeySizeLimits = function () {
+ // HTML5 attributes
+ keySize.setAttribute("min", getMinSigKeyLength());
+ keySize.setAttribute("max", getMaxSigKeyLength());
+ if (getStepSigKeyLength()) {
+ keySize.setAttribute("step", getStepSigKeyLength());
+ }
+
+ // ugly, but buggy otherwise if done with text nodes
+ keySizeMin.innerHTML = getMinSigKeyLength();
+ keySizeMax.innerHTML = getMaxSigKeyLength();
+ keySizeStep.innerHTML = getStepSigKeyLength();
+
+ if (getMinSigKeyLength() === getMaxSigKeyLength()) {
+ keySize.value = getMaxSigKeyLength();
+ }
+
+ return true;
+ }
+
+ /// Fill the algorithm selection box
+ var getAlgorithmList = function () {
+ var i, j;
+
+ refreshProvider();
+
+ removeChildren(algorithm);
+
+ for (i = 0; i < algClasses.length; ++i) {
+ for (j = 0; true; ++j) {
+ try {
+ var algId = cenroll.EnumAlgs(j, algClasses[i]);
+ var algName = cenroll.GetAlgName(algId);
+ algorithm.appendChild(option(algName, algId));
+ } catch (e) {
+ break;
+ }
+ }
+ }
+
+ getKeySizeLimits();
+ }
+
+ /// Fill the provider selection box
+ var getProviderList = function () {
+ var i, j;
+
+ removeChildren(provider);
+
+ for (i = 0; i < providerTypes.length; ++i) {
+ cenroll.providerType = providerTypes[i];
+
+ var providerName = "invalid";
+ for (j = 0; true; ++j) {
+ try {
+ providerName = cenroll.enumProviders(j, 0);
+ provider.appendChild(option(providerName, providerTypes[i]));
+ } catch (e) {
+ break;
+ }
+ }
+ }
+
+ return getAlgorithmList();
+ }
+
+ var createCSR = function () {
+ var providerName, bits;
+
+ var level = securityLevel.options[securityLevel.selectedIndex];
+ if (level.value === "custom") {
+ refreshProvider();
+
+ bits = getKeySize();
+ if (bits === false) {
+ window.alert(invalidKeySizeError.innerHTML);
+ return false;
+ }
+ } else {
+ cenroll.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
+ cenroll.ProviderType = 1; //PROV_RSA_FULL
+
+ if (level.value === "high") {
+ bits = 4096;
+ } else { // medium
+ bits = 2048;
+ }
+ }
+
+ cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits
+ // Allow exporting the private key
+ cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE
+
+ generatingKeyNotice.style.display = "";
+
+ // The request needs to be created after we return so the "please wait"
+ // message gets rendered
+ var createCSRHandler = function () {
+ try {
+ csr.value = cenroll.createPKCS10("", "1.3.6.1.5.5.7.3.2");
+ form.submit();
+ } catch (e) {
+ if (e.number === -2147023673) {
+ // 0x800704c7 => dialogue declined
+ showError(createRequestErrorConfirmDialogue.innerHTML, e);
+ } else if (e.number === -2146435043) {
+ // 0x8010001d => crypto-device not connected
+ showError(createRequestErrorConnectDevice.innerHTML, e);
+ } else {
+ showError(createRequestError.innerHTML, e);
+ }
+ }
+
+ generatingKeyNotice.style.display = "none";
+ cenroll.Reset();
+ }
+
+ window.setTimeout(createCSRHandler, 0);
+
+ // Always return false, form is submitted by deferred method
+ return false;
+ }
+
+ /// Call if securityLevel has changed
+ var refreshSecurityLevel = function () {
+ var level = securityLevel.options[securityLevel.selectedIndex];
+ if (level.value === "custom") {
+ getProviderList();
+ customSettings.style.display = "";
+ } else {
+ customSettings.style.display = "none";
+ }
+ }
+
+ securityLevel.onchange = refreshSecurityLevel;
+ provider.onchange = getAlgorithmList;
+ algorithm.onchange = getKeySizeLimits;
+ genReq.onclick = createCSR;
+
+ return true;
+ };
+
+ // Run the init functions until one is successful
+ if (initCertEnroll()) {
+ form.style.display = "";
+ noActiveX.style.display = "none";
+ } else if (initXEnroll()) {
+ form.style.display = "";
+ noActiveX.style.display = "none";
+ } else {
+ window.alert(unsupportedPlatformError.innerHTML);
+ }
+} ();
diff --git a/www/policy/CAcertCommunityAgreement.php b/www/policy/CAcertCommunityAgreement.php
index 3106eb1..17065f1 100644
--- a/www/policy/CAcertCommunityAgreement.php
+++ b/www/policy/CAcertCommunityAgreement.php
@@ -1,512 +1,593 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-<head><title>CAcert Community Agreement</title></head>
+<?='<?xml version="1.0" encoding="utf-8"?>'?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
+ <title> CAcert Community Agreement </title>
+<style type="text/css">
+<!--
+.comment {
+ color : steelblue;
+}
+.first-does-not-work {
+ color : red;
+}
+.q {
+ color : green;
+ font-weight: bold;
+ text-align: center;
+ font-style:italic;
+}
+.change {
+ color : blue;
+ font-weight: bold;
+}
+.change2 {
+ color : blue;
+ font-weight: bold;
+}
+.change3 {
+ color : blue;
+ font-weight: bold;
+}
+.change4 {
+ color : blue;
+ font-weight: bold;
+}
+.change5 {
+ color : blue;
+ font-weight: bold;
+}
+.change6 {
+ color : blue;
+ font-weight: bold;
+}
+.change7 {
+ color : blue ;
+ font-weight: bold;
+}
+.change8 {
+ color : blue;
+ font-weight: bold;
+}
+.change9 {
+ color : blue;
+ font-weight: bold;
+}
+.change10 {
+ color : blue;
+ font-weight: bold;
+}
+.change11 {
+ color : blue;
+ font-weight: bold;
+}
+.change12 {
+ color : blue;
+ font-weight: bold;
+}
+.change13 {
+ color : blue;
+ font-weight: bold;
+}
+.strike {
+ color : blue;
+ text-decoration:line-through;
+}
+.strike2 {
+ color : blue;
+ text-decoration:line-through;
+}
+.strike4 {
+ color : blue;
+ text-decoration:line-through;
+}
+.strike5 {
+ color : blue;
+ text-decoration:line-through;
+}
+.strike6 {
+ color : blue;
+ text-decoration:line-through;
+}
+.strike7 {
+ color : blue;
+ text-decoration:line-through;
+}
+.strike8 {
+ color : blue;
+ text-decoration:line-through;
+}
+.strike9 {
+ color : blue;
+ text-decoration:line-through;
+}
+.strike10 {
+ color : blue;
+ text-decoration:line-through;
+}
+.strike11 {
+ color : blue;
+ text-decoration:line-through;
+}
+.strike12 {
+ color : blue;
+ text-decoration:line-through;
+}
+.strike13 {
+ color : blue;
+ text-decoration:line-through;
+}
+-->
+</style>
+
+</head>
<body>
+ <div class="comment">
+ <table width="100%">
+
+ <tr>
+ <td rowspan="2">
+ Name: CCA <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD9</a><br />
+ Status: POLICY <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20080109.1_CCA_to_POLICY_status">p20080109.1</a><br />
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="draftadd">DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/PolicyDecisions#p20140709_CCA_update_to_DRAFT">p20140709</a></span> <br />
+ Editor: <a style="color: steelblue" href="https://wiki.cacert.org/Community/HomePagesMembers/BenediktHeintel">Benedikt</a><br />
+ Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a><br />
+
+ </td>
+ <td valign="top" align="right">
+ <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-policy.png" alt="CCA Status - POLICY" height="31" width="88" style="border-style: none;" /></a>
+
+ <!-- XXXXXXXXXXXXXX delete this going to POLICY -->
+ <br />
+ <a href="https://www.cacert.org/policy/PolicyOnPolicy.php"><img src="images/cacert-draft.png" alt="CCA Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
+
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <h2>CAcert Community Agreement</h2>
+
+ <h3><a name="0">0.</a> Introduction</h3>
+
+ <p>This agreement is between you, being a registered member ("Member") within
+ CAcert's community at large ("Community") and CAcert Incorporated ("CAcert"),
+ being an operator of services to the Community.</p>
+
+ <h4><a name="0.1">0.1</a> Terms</h4>
+
+ <ol>
+ <li>"CAcert" means CAcert Inc., a non-profit Association of Members
+ incorporated in New South Wales, Australia. Note that Association Members
+ are distinct from the Members defined here.</li>
+
+ <li>"Member" means you, a registered participant within CAcert's Community,
+ with an account on the website and the facility to request certificates.
+ Members may be individuals ("natural persons") or organisations ("legal
+ persons").</li>
+
+ <li>"Organisation" is defined under the Organisation Assurance programme,
+ and generally includes corporations and other entities that become Members
+ and become Assured.</li>
+
+ <li>"Community" means all of the Members that are registered by this
+ agreement and other parties by other agreements, all being under CAcert's
+ Arbitration.</li>
+
+ <li>"Non-Related Person" ("NRP"), being someone who is not a Member, is not
+ part of the Community, and has not registered their agreement. <span class=
+ "strike7">Such people are offered the NRP-DaL another agreement allowing
+ the USE of certificates.</span></li>
+
+ <li><span class="strike7">"Non-Related Persons - Disclaimer and Licence"
+ ("NRP-DaL"), another agreement that is offered to persons outside the
+ Community.</span><span class="change7">(withdrawn)</span></li>
+
+ <li>"Arbitration" is the Community's forum for resolving disputes, or
+ jurisdiction.</li>
+
+ <li>"Dispute Resolution Policy" ("DRP" =&gt; COD7) is the policy and rules
+ for resolving disputes.</li>
+
+ <li>"USE" means the act by your software to conduct its tasks,
+ incorporating the certificates according to software procedures.</li>
+
+ <li>"RELY" means your human act in taking on a risk and liability on the
+ basis of the claim(s) bound within a certificate.</li>
+
+ <li>"OFFER" means the your act of making available your certificate to
+ another person. Generally, you install and configure your software to act
+ as your agent and facilite this and other tasks. OFFER does not imply
+ suggestion of reliance.</li>
+
+ <li>"Issue" means creation of a certificate by CAcert. To create a
+ certificate, CAcert affixes a digital signature from the root onto a public
+ key and other information. This act would generally bind a statement or
+ claim, such as your name, to your key.</li>
+
+ <li>"Root" means CAcert's top level key, used for signing certificates for
+ Members. In this document, the term includes any subroots.</li>
+
+ <li>"CAcert Official Document" ("COD" <span class="strike4">=&gt;
+ COD3</span>) <span class="strike4">in a standard format for describing the
+ details of operation and governance essential to a certificate authority.
+ Changes are managed and controlled. CODs define more technical terms. See
+ 4.2 for listing of relevant CODs.</span> <span class="change4">is an
+ official managed and controlled document (e. g. a Policy) of
+ CAcert.</span></li>
+
+ <li>"Certification Practice Statement" ("CPS" =&gt; COD6) is the document
+ that controls details about operational matters within CAcert.</li>
+ </ol>
+
+ <h3><a name="1">1.</a> Agreement and Licence</h3>
+
+ <h4><a name="1.1">1.1</a> Agreement</h4>
+
+ <p>You <span class="strike">and CAcert both</span> agree to the terms and
+ conditions in this agreement. Your agreement is given by <span class=
+ "change2">but not limited to</span> <span class="strike2">any of</span></p>
+
+ <ul>
+ <li>your signature on a form to request assurance of identity ("CAP"
+ form),</li>
+
+ <li>your request on the website to join the Community and create an
+ account,</li>
+
+ <li>your request for Organisation Assurance,</li>
+
+ <li>your request for issuing of certificates, or</li>
+
+ <li>if you USE, RELY, or OFFER any certificate issued to you.</li>
+ </ul>
+
+ <p>Your agreement is effective from the date of the first event above that
+ makes this agreement known to you. This Agreement replaces and <span class=
+ "strike2">supercedes prior agreements, including the NRP-DaL.</span>
+ <span class="change2">supersedes any prior agreements.</span></p>
+
+ <h4><a name="1.2">1.2</a> Licence</h4>
+
+ <p>As part of the Community, CAcert offers you these rights:</p>
+
+ <ol>
+ <li>You may USE any certificates issued by CAcert.</li>
+
+ <li>You may RELY on any certificate issued by CAcert, as explained and
+ limited by CPS (COD6).</li>
+
+ <li>You may OFFER certificates issued to you by CAcert to Members for their
+ RELIANCE.</li>
+
+ <li>You may OFFER certificates issued to you by CAcert to NRPs for their
+ USE, within the general principles of the Community.</li>
+
+ <li>This Licence is free of cost, non-exclusive, and
+ non-transferrable.</li>
+ </ol>
+
+ <h4><a name="1.3">1.3</a> Your Contributions</h4>
+
+ <p>You agree to a non-exclusive non-restrictive non-revokable transfer of
+ Licence to CAcert for your contributions. That is, if you post an idea or
+ comment on a CAcert forum, or email it to other Members, your work can be
+ used freely by the Community for CAcert purposes, including placing under
+ CAcert's licences for wider publication.</p>
+
+ <p>You retain authorship rights, and the rights to also transfer
+ non-exclusive rights to other parties. That is, you can still use your ideas
+ and contributions outside the Community.</p>
+
+ <p>Note that the following exceptions override this clause:</p>
+
+ <ol>
+ <li>Contributions to controlled documents are subject to Policy on Policy
+ ("PoP" =&gt; COD1)</li>
+
+ <li>Source code is subject to an open source licence regime.</li>
+
+ <li><span class="change">Personal data</span></li>
+
+ <li><span class="change">Postings under competing licenses if clearly
+ stated when posted</span></li>
+ </ol>
+
+ <h4><a name="1.4">1.4</a> Privacy</h4>
+
+ <p>You give rights to CAcert to store, verify and
+ process and publish your data in accordance with policies in force. These
+ rights include shipping the data to foreign countries for system
+ administration, support and processing purposes. Such shipping will only be
+ done among CAcert Community administrators and Assurers.</p>
+
+ <p>Privacy is further covered in the Privacy Policy ("PP" =&gt; COD5).</p>
+
+ <h3><a name="2">2.</a> Your Risks, Liabilities and Obligations</h3>
+
+ <p>As a Member, you have risks, liabilities and obligations within this agreement.</p>
+
+ <h4><a name="2.1">2.1</a> Risks</h4>
+
+ <ol>
+ <li>A certificate may prove unreliable.</li>
+
+ <li>Your account, keys or other security tools may be
+ lost or otherwise compromised.</li>
+
+ <li>You may find yourself subject to Arbitration (DRP
+ =&gt; COD7).</li>
+ </ol>
+
+ <h4><a name="2.2">2.2</a> Liabilities</h4>
+
+ <ol>
+ <li>You are liable for any penalties as awarded
+ against you by the Arbitrator.</li>
+
+ <li>Remedies are as defined in the DRP (COD7). An
+ Arbitrator's ruling may include monetary amounts, awarded against
+ you.</li>
+
+ <li>Your liability is limited to a total maximum of
+ <b>1000 Euros</b>.</li>
+
+ <li>"Foreign Courts" may assert jurisdiction. These
+ include your local courts, and are outside our Arbitration. Foreign Courts
+ will generally refer to the Arbitration Act of their country, which will
+ generally refer civil cases to Arbitration. The Arbitration Act will not
+ apply to criminal cases.</li>
+ </ol>
+
+ <h4><a name="2.3">2.3</a> Obligations</h4>
+
+ <p>You are obliged</p>
+
+ <ol>
+ <li>to provide accurate information as part of
+ Assurance. You give permission for verification of the information using
+ CAcert-approved methods.</li>
+
+ <li>to make no false representations.</li>
+
+ <li>to submit all your disputes to Arbitration (DRP
+ =&gt; COD7).</li>
+
+ <li><span class="change">to assist the Arbitrator by truthfully providing
+ information, or with any other reasonable request.</span></li>
+
+ <li><span class="change7">to not share your CAcert account.</span></li>
+ </ol>
+
+ <h4><a name="2.4">2.4</a> Principles</h4>
+
+ <p>As a Member of CAcert, you are a member of the Community. You are further
+ obliged to work within the spirit of the Principles of the Community. These
+ are described in <a href=
+ "http://svn.cacert.org/CAcert/principles.html">Principles of the
+ Community</a>.</p>
+
+ <h4><a name="2.5">2.5</a> Security</h4>
+
+ <p>CAcert exists to help you to secure yourself. You are primarily
+ responsible for your own security. Your security obligations include</p>
+
+ <ol>
+ <li>to secure yourself and your computing platform (e. g. PC),</li>
+
+ <li>to keep your email account in good working order,</li>
+
+ <li>to secure your CAcert account (e. g., credentials such as username,
+ password),</li>
+
+ <li>to secure your private keys, <span class="change8">ensuring that they
+ are only used as indicated by the certificate, or by wider agreement with
+ others,</span></li>
+
+ <li>to review certificates for accuracy, and</li>
+
+ <li>when in doubt, notify CAcert,</li>
+
+ <li>when in doubt, take other reasonable actions, such as revoking
+ certificates, changing account credentials, and/or generating new
+ keys.</li>
+ </ol>
+
+ <p>Where, above, 'secure' means to protect to a reasonable degree, in
+ proportion with your risks and the risks of others.</p>
+
+ <h3><a name="3">3.</a> Law and Jurisdiction</h3>
+
+ <h4><a name="3.1">3.1</a> Governing Law</h4>
+
+ <p>This agreement is governed under the law of New South Wales, Australia,
+ being the home of the CAcert Inc. Association.</p>
+
+ <h4><a name="3.2">3.2</a> Arbitration as Forum of Dispute Resolution</h4>
+
+ <p>You agree, with CAcert and all of the Community, that all disputes arising
+ out of or in connection to our use of CAcert services shall be referred to
+ and finally resolved by Arbitration under the rules within the Dispute
+ Resolution Policy of CAcert (DRP =&gt; COD7). The rules select a single
+ Arbitrator chosen by CAcert from among senior Members in the Community. The
+ ruling of the Arbitrator is binding and final on Members and CAcert
+ alike.</p>
+
+ <p>In general, the jurisdiction for resolution of disputes is within CAcert's
+ own forum of Arbitration, as defined and controlled by its own rules (DRP
+ =&gt; COD7).</p>
+
+ <p>We use Arbitration for many purposes beyond the strict nature of disputes,
+ such as governance and oversight. A systems administrator may need
+ authorisation to conduct a non-routine action, and Arbitration may provide
+ that authorisation. Thus, you may find yourself party to Arbitration that is
+ simply support actions, and you may file disputes in order to initiate
+ support actions.</p>
+
+ <h4><a name="3.3">3.3</a> Termination</h4>
+
+ <p><span class="strike12">You may terminate this agreement by resigning from
+ CAcert. You may do this at any time by writing to CAcert's online support
+ forum and filing dispute to resign. All services will be terminated, and your
+ certificates will be revoked. However, some information will continue to be
+ held for certificate processing purposes.</span></p>
+
+ <p><span class="strike12">The provisions on Arbitration survive any
+ termination by you by leaving CAcert. That is, even if you resign from
+ CAcert, you are still bound by the DRP (COD7), and the Arbitrator may
+ reinstate any provision of this agreement or bind you to a ruling.</span></p>
+
+ <p><span class="strike12">Only the Arbitrator may terminate this agreement
+ with you.</span></p>
+
+ <p><span class="change12">The CAcert Community Agreement is
+ terminated</span></p>
+
+ <ol>
+ <li><span class="change12">based on a Policy Group decision following (PoP
+ =&gt; COD1). This terminates the Agreement with every member.</span></li>
+
+ <li><span class="change12">with a ruling of the Arbitrator or the
+ completion of a termination process defined by an Arbitrator ruling (DRP
+ =&gt; COD7).</span></li>
+
+ <li><span class="change12">by the end of existence of a member (i.e. death
+ in the case of individuals).</span></li>
+ </ol>
+
+ <p><span class="change12">A member may declare the wish to resign from CAcert
+ at any time by writing to <em>support AT cacert.org</em>. This triggers a
+ process for termination of this agreement with the member.</span></p>
+
+ <h4><span class="change12"><a name="3.3">3.3a</a> Consequences of
+ Termination</span></h4>
+
+ <p><span class="change12">The termination discontinues the right to USE,
+ OFFER and CREATE personal certificates in any account of the former member.
+ Those certificates will be revoked and all services to the former member will
+ be terminated as soon as possible. However, some information will continue to
+ be held for certificate processing purposes.</span></p>
+
+ <p><span class="change12">The provisions on Arbitration for the time of
+ membership survive any termination. Former members are still bound by the DRP
+ (COD7), and the Arbitrator may reinstate any provision of this agreement or
+ bind them to a ruling.</span></p>
+
+ <p><span class="change12">As far as Organisations are concerned details are
+ also defined in the Organisation Assurance Policy (OAP =&gt;
+ COD11).</span></p>
+
+ <p><span class="change12">Every member learning about the death of a member
+ or termination of existence of a member should notify <em>support AT
+ cacert.org</em>.</span></p>
+
+ <h4><a name="3.4">3.4</a> Changes of Agreement</h4>
+
+ <p>CAcert may from time to time vary the terms of this Agreement. Changes
+ will be done according to the documented CAcert policy for changing policies,
+ and is subject to scrutiny and feedback by the Community. Changes will be
+ notified to you by email to your primary address.</p>
+
+ <p>If you do not agree to the changes, you may terminate as above. Continued
+ use of the service shall be deemed to be agreement by you.</p>
+
+ <h4><a name="3.5">3.5</a> Communication</h4>
+
+ <p><span class="change6">You are responsible for keeping your primary email
+ account in good working order and able to receive emails from
+ CAcert.</span></p>
+
+ <p>Notifications to CAcert are to be sent by email to the address <em>support
+ AT cacert.org</em>. You should attach a digital signature<span class=
+ "strike6">, but need not do so in the event of security or similar
+ urgency</span>.</p>
+
+ <p><span class="strike6">Notifications to you are sent by CAcert to the
+ primary email address registered with your account. You are responsible for
+ keeping your email account in good working order and able to receive emails
+ from CAcert.</span></p>
+
+ <p><span class="strike6">Arbitration is generally conducted by
+ email.</span></p>
+
+ <h3><a name="4">4.</a> Miscellaneous</h3>
+
+ <h4><a name="4.1">4.1</a> <span class="strike10">Other Parties Within the
+ Community</span> <span class="change10">(withdrawn)</span></h4>
+
+ <p class="strike10">As well as you and other Members in the Community, CAcert
+ forms agreements with third party vendors and others. Thus, such parties will
+ also be in the Community. Such agreements are also controlled by the same
+ policy process as this agreement, and they should mirror and reinforce these
+ terms.</p>
+
+ <h4><a name="4.2">4.2</a> References and Other Binding Documents</h4>
+
+ <p class="strike11">This agreement is CAcert Official Document 9 (COD9) and
+ is a controlled document.</p>
+
+ <p>You are also bound by <span class="change11">the Policies of the Community
+ under the control of Policy on Policy ("PoP" =&gt; COD1) and listed in
+ <a href=
+ "https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">Controlled
+ Document List</a>.</span></p>
+
+ <ol>
+ <li><span class="strike11"><a href=
+ "http://www.cacert.org/policy/CertificationPracticeStatement.php">Certification
+ Practice Statement</a> (CPS =&gt; COD6).</span></li>
+
+ <li><span class="strike11"><a href=
+ "http://www.cacert.org/policy/DisputeResolutionPolicy.php">Dispute
+ Resolution Policy</a> (DRP =&gt; COD7).</span></li>
+
+ <li><span class="strike11"><a href="PrivacyPolicy.html">Privacy Policy</a>
+ (PP =&gt; COD5).</span></li>
+
+ <li><span class="strike11"><a href=
+ "http://svn.cacert.org/CAcert/principles.html">Principles of the
+ Community</a>.</span></li>
+ </ol>
+
+ <p class="strike11">Where documents are referred to as <i>=&gt; COD x</i>,
+ they are controlled documents under the control of Policy on Policies
+ (COD1).</p>
+
+ <p class="strike11">This agreement and controlled documents above are
+ primary, and may not be replaced or waived except by formal policy channels
+ and by Arbitration.</p>
+
+ <p class="change11">Controlled documents are primary, and may not be replaced
+ or waived except by formal policy channels and Arbitration.</p>
+
+ <p class="change11">This agreement is controlled document COD9.</p>
+
+ <h4><a name="4.3">4.3</a> Informative References</h4>
+ <p>The governing documents are in English. Documents may be translated for
+ convenience. Because we cannot control the legal effect of translations, the
+ English documents are the ruling ones.</p>
+ <p class="strike9">You are encouraged to be familiar with the Assurer
+ Handbook, which provides a more readable introduction for much of the
+ information needed. The Handbook is not however an agreement, and is
+ overruled by this agreement and others listed above.</p>
-<h3> <a name="0"> 0. </a> Introduction </h3>
-
-<p>
-This agreement is between
-you, being a registered member ("Member")
-within CAcert's community at large ("Community")
-and CAcert Incorporated ("CAcert"),
-being an operator of services to the Community.
-</p>
-
-<h4> <a name="0.1"> 0.1 </a> Terms </h4>
-<ol><li>
- "CAcert"
- means CAcert Inc.,
- a non-profit Association of Members incorporated in
- New South Wales, Australia.
- Note that Association Members are distinct from
- the Members defined here.
- </li><li>
- "Member"
- means you, a registered participant within CAcert's Community,
- with an account on the website and the
- facility to request certificates.
- Members may be individuals ("natural persons")
- or organisations ("legal persons").
- </li><li>
- "Organisation"
- is defined under the Organisation Assurance programme,
- and generally includes corporations and other entities
- that become Members and become Assured.
- </li><li>
- "Community"
- means all of the Members
- that are registered by this agreement
- and other parties by other agreements,
- all being under CAcert's Arbitration.
- </li><li>
- "Non-Related Person" ("NRP"),
- being someone who is not a
- Member, is not part of the Community,
- and has not registered their agreement.
- Such people are offered the NRP-DaL
- another agreement allowing the USE of certificates.
- </li><li>
- "Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"),
- another agreement that is offered to persons outside the
- Community.
- </li><li>
- "Arbitration"
- is the Community's forum for
- resolving disputes, or jurisdiction.
- </li><li>
- "Dispute Resolution Policy" ("DRP" => COD7)
- is the policy and
- rules for resolving disputes.
- </li><li>
- "USE"
- means the act by your software
- to conduct its tasks, incorporating
- the certificates according to software procedures.
- </li><li>
- "RELY"
- means your human act in taking on a
- risk and liability on the basis of the claim(s)
- bound within a certificate.
- </li><li>
- "OFFER"
- means the your act
- of making available your certificate to another person.
- Generally, you install and configure your software
- to act as your agent and facilite this and other tasks.
- OFFER does not imply suggestion of reliance.
- </li><li>
- "Issue"
- means creation of a certificate by CAcert.
- To create a certificate,
- CAcert affixes a digital signature from the root
- onto a public key and other information.
- This act would generally bind a statement or claim,
- such as your name, to your key.
- </li><li>
- "Root"
- means CAcert's top level key,
- used for signing certificates for Members.
- In this document, the term includes any subroots.
- </li><li>
- "CAcert Official Document" ("COD" => COD3)
- in a standard format for describing the details of
- operation and governance essential to a certificate authority.
- Changes are managed and controlled.
- CODs define more technical terms.
- See 4.2 for listing of relevant CODs.
- </li><li>
- "Certification Practice Statement" ("CPS" => COD6)
- is the document that controls details
- about operational matters within CAcert.
-</li></ol>
-
-
-<h3> <a name="1"> 1. </a> Agreement and Licence </h3>
-
-<h4> <a name="1.1"> 1.1 </a> Agreement </h4>
-
-<p>
-You and CAcert both agree to the terms and conditions
-in this agreement.
-Your agreement is given by any of
-</p>
-
-<ul><li>
- your signature on a form to request assurance of identity
- ("CAP" form),
- </li><li>
- your request on the website
- to join the Community and create an account,
- </li><li>
- your request for Organisation Assurance,
- </li><li>
- your request for issuing of certificates, or
- </li><li>
- if you USE, RELY, or OFFER
- any certificate issued to you.
-</li></ul>
-
-<p>
-Your agreement
-is effective from the date of the first event above
-that makes this agreement known to you.
-This Agreement
-replaces and supercedes prior agreements,
-including the NRP-DaL.
-</p>
-
-
-<h4> <a name="1.2"> 1.2 </a> Licence </h4>
-
-<p>
-As part of the Community, CAcert offers you these rights:
-</p>
-
-<ol><li>
- You may USE any certificates issued by CAcert.
- </li><li>
- You may RELY on any certificate issued by CAcert,
- as explained and limited by CPS (COD6).
- </li><li>
- You may OFFER certificates issued to you by CAcert
- to Members for their RELIANCE.
- </li><li>
- You may OFFER certificates issued to you by CAcert
- to NRPs for their USE, within the general principles
- of the Community.
- </li><li>
- This Licence is free of cost,
- non-exclusive, and non-transferrable.
-</li></ol>
-
-<h4> <a name="1.3"> 1.3 </a> Your Contributions </h4>
-
-
-<p>
-You agree to a non-exclusive non-restrictive non-revokable
-transfer of Licence to CAcert for your contributions.
-That is, if you post an idea or comment on a CAcert forum,
-or email it to other Members,
-your work can be used freely by the Community for
-CAcert purposes, including placing under CAcert's licences
-for wider publication.
-</p>
-
-<p>
-You retain authorship rights, and the rights to also transfer
-non-exclusive rights to other parties.
-That is, you can still use your
-ideas and contributions outside the Community.
-</p>
-
-<p>
-Note that the following exceptions override this clause:
-</p>
-
-<ol><li>
- Contributions to controlled documents are subject to
- Policy on Policy ("PoP" => COD1)
- </li><li>
- Source code is subject to an open source licence regime.
-</li></ol>
-
-<h4> <a name="1.4"> 1.4 </a> Privacy </h4>
-
-
-<p>
-You give rights to CAcert to store, verify and process
-and publish your data in accordance with policies in force.
-These rights include shipping the data to foreign countries
-for system administration, support and processing purposes.
-Such shipping will only be done among
-CAcert Community administrators and Assurers.
-</p>
-
-<p>
-Privacy is further covered in the Privacy Policy ("PP" => COD5).
-</p>
-
-<h3> <a name="2"> 2. </a> Your Risks, Liabilities and Obligations </h3>
-
-<p>
-As a Member, you have risks, liabilities
-and obligations within this agreement.
-</p>
-
-<h4> <a name="2.1"> 2.1 </a> Risks </h4>
-
-<ol><li>
- A certificate may prove unreliable.
- </li><li>
- Your account, keys or other security tools may be
- lost or otherwise compromised.
- </li><li>
- You may find yourself subject to Arbitration
- (DRP => COD7).
-</li></ol>
-
-<h4> <a name="2.2"> 2.2 </a> Liabilities </h4>
-
-<ol><li>
- You are liable for any penalties
- as awarded against you by the Arbitrator.
- </li><li>
- Remedies are as defined in the DRP (COD7).
- An Arbitrator's ruling may
- include monetary amounts, awarded against you.
- </li><li>
- Your liability is limited to
- a total maximum of
- <b>1000 Euros</b>.
- </li><li>
- "Foreign Courts" may assert jurisdiction.
- These include your local courts, and are outside our Arbitration.
- Foreign Courts will generally refer to the Arbitration
- Act of their country, which will generally refer
- civil cases to Arbitration.
- The Arbitration Act will not apply to criminal cases.
-</li></ol>
-
-<h4> <a name="2.3"> 2.3 </a> Obligations </h4>
-
-<p>
- You are obliged
-</p>
-
-<ol><li>
- to provide accurate information
- as part of Assurance.
- You give permission for verification of the information
- using CAcert-approved methods.
- </li><li>
- to make no false representations.
- </li><li>
- to submit all your disputes to Arbitration
- (DRP => COD7).
-</li></ol>
-
-<h4> <a name="2.4"> 2.4 </a> Principles </h4>
-
-<p>
-As a Member of CAcert, you are a member of
-the Community.
- You are further obliged to
- work within the spirit of the Principles
- of the Community.
- These are described in
- <a href="http://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
-</p>
-
-<h4> <a name="2.5"> 2.5 </a> Security </h4>
-<p>
-CAcert exists to help you to secure yourself.
-You are primarily responsible for your own security.
-Your security obligations include
-</p>
-
-<ol><li>
- to secure yourself and your computing platform (e.g., PC),
- </li><li>
- to keep your email account in good working order,
- </li><li>
- to secure your CAcert account
- (e.g., credentials such as username, password),
- </li><li>
- to secure your private keys,
- </li><li>
- to review certificates for accuracy,
- and
- </li><li>
- when in doubt, notify CAcert,
- </li><li>
- when in doubt, take other reasonable actions, such as
- revoking certificates,
- changing account credentials,
- and/or generating new keys.
-</li></ol>
-
-<p>
-Where, above, 'secure' means to protect to a reasonable
-degree, in proportion with your risks and the risks of
-others.
-</p>
-
-<h3> <a name="3"> 3. </a> Law and Jurisdiction </h3>
-
-<h4> <a name="3.1"> 3.1 </a> Governing Law </h4>
-
-<p>
-This agreement is governed under the law of
-New South Wales, Australia,
-being the home of the CAcert Inc. Association.
-</p>
-
-<h4> <a name="3.2"> 3.2 </a> Arbitration as Forum of Dispute Resolution </h4>
-
-<p>
-You agree, with CAcert and all of the Community,
-that all disputes arising out
-of or in connection to our use of CAcert services
-shall be referred to and finally resolved
-by Arbitration under the rules within the
-Dispute Resolution Policy of CAcert
-(DRP => COD7).
-The rules select a single Arbitrator chosen by CAcert
-from among senior Members in the Community.
-The ruling of the Arbitrator is binding and
-final on Members and CAcert alike.
-</p>
-
-<p>
-In general, the jurisdiction for resolution of disputes
-is within CAcert's own forum of Arbitration,
-as defined and controlled by its own rules (DRP => COD7).
-</p>
-
-<p>
-We use Arbitration for many purposes beyond the strict
-nature of disputes, such as governance and oversight.
-A systems administrator may
-need authorisation to conduct a non-routine action,
-and Arbitration may provide that authorisation.
-Thus, you may find yourself party to Arbitration
-that is simply support actions, and you may file disputes in
-order to initiate support actions.
-</p>
-
-<h4> <a name="3.3"> 3.3 </a> Termination </h4>
-<p>
-You may terminate this agreement by resigning
-from CAcert. You may do this at any time by
-writing to CAcert's online support forum and
-filing dispute to resign.
-All services will be terminated, and your
-certificates will be revoked.
-However, some information will continue to
-be held for certificate processing purposes.
-</p>
-
-<p>
-The provisions on Arbitration survive any termination
-by you by leaving CAcert.
-That is, even if you resign from CAcert,
-you are still bound by the DRP (COD7),
-and the Arbitrator may reinstate any provision of this
-agreement or bind you to a ruling.
-</p>
-
-<p>
-Only the Arbitrator may terminate this agreement with you.
-</p>
-
-<h4> <a name="3.4"> 3.4 </a> Changes of Agreement </h4>
-
-<p>
-CAcert may from time to time vary the terms of this Agreement.
-Changes will be done according to the documented CAcert policy
-for changing policies, and is subject to scrutiny and feedback
-by the Community.
-Changes will be notified to you by email to your primary address.
-</p>
-
-<p>
-If you do not agree to the changes, you may terminate as above.
-Continued use of the service shall be deemed to be agreement
-by you.
-</p>
-
-<h4> <a name="3.5"> 3.5 </a> Communication </h4>
-
-<p>
-Notifications to CAcert are to be sent by
-email to the address
-<b>support</b> <i>at</i> CAcert.org.
-You should attach a digital signature,
-but need not do so in the event of security
-or similar urgency.
-</p>
-
-<p>
-Notifications to you are sent
-by CAcert to the primary email address
-registered with your account.
-You are responsible for keeping your email
-account in good working order and able
-to receive emails from CAcert.
-</p>
-
-<p>
-Arbitration is generally conducted by email.
-</p>
-
-<h3> <a name="4"> 4. </a> Miscellaneous </h3>
-
-<h4> <a name="4.1"> 4.1 </a> Other Parties Within the Community </h4>
-
-<p>
-As well as you and other Members in the Community,
-CAcert forms agreements with third party
-vendors and others.
-Thus, such parties will also be in the Community.
-Such agreements are also controlled by the same
-policy process as this agreement, and they should
-mirror and reinforce these terms.
-</p>
-
-
-<h4> <a name="4.2"> 4.2 </a> References and Other Binding Documents </h4>
-
-<p>
-This agreement is CAcert Official Document 9 (COD9)
-and is a controlled document.
-</p>
-
-<p>
-You are also bound by
-</p>
-
-<ol><li>
- <a href="http://www.cacert.org/policy/CertificationPracticeStatement.php">
- Certification Practice Statement</a> (CPS => COD6).
- </li><li>
- <a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">
- Dispute Resolution Policy</a> (DRP => COD7).
- </li><li>
- <a href="PrivacyPolicy.html">
- Privacy Policy</a> (PP => COD5).
- </li><li>
- <a href="http://svn.cacert.org/CAcert/principles.html">
- Principles of the Community</a>.
-</li></ol>
-
-<p>
-Where documents are referred to as <i>=> COD x</i>,
-they are controlled documents
-under the control of Policy on Policies (COD1).
-</p>
-
-<p>
-This agreement and controlled documents above are primary,
-and may not be replaced or waived except
-by formal policy channels and by Arbitration.
-</p>
-
-<h4> <a name="4.3"> 4.3 </a> Informative References </h4>
-
-<p>
-The governing documents are in English.
-Documents may be translated for convenience.
-Because we cannot control the legal effect of translations,
-the English documents are the ruling ones.
-</p>
-
-<p>
-You are encouraged to be familiar with the
-Assurer Handbook,
-which provides a more readable introduction for much of
-the information needed.
-The Handbook is not however an agreement, and is overruled
-by this agreement and others listed above.
-</p>
-
-<h4> <a name="4.4"> 4.4 </a> Not Covered in this Agreement </h4>
-
-<p>
-<b>Intellectual Property.</b>
-This Licence does not transfer any intellectual
-property rights ("IPR") to you. CAcert asserts and
-maintains its IPR over its roots, issued certificates,
-brands, logos and other assets.
-Note that the certificates issued to you
-are CAcert's intellectual property
-and you do not have rights other than those stated.
-</p>
+ <p class="change9">Beside this Agreement and the Policies, there are other
+ documents, i. e. Policy Guides, Manuals and Handbooks, supporting and
+ explaining this Agreement and the Policies. These documents are not binding
+ and in doubt this Agreement and the Policies are valid.</p>
+ <h4><a name="4.4">4.4</a> <span class="strike9">Not Covered in this
+ Agreement</span> <span class="change9">(withdrawn)</span></h4>
+ <p class="strike9"><b>Intellectual Property.</b> This Licence does not
+ transfer any intellectual property rights ("IPR") to you. CAcert asserts and
+ maintains its IPR over its roots, issued certificates, brands, logos and
+ other assets. Note that the certificates issued to you are CAcert's
+ intellectual property and you do not have rights other than those stated.</p>
</body>
</html>
diff --git a/www/policy/DisputeResolutionPolicy.php b/www/policy/DisputeResolutionPolicy.php
index a97789b..40fca3a 100644
--- a/www/policy/DisputeResolutionPolicy.php
+++ b/www/policy/DisputeResolutionPolicy.php
@@ -1,60 +1,95 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
+<?='<?xml version="1.0" encoding="utf-8"?>'?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title>Dispute Resulution Policy</title>
+ <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
+ <title>Dispute Resulution Policy</title>
+<style type="text/css">
+<!--
+.first-does-not-work {
+ color : red;
+}
+.comment {
+ color : steelblue;
+}
+.q {
+ color : green;
+ font-weight: bold;
+ text-align: center;
+ font-style:italic;
+}
+.change {
+ color : blue;
+ font-weight: bold;
+}
+.change2 {
+ color : steelblue;
+}
+.strike {
+ color : blue;
+ text-decoration:line-through;
+}
+.draftadd {
+ color : darkblue;
+ font-weight: bold;
+ font-style: italic;
+}
+.draftdrop {
+ color : darkblue;
+ text-decoration:line-through;
+ font-style: italic;
+}
+-->
+</style>
+
</head>
<body>
-<table width="100%">
-<tr>
-<td> DRP </td>
-<td> </td>
-<td width="20%"> Teus Hagen </td>
-</tr>
-<tr>
-<td> POLICY&nbsp;<a href="http://wiki.cacert.org/wiki/TopMinutes-20070917">m20070919.3</a> </td>
-<td> </td>
-<td>
- $Date: 2008-01-18 22:56:31 $
- <!--
- to get this to work, we have to do this:
- svn propset svn:keywords "Date" PolicyOnPolicy.html
- except it does not work through the website.
- -->
-</td>
-</tr>
+<div class="comment">
+<table width="100%">
<tr>
-<td> COD7 </td>
-<td> </td>
-<td> <!-- contributors --> </td>
-</tr>
-
+<td>
+ Name: DRP <a style="color: steelblue" href="//svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD7</a><br />
+ Status: POLICY <a style="color: steelblue" href="//wiki.cacert.org/wiki/TopMinutes-20070917">m20070919.3</a><br />
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <span class="draftadd">DRAFT p20110108 p20121213</span> <br />
+ Editor: <a style="color: steelblue" href="//wiki.cacert.org/TeusHagen">Teus Hagen
+</a><br />
+ Licence: <a style="color: steelblue" href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br /></td>
+<td valign="top" align="right">
+ <a href="//www.cacert.org/policy/PolicyOnPolicy.php"><img src="/images/cacert-policy.png" alt="TTP-Assist Status - POLICY" height="31" width="88" style="border-style: none;" /></a><br />
+ <a href="//www.cacert.org/policy/PolicyOnPolicy.php"><img src="/images/cacert-draft.png" alt="TTP-Assist Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
-<tr> <!-- title only -->
-<td> </td>
-<td > <b>Dispute&nbsp;Resolution&nbsp;Policy</b> </td>
-<td> </td>
+</td>
</tr>
-
</table>
+</div>
-<h2> <a name="0"> 0. </a> Introduction</h2>
+<h1> Dispute&nbsp;Resolution&nbsp;Policy </h1>
+
+<h2 id="s0"> 0. Introduction</h2>
<p>
-This is the Dispute Resolution Policy for CAcert.
+This is the Dispute Resolution Policy
+<span class="draftdrop">for CAcert</span>
+<span class="draftadd">for the CAcert Community, consisting of CAcert Inc and Members who agree to the CAcert Community Agreement (CCA)</span>.
Disputes arising out of
-operations by CAcert and interactions between
-users may be addressed through this policy.
+operations by CAcert
+<span class="draftadd">Inc</span>
+and interactions between
+<span class="draftadd">
+Members
+</span>
+may be addressed through this policy.
This document also presents the rules for
resolution of disputes.
</p>
-<h3> <a name="0.1"> 0.1 </a> Nature of Disputes </h3>
+<h3 id="s0.1"> 0.1 Nature of Disputes </h3>
<p>
Disputes include:
@@ -64,9 +99,12 @@ Disputes include:
Requests for non-routine support actions.
CAcert support team has no authority to
act outside the normal support facilities made
- available to Users;
+ available to
+ <span class="draftadd">
+ Members;
+ </span>
</li><li>
- Classical disputes where a User or another
+ Classical disputes where a <span class="draftadd">Member</span> or another
assert claims and demand remedies;
</li><li>
Requests by external organisations, including
@@ -75,15 +113,15 @@ Disputes include:
Events initiated for training purposes.
</li></ul>
-<h2> <a name="1"> 1. </a> Filing</h2>
+<h2 id="s1"> 1. Filing</h2>
-<h3> <a name="1.1"> 1.1 </a> Filing Party</h3>
+<h3 id="s1.1"> 1.1 Filing Party</h3>
<p>
Anyone may file a dispute.
In filing, they become <i>Claimants</i>.
</p>
-<h3> <a name="1.2">1.2 </a> Channel for Filing</h3>
+<h3 id="s1.2"> 1.2 Channel for Filing</h3>
<p>
Disputes are filed by being sent to the normal
@@ -96,7 +134,7 @@ Such fees as are imposed on filing will be specified
on the dispute resolution page of the website.
</p>
-<h3> <a name="1.3">1.3 </a> Case Manager</h3>
+<h3 id="s1.3"> 1.3 Case Manager</h3>
<p>
The Case Manager (CM) takes control of the filing.
</p>
@@ -120,10 +158,10 @@ The Case Manager (CM) takes control of the filing.
<p>
The personnel within the CAcert support team
are Case Managers, by default, or as directed
-by the Dispute Resolution Officer.
+by the Dispute Resolution Officer <span class="change2">(DRO)</span>.
</p>
-<h3> <a name="1.4">1.4 </a> Contents</h3>
+<h3 id="s1.4"> 1.4 Contents</h3>
<p>
The filing must specify:
</p>
@@ -135,13 +173,13 @@ The filing must specify:
being the <i>Respondent(s)</i>.
This will be CAcert in the
case of requests for support actions.
- It may be a User (possibly unidentified) in the
- case where one User has given rise to a complaint against another.
+ It may be a <span class="draftadd">Member</span> (possibly unidentified) in the
+ case where one <span class="draftadd">Member</span> has given rise to a complaint against another.
</li><li>
The <i>Complaint</i>.
For example, a trademark has been infringed,
privacy has been breached,
- or a user has defrauded using a certificate.
+ or a <span class="draftadd">Member</span> has defrauded using a certificate.
</li><li>
The action(s) requested by the filing party
(technically, called the <i>relief</i>).
@@ -157,11 +195,12 @@ may refile with the additional information,
attaching the original messages.
</p>
-<h3> <a name="1.5">1.5 </a> The Arbitrator</h3>
+<h3 id="s1.5"> 1.5 The Arbitrator</h3>
<p>
The Case Manager selects the Arbitrator according
-to the mechanism managed by the Dispute Resolution Officer
+to the mechanism managed by the
+<span class="change2">DRO</span> <!-- Dispute Resolution Officer -->
and approved from time to time.
This mechanism is to maintain a list of Arbitrators available for
dispute resolution.
@@ -174,24 +213,31 @@ closed with status "declined."
</p>
<p>
-Arbitrators are experienced Assurers of CAcert.
+Arbitrators are experienced Assurers <span class="draftdrop">of CAcert</span>.
They should be independent and impartial, including
-of CAcert itself where it becomes a party.
+of CAcert <span class="draftadd">Inc.</span> itself where it becomes a party.
</p>
-<h2> <a name="2"> 2. </a> The Arbitration</h2>
+<h2 id="s2"> 2. The Arbitration</h2>
-<h3> <a name="2.1">2.1 </a> Authority</h3>
+<h3 id="s2.1"> 2.1 Authority</h3>
<p>
-The Board of CAcert and the Users vest in Arbitrators
+The Board of CAcert <span class="draftadd">Inc.</span> and the
+<span class="draftadd">
+Members of the Community
+</span>
+ vest in Arbitrators
full authority to hear disputes and deliver rulings
-which are binding on CAcert and the Users.
+which are binding on CAcert <span class="draftadd">Inc.</span> and the
+<span class="draftadd">
+Members.
+</span>
</p>
-<h3> <a name="2.2">2.2 </a> Preliminaries</h3>
+<h3 id="s2.2"> 2.2 Preliminaries</h3>
<p>
The Arbitrator conducts some preliminaries:
@@ -208,29 +254,54 @@ The Arbitrator conducts some preliminaries:
agree, are under such jurisdiction, and it is deemed
more appropriate.
However, this is strictly limited to those parties,
- and especially, CAcert and other parties
- remains under the governing law.
+ and especially, CAcert <span class="draftadd">Inc.</span> and other parties
+ remain under the governing law.
</li><li>
The Arbitrator reviews the Respondents and Claimants
with a view to dismissal or joining of additional parties.
- E.g., support personel may be joined if emergency action was
+ E.g., support personnel may be joined if emergency action was
taken.
</li><li>
- Any parties that are not Users and are not bound
- by the CPS are given the opportunity to enter into
- CAcert and be bound by the CPS and these rules of arbitration.
- If these Non-Related Persons (NRPs) remain outside,
+ Any parties that are not
+ <span class="draftadd">
+ Members
+ </span>
+ and are not bound by the
+ <span class="draftdrop">CPS</span> <span class="draftadd">CCA</span>
+ are given the opportunity to enter into
+ CAcert and be bound by the
+ <span class="draftdrop">CPS</span> <span class="draftadd">CCA</span>
+ and these rules of arbitration.
+ If
+ <!-- <span class="draftdrop">these Non-Related Persons (NRPs)</span> <span class="change">they</span> -->
+ these Non-Related Persons (NRPs)
+ remain outside,
their rights and remedies under CAcert's policies
- and forum are strictly limited to that specified in the
- Non-Related Persons -- Disclaimer and Licence.
- NRPs may proceed with Arbitration subject to preliminary orders
+ and forum are strictly limited to
+ <span class="strike">that</span> <span class="change2">those</span>
+ specified in the
+ <span class="draftdrop">Non-Related Persons -- Disclaimer and Licence</span> <span class="draftadd">Root Distribution License</span>.
+ NRPs
+ may proceed with Arbitration subject to preliminary orders
of the Arbitrator.
</li><li>
- Participating Users may not resign until the completion of the case.
+ Participating
+ <span class="draftadd">
+ Members
+ </span>
+ may not resign
+ <span class="change2">
+ from the Community
+ </span>
+ until the completion of the case.
</li><li>
The Arbitrator confirms that all parties accept
the forum of dispute resolution.
- This is especially important where a User might be
+ This is especially important where a
+ <span class="draftadd">
+ Member
+ </span>
+ might be
in a country with no Arbitration Act in law, or
where there is reason to believe that a party might
go to an external court.
@@ -240,12 +311,12 @@ The Arbitrator conducts some preliminaries:
represented, but are not encouraged to do so,
bearing in mind the volunteer nature of the
organisation and the size of the dispute.
- If they do so they must declare such, including any
- changes.
+ If they do so<span class="change2">,</span>
+ they must declare such, including any changes.
</li><li>
The Arbitrator may appoint experienced Assurers
to assist and represent parties, especially for NRPs.
- The Case Manager must not to provide such assistance.
+ The Case Manager must not provide such assistance.
</li><li>
The Arbitrator is bound to maintain the balance
of legal fairness.
@@ -255,16 +326,18 @@ The Arbitrator conducts some preliminaries:
to emergency actions already taken.
</li><li>
The Arbitrator may request any written pleadings,
- counterclaim, and/or statements of defence.
+ counterclaims, and/or statements of defence.
</li></ul>
-<h3> <a name="2.3">2.3 </a> Jurisdiction </h3>
+<h3 id="s2.3"> 2.3 Jurisdiction </h3>
<p>
-Jurisidiction - the right or power to hear and rule on
+Jurisdiction - the right or power to hear and rule on
disputes - is initially established by clauses in the
-User agreements for all CAcert Users.
+<span class="draftadd">
+CAcert Community Agreement.
+</span>
The agreement must establish:
</p>
@@ -292,7 +365,7 @@ to be considered carefully:
</p>
<ul><li>
- Where NRPs, being not members of CAcert and not
+ Where NRPs, being not Members of CAcert and not
bound by agreement, are parties to the dispute.
E.g., intellectual property disputes may involve
NRPs and their trademarks;
@@ -301,7 +374,11 @@ to be considered carefully:
proceedings,
e.g., fraud;
</li><li>
- Contracts between Users that were formed without
+ Contracts between
+ <span class="draftadd">
+ Members
+ </span>
+ that were formed without
a clause to seek arbitration in the forum;
</li><li>
Areas where laws fall outside the Arbitration Act,
@@ -321,7 +398,7 @@ another forum, the Arbitrator should seek the agreement
of the NRP to file the ruling as part of the new case.
</p>
-<h3> <a name="2.4">2.4 </a> Basis in Law </h3>
+<h3 id="s2.4"> 2.4 Basis in Law </h3>
<p>
Each country generally has an Arbitration Act
@@ -329,7 +406,12 @@ that elevates Arbitration as a strong dispute
resolution forum.
The Act generally defers to Arbitration
if the parties have so agreed.
-That is, as Users of CAcert, you agree to resolve
+That is, as
+ <span class="draftadd">
+ Members
+ </span>
+<span class="draftdrop">users of CAcert</span>,
+you agree to resolve
all disputes before CAcert's forum.
This is sometimes called <i>private law</i>
or <i>alternative dispute resolution</i>.
@@ -338,13 +420,16 @@ or <i>alternative dispute resolution</i>.
<p>
As a matter of public policy, courts will generally
refer any case back to Arbitration.
-Users should understand that they will have
+ <span class="draftadd">
+ Members
+ </span>
+should understand that they will have
strictly limited rights to ask the courts to
seek to have a case heard or to override a Ruling.
</p>
-<h3> <a name="2.5">2.5 </a> External Courts </h3>
+<h3 id="s2.5"> 2.5 External Courts </h3>
<p>
When an external court claims and asserts its jurisdiction,
@@ -362,17 +447,20 @@ seek to have a case heard or to override a Ruling.
court, and rules.
The Arbitrator may rule to reject the order,
for jurisdiction or other reasons.
- By way of example, if all Parties are registered Users,
+ By way of example, if all Parties are
+ <span class="draftadd">
+ Members,
+ </span>
then jurisdiction more normally falls within the forum.
If the Arbitrator rules to reject,
- he should do so only after consulting with CAcert counsel.
+ he should do so only after consulting with CAcert <span class="draftadd">Inc.</span> counsel.
The Arbitrator's jurisidiction is ordinarily that of
dealing with the order, and
not that which the external court has claimed to.
</p>
-<h3> <a name="2.6">2.6 </a> Process</h3>
+<h3 id="s2.6"> 2.6 Process</h3>
<p>
The Arbitrator follows the procedure:
@@ -382,8 +470,11 @@ The Arbitrator follows the procedure:
<ol><li>
Establish the facts.
The Arbitrator collects the evidence from the parties.
- The Arbitrator may order CAcert or Users under
- jurisdiction to provide support or information.
+ The Arbitrator may order CAcert <span class="draftadd">Inc.</span> or
+ <span class="draftadd">
+ Members
+ </span>
+ under jurisdiction to provide support or information.
The Arbitrator may use email, phone or face-to-face
meetings as proceedings.
</li><li>
@@ -392,15 +483,23 @@ The Arbitrator follows the procedure:
The Arbitrator may request that the parties
submit their views.
The Arbitrator also works to the mission of CAcert,
- the benefit of all Users, and the community as a whole.
- The Arbitrator may any assistance.
+ the benefit of all
+ <span class="draftadd">
+ Members
+ </span>
+ , and the community as a whole.
+ The Arbitrator may
+ <span class="draftadd">
+ seek
+ </span>
+ any assistance.
</li><li>
Makes a considered Ruling.
</li></ol>
-<h2> <a name="3"> 3. </a> The Ruling</h2>
+<h2 id="s3"> 3. The Ruling</h2>
-<h3> <a name="3.1">3.1 </a> The Contents </h3>
+<h3 id="s3.1"> 3.1 The Contents </h3>
<p>
The Arbitrator records:
@@ -420,11 +519,11 @@ The Arbitrator records:
</li></ol>
-<h3> <a name="3.2">3.2 </a> Process </h3>
+<h3 id="s3.2"> 3.2 Process </h3>
<p>
Once the Ruling is delivered, the case is closed.
The Case Manager is responsible for recording the
-Ruling, publishing it, and advising users.
+Ruling, publishing it, and advising <span class="draftadd">Members</span>.
</p>
<p>
@@ -440,53 +539,94 @@ Arbitrator declare the Ruling private <i>under seal</i>.
Such a declaration must be reviewed in its entirety
by the Board,
and the Board must confirm or deny that declaration.
-If it confirms, the existance of any Rulings under seal
-must be published to the Users in a timely manner
+If it confirms, the existence of any Rulings under seal
+must be published to the
+ <span class="draftadd">
+ Members
+ </span>
+in a timely manner
(within days).
</p>
-<h3> <a name="3.3">3.3 </a> Binding and Final </h3>
-
-<p>
-The Ruling is binding and final on CAcert and all Users.
-Ordinarily, all Users agree to be bound by this dispute
-resolution policy. Users must declare in the Preliminaries
+<h3 id="s3.3"> 3.3 Binding and Final </h3>
+
+<p>
+The Ruling is
+<!-- (DRAFT p20110108) -->
+<span class="draftadd">ordinarily final and binding </span>
+<span class="draftdrop">binding and final</span>
+on CAcert <span class="draftadd">Inc.</span> and all
+ <span class="draftadd">
+ Members
+ </span>
+.
+Ordinarily, all
+ <span class="draftadd">
+ Members
+ </span>
+ agree to be bound by this dispute
+resolution policy.
+ <span class="draftadd">
+ Members
+ </span>
+must declare in the Preliminaries
any default in agreement or binding.
</p>
<p>
-If a person who is not a User is a party to the dispute,
+If a person who is not a
+ <span class="draftadd">
+ Member
+ </span>
+is a party to the dispute,
then the Ruling is not binding and final on that person,
but the Ruling must be presented in filing any dispute
in another forum such as the person's local courts.
</p>
-<h3> <a name="3.4">3.4 </a> Re-opening the Case or Appeal </h3>
+<h3 id="s3.4"> 3.4 <span class="draftadd">Review for Appeal (DRAFT p20110108)</span> &nbsp;&nbsp;&nbsp;&nbsp; <span class="draftdrop">Re-opening the Case or Appeal</span> </h3>
<p>
-In the case of clear injustices, egregious behaviour or
-unconscionable Rulings, parties may seek to re-open the
-case by filing a dispute. The new Arbitrator
-reviews the new dispute,
+In the <span class="draftadd">event</span> <span class="draftdrop">case</span> of clear injustices, egregious behaviour or
+unconscionable Rulings,
+<span class="draftadd">
+a review may be requested by filing a dispute (DRAFT p20110108).
+</span>
+<span class="draftdrop">
+parties may seek to re-open the
+case by filing a dispute.
+</span>
+The new Arbitrator reviews the new dispute,
re-examines and reviews the entire case, then rules on
whether the case may be re-opened or not.
</p>
<p>
+<span class="draftadd">
+If the Review Arbitrator rules the case be re-opened,
+then the Review Arbitrator refers the case to an Appeal Panel of 3.
+The Appeal Panel is led by a Senior Arbitrator,
+and is formed according to procedures established
+by the DRO from time to time.
+The Appeal Panel hears the case and delivers a final and binding Ruling.
+ (DRAFT p20110108)
+</span>
+<span class="draftdrop">
If the new Arbitrator rules the case be re-opened,
then it is referred to the Board of CAcert Inc.
The Board hears the case and delivers a final
and binding Ruling.
+</span>
</p>
-<h3> <a name="3.5">3.5 </a> Liability </h3>
+<h3 id="s3.5"> 3.5 Liability </h3>
<p>
All liability of the Arbitrator for any act in
connection with deciding a dispute is excluded
by all parties, provided such act does not constitute
an intentional breach of duty.
-All liability of the Arbitrators, CAcert, its officers and its
+All liability of the Arbitrators, CAcert <span class="draftadd">Inc.</span>, its officers and its
employees (including Case Manager)
for any other act or omission in connection with
arbitration proceedings is excluded, provided such acts do not
@@ -495,15 +635,18 @@ constitute an intentional or grossly negligent breach of duty.
<p>
The above provisions may only be overridden by
-appeal process (by means of a new dispute causing
-referral to the Board).
+appeal process
+ (by means of a new dispute causing referral to the Board).
+
</p>
-<h3> <a name="3.6">3.6 </a> Remedies </h3>
+<h3 id="s3.6"> 3.6 Remedies </h3>
<p>
The Arbitrator generally instructs using internal remedies,
-that is ones that are within the general domain of CAcert,
+that is ones that are within the general domain of
+<span class="draftdrop">CAcert</span>
+<span class="draftadd">the Community</span>,
but there are some external remedies at his disposal.
He may rule and instruct any of the parties on these issues.
</p>
@@ -515,7 +658,7 @@ He may rule and instruct any of the parties on these issues.
</li><li>
writing documentation
</li><li>
- serve in role - support, dispute arbitration
+ serve in <span class="change2">a</span> role - support, dispute arbitration
</li></ul>
or others as decided.
@@ -531,7 +674,10 @@ He may rule and instruct any of the parties on these issues.
</li><li>
Monetary fine up to the liability cap established for
- each party as described in the Registered User Agreement.
+ each party as described in the
+ <span class="draftadd">
+ CAcert Community Agreement.
+ </span>
</li><li>
Exclusion from community.
@@ -548,20 +694,25 @@ He may rule and instruct any of the parties on these issues.
The Arbitrator is not limited within the general domain
of CAcert, and may instruct novel remedies as seen fit.
Novel remedies outside the domain may be routinely
-confirmed by the Board by way of appeals process,
+confirmed by the Board by way of appeal process,
in order to establish precedent.
+
</p>
-<h2> <a name="4"> 4. </a> Appendix</h2>
+<h2 id="s4"> 4. Appendix</h2>
-<h3> <a name="4.1">4.1 </a> The Advantages of this Forum </h3>
+<h3 id="s4.1"> 4.1 The Advantages of this Forum </h3>
<p>
-The advantage of this process for Users is:
+The advantage of this process for
+ <span class="draftadd">
+ Members
+ </span>
+ is:
</p>
<ul><li>
- CAcert and Users operate across many jurisdictions.
+ CAcert and <span class="draftadd">Members</span> operate across many jurisdictions.
Arbitration allows us to select a single set of
rules across all jurisdictions.
</li><li>
@@ -572,7 +723,7 @@ The advantage of this process for Users is:
authority to act.
Good governance is thus maintained.
</li><li>
- This forum allows CAcert Users to look after themselves
+ This forum allows CAcert <span class="draftadd">Members</span> to look after themselves
in a community, without exposing each other to potentially
disastrous results in strange courts from foreign lands.
</li><li>
@@ -588,18 +739,21 @@ The advantage of this process for Users is:
other external agencies.
</li></ul>
-<h3> <a name="4.2">4.2 </a> The Disadvantages of this Forum </h3>
+<h3 id="s4.2"> 4.2 The Disadvantages of this Forum </h3>
<p>
Some disadvantages exist.
</p>
<ul><li>
- Users may have their rights trampled over.
+ <span class="draftadd">Members</span> may have their rights trampled over.
In such a case, the community should strive to
- re-open the case and refer it to the board.
+ re-open the case
+ and refer it to the board.
+
+
</li><li>
- Users may feel overwhelmed by the formality
+ <span class="draftadd">Members</span> may feel overwhelmed by the formality
of the process.
It is kept formal so as to establish good and proper
authority to act; otherwise, support and other
@@ -613,7 +767,7 @@ Some disadvantages exist.
they should also depart the community.
</li></ul>
-<h3> <a name="4.3">4.3 </a> Process and Flow </h3>
+<h3 id="s4.3"> 4.3 Process and Flow </h3>
<p>
To the extent reasonable, the Arbitrator conducts
@@ -635,5 +789,6 @@ Note also that many elements of legal proceedings are
deliberately left out of the rules.
</p>
+
</body>
</html>
diff --git a/www/policy/OrganisationAssurancePolicy.php b/www/policy/OrganisationAssurancePolicy.php
index 7d8699c..e462693 100644
--- a/www/policy/OrganisationAssurancePolicy.php
+++ b/www/policy/OrganisationAssurancePolicy.php
@@ -1,54 +1,51 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-<head><title>Organisation Assurance Policy</title></head>
+<?='<?xml version="1.0" encoding="utf-8"?>'?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title> Organisation Assurance Policy </title>
+<style type="text/css">
+<!--
+.comment {
+ color : steelblue;
+}
+-->
+</style>
+
+</head>
<body>
+<div class="comment">
<table width="100%">
<tr>
-<td> OAP </td>
-<td> </td>
-<td width="20%"> Jens </td>
-</tr>
-
-<tr>
-<td> POLICY&nbsp;<a href="http://wiki.cacert.org/wiki/TopMinutes-20070917">m20070918.x</a> </td>
-<td> </td>
<td>
- $Date: 2008-01-18 22:56:31 $
- <!--
- to get this to work, we have to do this:
- svn propset svn:keywords "Date" file.html
- except it does not work through the website.
- -->
-</td>
-</tr>
+ Name: OAP <a style="color: steelblue" href="//svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD11</a><br />
-<tr>
-<td> COD11 </td>
-<td> </td>
-<td> </td>
-</tr>
+ Status: POLICY/DRAFT <a style="color: steelblue" href="//wiki.cacert.org/wiki/TopMinutes-20070917">m20070918.x </a><br />
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <span class="draftadd">DRAFT p20080401.1 </span> <br />
+ Editor: Jens Paul <br />
+ Licence: <a style="color: steelblue" href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br /></td>
+<td valign="top" align="right">
+ <a href="//www.cacert.org/policy/PolicyOnPolicy.html"><img src="/images/cacert-policy.png" alt="OAP Status - POLICY" height="31" width="88" style="border-style: none;" /></a><br />
+ <a href="//www.cacert.org/policy/PolicyOnPolicy.html"><img src="/images/cacert-draft.png" alt="OAP Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
-<tr>
-<td> </td>
-<td > <b>Organisation&nbsp;Assurance&nbsp;Policy</b> </td>
-<td> </td>
+</td>
</tr>
-
</table>
+</div>
+<h1> Organisation&nbsp;Assurance&nbsp;Policy </h1>
-<h2> <a name="0"> 0. </a> Preliminaries </h2>
+<h2 id="s0">0. Preliminaries </h2>
<p>
This policy describes how Organisation Assurers ("OAs")
conduct Assurances on Organisations.
It fits within the overall web-of-trust
-or Assurance process of Cacert.
+or Assurance process of CAcert.
</p>
<p>
@@ -56,7 +53,7 @@ This policy is not a Controlled document, for purposes of
Configuration Control Specification ("CCS").
</p>
-<h2> <a name="1"> 1. </a> Purpose </h2>
+<h2 id="s1"> 1. Purpose </h2>
<p>
Organisations with assured status can issue certificates
@@ -76,27 +73,31 @@ and as described in the CPS.
to this policy.
</li><li>
The organisation is within the jurisdiction
- and can be taken to Arbitration.
+ and can be taken to CAcert Arbitration.
</li></ul>
-<h2> <a name="2"> 2. </a> Roles and Structure </h2>
+<h2 id="s2"> 2. Roles and Structure </h2>
-<h3> <a name="2.1"> 2.1 </a> Assurance Officer </h3>
+<h3 id="s2.1"> 2.1 Assurance Officer </h3>
<p>
The Assurance Officer ("AO")
-manages this policy and reports to the board.
+manages this policy and reports to the CAcert Inc. Committee ("Board").
</p>
<p>
The AO manages all OAs and is responsible for process,
-the CAcert Organisation Assurance Programme form ("COAP"),
+the CAcert Organisation Assurance Programme ("COAP") form,
OA training and testing, manuals, quality control.
In these responsibilities, other Officers will assist.
</p>
+<p>
+The OA is appointed by the Board.
+Where the OA is failing the Board decides.
+</p>
-<h3> <a name="2.2"> 2.2 </a> Organisation Assurers </h3>
+<h3 id="s2.2"> 2.2 Organisation Assurers </h3>
<p>
</p>
@@ -141,11 +142,30 @@ In these responsibilities, other Officers will assist.
as supervised, trained and tested.
</li>
</ol>
+ </li>
+ <li>The OA can decide when a CAcert
+ (individual) Assurer
+ has done several OA Application Advises to appoint this
+ person to OA Assurer.
+ </li>
+
</ol>
+<h3 id="s2.3"> 2.3 Organisation Assurance Advisor ("OAA") </h3>
+ <p>In countries/states/provinces where no OA Assurers are
+ operating for an OA Application (COAP) the OA
+ can be advised by an experienced local CAcert
+ (individual) Assurer to take the decision
+ to accept the OA Application (COAP) of the organisation.
+ </p>
+ <p>
+ The local Assurer must have at least 150 Points,
+ should know the language, and know
+ the organisation trade office registry culture and quality.
+ </p>
-<h3> <a name="2.3"> 2.3 </a> Organisation Administrator </h3>
+<h3 id="s2.4"> 2.4 Organisation Administrator </h3>
<p>
The Administrator within each Organisation ("O-Admin")
@@ -175,9 +195,9 @@ and the issuing of certificates.
</ol>
-<h2> <a name="3"> 3. </a> Policies </h2>
+<h2 id="s3"> 3. Policies </h2>
-<h3> <a name="3.1"> 3.1 </a> Policy </h3>
+<h3 id="s3.1"> 3.1 Policy </h3>
<p>
There is one policy being this present document,
@@ -191,7 +211,7 @@ and several subsidiary policies.
<li> Organisations are assured under an appropriate subsidiary policy. </li>
</ol>
-<h3> <a name="3.2"> 3.2 </a> Subsidiary Policies </h3>
+<h3 id="s3.2"> 3.2 Subsidiary Policies </h3>
<p>
The nature of the Subsidiary Policies ("SubPols"):
@@ -210,7 +230,7 @@ The nature of the Subsidiary Policies ("SubPols"):
</li><li>
For OAs,
SubPol specifies the <i>tests of local knowledge</i>
- including the local organisational forms.
+ including the local organisation assurance COAP forms.
</li><li>
For assurances,
SubPol specifies the <i>local documentation forms</i>
@@ -221,7 +241,7 @@ The nature of the Subsidiary Policies ("SubPols"):
policy approval process.
</li></ol>
-<h3> <a name=""> </a> 3.3 Freedom to Assemble </h3>
+<h3 id="s3.3"> 3.3 Freedom to Assemble </h3>
<p>
Subsidiary Policies are open, accessible and free to enter.
@@ -254,9 +274,9 @@ Subsidiary Policies are open, accessible and free to enter.
</li></ol>
-<h2> <a name="4"> 4. </a> Process </h2>
+<h2 id="s4"> 4. Process </h2>
-<h3> <a name="4.1"> 4.1 </a> Standard of Organisation Assurance </h3>
+<h3 id="s4.1"> 4.1 Standard of Organisation Assurance </h3>
<p>
The essential standard of Organisation Assurance is:
</p>
@@ -276,7 +296,7 @@ The essential standard of Organisation Assurance is:
requestor can sign on behalf of the organisation.
</li><li>
the organisation has agreed to the terms of the
- Registered User Agreement,
+ CAcert Community Agreement
and is therefore subject to Arbitration.
</li></ol>
@@ -285,7 +305,7 @@ The essential standard of Organisation Assurance is:
are stated in the SubPol.
</p>
-<h3> <a name="4.2"> 4.2 </a> COAP </h3>
+<h3 id="s4.2"> 4.2 COAP </h3>
<p>
The COAP form documents the checks and the resultant
assurance results to meet the standard.
@@ -302,12 +322,13 @@ Additional information to be provided on form:
<li>additional contact information (as required by SubPol).</li>
</ol>
</li><li>
- administrator account names (1 or more)
+ administrator account name(s) (1 or more)
</li><li>
domain name(s)
</li><li>
- Agreement with registered user agreement.
- Statement and initials box for organsation
+ Agreement with
+ CAcert Community Agreement.
+ Statement and initials box for organisation
and also for OA.
</li><li>
Date of completion of Assurance.
@@ -322,17 +343,17 @@ and indication provided that the English is the
ruling language (due to Arbitration requirements).
</p>
-<h3> <a name="4.3"> 4.3 </a> Jurisdiction </h3>
+<h3 id="s4.3"> 4.3 Jurisdiction </h3>
<p>
Organisation Assurances are carried out by
-CAcert Inc under its Arbitration jurisdiction.
+CAcert Inc. under its Arbitration jurisdiction.
Actions carried out by OAs are under this regime.
</p>
<ol type="a"><li>
The organisation has agreed to the terms of the
- Registered User Agreement,
+ CAcert Community Agreement.
</li><li>
The organisation, the Organisation Assurers, CAcert and
other related parties are bound into CAcert's jurisdiction
@@ -340,12 +361,13 @@ Actions carried out by OAs are under this regime.
</li><li>
The OA is responsible for ensuring that the
organisation reads, understands, intends and
- agrees to the registered user agreement.
+ agrees to the
+ CAcert Community Agreement.
This OA responsibility should be recorded on COAP
(statement and initials box).
</li></ol>
-<h2> <a name="5"> 5. </a> Exceptions </h2>
+<h2 id="s5"> 5. Exceptions </h2>
<ol type="a"><li>
@@ -375,5 +397,6 @@ Actions carried out by OAs are under this regime.
E.g., registration as DBA or holding of registered trade mark.
This means that the anglo law tradition of unregistered DBAs
is not accepted without further proof.
-</li></ol>
-
+ </li></ol>
+</body>
+</html>
diff --git a/www/policy/PrivacyPolicy.html b/www/policy/PrivacyPolicy.html
index 6670e92..8aa0837 100644
--- a/www/policy/PrivacyPolicy.html
+++ b/www/policy/PrivacyPolicy.html
@@ -105,8 +105,8 @@ Governmental warrants and civil supoenas will be processed through the dispute r
<p>If you need to contact us in writing, address your mail to:</p>
<p>
CAcert Inc.<br>
-P.O. Box 4107<br>
-Denistone East NSW 2112<br>
+PO Box 66 <br>
+Oatley NSW 2223<br>
Australia
</p>
diff --git a/www/sqldump.php b/www/sqldump.php
index 9476f6f..f30b4d0 100644
--- a/www/sqldump.php
+++ b/www/sqldump.php
@@ -15,24 +15,24 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
- header("content-type: text/plain");
+ header("content-type: text/plain");
?>
# CAcert SQL Dump
-# version 0.0.2
+# version 0.0.3
#
# Generation Time: <?=date('r')?>
#
# Database: `cacert`
#
<?
- $tables = mysql_list_tables('cacert');
- while(list($table_name) = mysql_fetch_array($tables))
- {
- echo "# --------------------------------------------------------\n\n";
- echo "#\n# Table structure for table `$table_name`\n#\n\n";
+ $tables = mysql_query("SHOW TABLES");
+ while(list($table_name) = mysql_fetch_array($tables))
+ {
+ echo "# --------------------------------------------------------\n\n";
+ echo "#\n# Table structure for table `$table_name`\n#\n\n";
- echo "DROP TABLE IF EXISTS `$table_name`;\n";
- $create = mysql_fetch_assoc(mysql_query("SHOW CREATE TABLE `cacert`.`$table_name`"));
- echo $create['Create Table'].";\n\n";
- }
+ echo "DROP TABLE IF EXISTS `$table_name`;\n";
+ $create = mysql_fetch_assoc(mysql_query("SHOW CREATE TABLE `$table_name`"));
+ echo $create['Create Table'].";\n\n";
+ }
?>
diff --git a/www/stats.php b/www/stats.php
index 93f693e..d4d892d 100644
--- a/www/stats.php
+++ b/www/stats.php
@@ -1,268 +1,159 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
- define('MAX_CACHE_TTL', 36000);
-
- loadem("index");
- showheader(_("Welcome to CAcert.org"));
-
- function tc($sql)
- {
- $row = mysql_fetch_assoc($sql);
- return($row['count']);
- }
-
- /**
- * writes new data to cache, create cache or update existing cache, set current
- * time stamp
- * @return boolean
- */
- function updateCache($stats) {
- $sql = 'insert into statscache (timestamp, cache) values ("' . time() . '", ' .
- '"' . mysql_real_escape_string(serialize($stats)) . '")';
- mysql_query($sql);
- }
-
- /**
- * get statistics data from current cache, return result of getDataFromLive if no cache file exists
- * @return array
- */
- function getData() {
- $sql = 'select * from statscache order by timestamp desc limit 1';
- $res = mysql_query($sql);
- if ($res && mysql_numrows($res) > 0) {
- $ar = mysql_fetch_assoc($res);
- $stats = unserialize($ar['cache']);
- $stats['timestamp'] = $ar['timestamp'];
- if ($ar['timestamp'] + MAX_CACHE_TTL < time())
- {
- $stats=getDataFromLive();
- updateCache($stats);
- }
- return $stats;
- }
- $stats=getDataFromLive();
- updateCache($stats);
- return $stats;
- }
-
- /**
- * get statistics data from live tables, takes a long time so please try to use the
- * cache
- * @return array
- */
- function getDataFromLive() {
- $stats = array();
- $stats['verified_users'] = number_format(tc(mysql_query("select count(`id`) as `count` from `users` where `verified`=1")));
- $stats['verified_emails'] = number_format(tc(mysql_query("select count(`id`) as `count` from `email` where `hash`='' and `deleted`=0")));
- $stats['verified_domains'] = number_format(tc(mysql_query("select count(`id`) as `count` from `domains` where `hash`='' and `deleted`=0")));
- $certs = tc(mysql_query("select count(`id`) as `count` from `domaincerts`"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `emailcerts`"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `gpg`"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `orgdomaincerts`"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `orgemailcerts`"));
- $stats['verified_certificates'] = number_format($certs);
- $certs = tc(mysql_query("select count(`id`) as `count` from `domaincerts` where `revoked`=0 and `expire`>NOW()"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `emailcerts` where `revoked`=0 and `expire`>NOW()"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `gpg` where `expire`<=NOW()"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `orgdomaincerts` where `revoked`=0 and `expire`>NOW()"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `orgemailcerts` where `revoked`=0 and `expire`>NOW()"));
- $stats['valid_certificates'] = number_format($certs);
- $stats['assurances_made'] = number_format(tc(mysql_query("select count(`id`) as `count` from `notary`")));
- $stats['users_1to49'] = number_format(mysql_num_rows(mysql_query("select `to` from `notary` group by `to` having sum(`points`) > 0 and sum(`points`) < 50")));
- $stats['users_50to99'] = number_format(mysql_num_rows(mysql_query("select `to` from `notary` group by `to` having sum(`points`) >= 50 and sum(`points`) < 100")));
- $stats['assurer_candidates'] = number_format(tc(mysql_query("select count(*) as `count` from `users` where ".
- "not exists(select 1 from `cats_passed` as `cp`, `cats_variant` as `cv` where `cp`.`user_id`=`users`.`id` and `cp`.`variant_id`=`cv`.`id` and `cv`.`type_id`=1) and ".
- "(select sum(`points`) from `notary` where `to`=`users`.`id`) >= 100")));
- $stats['aussurers_with_test'] = number_format(tc(mysql_query("select count(*) as `count` from `users` where ".
- "exists(select 1 from `cats_passed` as `cp`, `cats_variant` as `cv` where `cp`.`user_id`=`users`.`id` and `cp`.`variant_id`=`cv`.`id` and `cv`.`type_id`=1) and ".
- "(select sum(`points`) from `notary` where `to`=`users`.`id`) >= 100")));
- $stats['points_issued'] = number_format(tc(mysql_query("select sum(`points`) as `count` from `notary`")));
-
- $totalusers=0;
- $totassurers=0;
- $totalcerts=0;
- for($i = 0; $i < 12; $i++) {
- $tmp_arr = array();
- $tmp_arr['date'] = date("Y-m", mktime(0,0,0,date("m") - $i,1,date("Y")));
- $date = date("Y-m", mktime(0,0,0,date("m") - $i,1,date("Y")));
- $totalusers += $users = tc(mysql_query("select count(`id`) as `count` from `users` where `created` like '$date%' and `verified`=1"));
- $totassurers += $assurers = mysql_num_rows(mysql_query("select `to` from `notary` where `when` like '$date%' and `method`!='Administrative Increase' group by `to` having sum(`points`) >= 100"));
- $certs = tc(mysql_query("select count(`id`) as `count` from `domaincerts` where `created` like '$date%'"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `emailcerts` where `created` like '$date%'"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `gpg` where `issued` like '$date%'"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `orgdomaincerts` where `created` like '$date%'"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `orgemailcerts` where `created` like '$date%'"));
- $totalcerts += $certs;
-
- $tmp_arr['new_users'] = number_format($users);
- $tmp_arr['new_assurers'] = number_format($assurers);
- $tmp_arr['new_certificates'] = number_format($certs);
-
- $stats['growth_last_12m'][] = $tmp_arr;
- }
- $stats['growth_last_12m_total'] = array('new_users' => number_format($totalusers),
- 'new_assurers' => number_format($totassurers),
- 'new_certificates' => number_format($totalcerts));
-
- $totalcerts = 0;
- $totalusers = 0;
- $totassurers = 0;
- for($i = date("Y"); $i >= 2002; $i--) {
- $tmp_arr = array();
- $tmp_arr['date'] = $i;
- $totalusers += $users = tc(mysql_query("select count(`id`) as `count` from `users` where `created` like '$i%' and `verified`=1"));
- $totassurers += $assurers = mysql_num_rows(mysql_query("select `to` from `notary` where `when` like '$i%' and `method`!='Administrative Increase' group by `to` having sum(`points`) >= 100"));
- $certs = tc(mysql_query("select count(`id`) as `count` from `domaincerts` where `created` like '$i%'"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `emailcerts` where `created` like '$i%'"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `gpg` where `issued` like '$i%'"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `orgdomaincerts` where `created` like '$i%'"));
- $certs += tc(mysql_query("select count(`id`) as `count` from `orgemailcerts` where `created` like '$i%'"));
- $totalcerts += $certs;
-
- $tmp_arr['new_users'] = number_format($users);
- $tmp_arr['new_assurers'] = number_format($assurers);
- $tmp_arr['new_certificates'] = number_format($certs);
-
- $stats['growth_last_years'][] = $tmp_arr;
- }
- $stats['growth_last_years_total'] = array('new_users' => number_format($totalusers),
- 'new_assurers' => number_format($totassurers),
- 'new_certificates' => number_format($totalcerts));
-
- return $stats;
- }
-
- $stats = getData();
-?>
-<h1>CAcert.org <?=_("Statistics")?></h1>
-
-<table align="center" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title">CAcert.org <?=_("Statistics")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Verified Users")?>:</td>
- <td class="DataTD"><?=$stats['verified_users'];?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Verified Emails")?>:</td>
- <td class="DataTD"><?=$stats['verified_emails'];?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Verified Domains")?>:</td>
- <td class="DataTD"><?=$stats['verified_domains'];?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Certificates Issued")?>:</td>
- <td class="DataTD"><?=$stats['verified_certificates'];?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Valid Certificates")?>:</td>
- <td class="DataTD"><?=$stats['valid_certificates'];?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Assurances Made")?>:</td>
- <td class="DataTD"><?=$stats['assurances_made'];?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Users with 1-49 Points")?>:</td>
- <td class="DataTD"><?=$stats['users_1to49'];?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Users with 50-99 Points")?>:</td>
- <td class="DataTD"><?=$stats['users_50to99'];?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Assurer Candidates")?>:</td>
- <td class="DataTD"><?=$stats['assurer_candidates'];?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Assurers with test")?>:</td>
- <td class="DataTD"><?=$stats['aussurers_with_test'];?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Points Issued")?>:</td>
- <td class="DataTD"><?=$stats['points_issued'];?></td>
- </tr>
-</table>
-<br>
-<table align="center" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="4" class="title">CAcert.org <?=_("Growth in the last 12 months")?></td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("Date")?></b>
- <td class="DataTD"><b><?=_("New Users")?></b>
- <td class="DataTD"><b><?=_("New Assurers")?></b>
- <td class="DataTD"><b><?=_("New Certificates")?></b>
- </tr>
-<?
- for($i = 0; $i < 12; $i++) {
-?>
- <tr>
- <td class="DataTD"><?=$stats['growth_last_12m'][$i]['date'];?></td>
- <td class="DataTD"><?=$stats['growth_last_12m'][$i]['new_users'];?></td>
- <td class="DataTD"><?=$stats['growth_last_12m'][$i]['new_assurers'];?></td>
- <td class="DataTD"><?=$stats['growth_last_12m'][$i]['new_certificates'];?></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD">N/A</td>
- <td class="DataTD"><?=$stats['growth_last_12m_total']['new_users'];?></td>
- <td class="DataTD"><?=$stats['growth_last_12m_total']['new_assurers'];?></td>
- <td class="DataTD"><?=$stats['growth_last_12m_total']['new_certificates'];?></td>
- </tr>
-</table>
-<br>
-<table align="center" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="4" class="title">CAcert.org <?=_("Growth by year")?></td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("Date")?></b>
- <td class="DataTD"><b><?=_("New Users")?></b>
- <td class="DataTD"><b><?=_("New Assurers")?></b>
- <td class="DataTD"><b><?=_("New Certificates")?></b>
- </tr>
-<?
- for($i = 0; $i < count($stats['growth_last_years']); $i++) {
-?>
- <tr>
- <td class="DataTD"><?=$stats['growth_last_years'][$i]['date'];?></td>
- <td class="DataTD"><?=$stats['growth_last_years'][$i]['new_users'];?></td>
- <td class="DataTD"><?=$stats['growth_last_years'][$i]['new_assurers'];?></td>
- <td class="DataTD"><?=$stats['growth_last_years'][$i]['new_certificates'];?></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD">N/A</td>
- <td class="DataTD"><?=$stats['growth_last_years_total']['new_users'];?></td>
- <td class="DataTD"><?=$stats['growth_last_years_total']['new_assurers'];?></td>
- <td class="DataTD"><?=$stats['growth_last_years_total']['new_certificates'];?></td>
- </tr>
-</table>
-<br>
-<?php
- if (isset($stats['timestamp'])) {
-?>
-<div style="text-align: center;font-size: small;"><?=_("Statistical data from cache, created at ") . date('Y-m-d H:i:s', $stats['timestamp']);?></div>
-<?php
- }
-?>
-<? showfooter(); ?>
-
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+ loadem("index");
+ showheader(_("Welcome to CAcert.org"));
+
+ /**
+ * get statistics data from current cache, return result of getDataFromLive if no cache file exists
+ * @return array
+ */
+ function getData() {
+ $sql = 'select * from `statscache` order by `timestamp` desc limit 1';
+ $res = mysql_query($sql);
+ if ($res && mysql_numrows($res) > 0) {
+ $ar = mysql_fetch_assoc($res);
+ $stats = unserialize($ar['cache']);
+ $stats['timestamp'] = $ar['timestamp'];
+ return $stats;
+ }
+
+ return null;
+ }
+
+ $stats = getData();
+ if ($stats === null) {
+ echo '<p>', _("Error while retrieving the statistics!"), '</p>';
+ showfooter();
+ die();
+ }
+?>
+<h1>CAcert.org <?=_("Statistics")?></h1>
+
+<table align="center" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title">CAcert.org <?=_("Statistics")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Verified Users")?>:</td>
+ <td class="DataTD"><?=$stats['verified_users'];?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Verified Emails")?>:</td>
+ <td class="DataTD"><?=$stats['verified_emails'];?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Verified Domains")?>:</td>
+ <td class="DataTD"><?=$stats['verified_domains'];?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Certificates Issued")?>:</td>
+ <td class="DataTD"><?=$stats['verified_certificates'];?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Valid Certificates")?>:</td>
+ <td class="DataTD"><?=$stats['valid_certificates'];?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Assurances Made")?>:</td>
+ <td class="DataTD"><?=$stats['assurances_made'];?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Users with 1-49 Points")?>:</td>
+ <td class="DataTD"><?=$stats['users_1to49'];?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Users with 50-99 Points")?>:</td>
+ <td class="DataTD"><?=$stats['users_50to99'];?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Assurer Candidates")?>:</td>
+ <td class="DataTD"><?=$stats['assurer_candidates'];?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Assurers with test")?>:</td>
+ <td class="DataTD"><?=$stats['aussurers_with_test'];?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Points Issued")?>:</td>
+ <td class="DataTD"><?=$stats['points_issued'];?></td>
+ </tr>
+</table>
+<br>
+<table align="center" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="4" class="title">CAcert.org <?=_("Growth in the last 12 months")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("Date")?></b>
+ <td class="DataTD"><b><?=_("New Users")?></b>
+ <td class="DataTD"><b><?=_("New Assurers")?></b>
+ <td class="DataTD"><b><?=_("New Certificates")?></b>
+ </tr>
+<?
+ for($i = 0; $i < 12; $i++) {
+?>
+ <tr>
+ <td class="DataTD"><?=$stats['growth_last_12m'][$i]['date'];?></td>
+ <td class="DataTD"><?=$stats['growth_last_12m'][$i]['new_users'];?></td>
+ <td class="DataTD"><?=$stats['growth_last_12m'][$i]['new_assurers'];?></td>
+ <td class="DataTD"><?=$stats['growth_last_12m'][$i]['new_certificates'];?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><?=_("Total")?></td>
+ <td class="DataTD"><?=$stats['growth_last_12m_total']['new_users'];?></td>
+ <td class="DataTD"><?=$stats['growth_last_12m_total']['new_assurers'];?></td>
+ <td class="DataTD"><?=$stats['growth_last_12m_total']['new_certificates'];?></td>
+ </tr>
+</table>
+<br>
+<table align="center" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="4" class="title">CAcert.org <?=_("Growth by year")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("Date")?></b>
+ <td class="DataTD"><b><?=_("New Users")?></b>
+ <td class="DataTD"><b><?=_("New Assurers")?></b>
+ <td class="DataTD"><b><?=_("New Certificates")?></b>
+ </tr>
+<?
+ for($i = 0; $i < count($stats['growth_last_years']); $i++) {
+?>
+ <tr>
+ <td class="DataTD"><?=$stats['growth_last_years'][$i]['date'];?></td>
+ <td class="DataTD"><?=$stats['growth_last_years'][$i]['new_users'];?></td>
+ <td class="DataTD"><?=$stats['growth_last_years'][$i]['new_assurers'];?></td>
+ <td class="DataTD"><?=$stats['growth_last_years'][$i]['new_certificates'];?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><?=_("Total")?></td>
+ <td class="DataTD"><?=$stats['growth_last_years_total']['new_users'];?></td>
+ <td class="DataTD"><?=$stats['growth_last_years_total']['new_assurers'];?></td>
+ <td class="DataTD"><?=$stats['growth_last_years_total']['new_certificates'];?></td>
+ </tr>
+</table>
+<br>
+
+<div style="text-align: center;font-size: small;"><?
+ printf(_("Last updated: %s"), date('Y-m-d H:i:s', $stats['timestamp']));?>
+</div>
+
+<? showfooter(); ?>
diff --git a/www/styles/default.css b/www/styles/default.css
index 9fdd85c..4ddfbba 100644
--- a/www/styles/default.css
+++ b/www/styles/default.css
@@ -6,20 +6,22 @@
/***********************************************/
/* HTML tag styles */
/***********************************************/
-body{
+
+body {
font-family: Arial,sans-serif;
color: #333333;
- line-height: 1.166;
+ line-height: 1.166;
margin: 0px;
padding: 0px;
- background: #cccccc;
-/* url("/siteimages/bg_grad.jpg") fixed; */
+ background: #cccccc;
+/* url("/siteimages/bg_grad.jpg") fixed; */
}
+
/******* hyperlink and anchor tag styles *******/
a:link, a:visited {
- color: #005FA9;
+ color: #005fa9;
text-decoration: none;
}
@@ -27,87 +29,95 @@ a:hover {
text-decoration: underline;
}
+
/************** header tag styles **************/
-h1{
- font: bold 120% Arial,sans-serif;
- color: #334d55;
- margin: 0px;
- padding: 0px;
+h1 {
+ font: bold 120% Arial ,sans-serif;
+ color: #334d55;
+ margin: 0px;
+ padding: 0px;
}
-h2{
- font: bold 114% Arial,sans-serif;
- color: #006699;
- margin: 0px;
- padding: 0px;
+h2 {
+ font: bold 114% Arial ,sans-serif;
+ color: #006699;
+ margin: 0px;
+ padding: 0px;
}
-h3{
- font: bold 100% Arial,sans-serif;
- color: #334d55;
- margin: 0px;
- padding: 0px;
+h3 {
+ font: bold 100% Arial ,sans-serif;
+ color: #334d55;
+ margin: 0px;
+ padding: 0px;
}
-h3.pointer{
- cursor: pointer;
- /* cursor: hand; */
+h3.pointer {
+ cursor: pointer;
+ /* cursor: hand; */
}
-h4{
- font: bold 100% Arial,sans-serif;
- color: #333333;
- margin: 0px;
- padding: 0px;
+h4 {
+ font: bold 100% Arial ,sans-serif;
+ color: #333333;
+ margin: 0px;
+ padding: 0px;
}
-h5{
- font: 100% Arial,sans-serif;
- color: #334d55;
- margin: 0px;
- padding: 0px;
+h5 {
+ font: 100% Arial ,sans-serif;
+ color: #334d55;
+ margin: 0px;
+ padding: 0px;
}
/*************** list tag styles ***************/
ul.menu {
-list-style: none;
-margin :0px 0px 0px 15px;
-padding-left: 5px;
-border-left: 1px dotted #000;
+ list-style: none;
+ margin: 0px 0px 0px 15px;
+ padding-left: 5px;
+ border-left: 1px dotted #000;
}
ul.top {
-list-style: none;
-margin: 0px 0px 0px 15px;
-padding-left: 5px;
-border-left: 0px;
+ list-style: none;
+ margin: 0px 0px 0px 15px;
+ padding-left: 5px;
+ border-left: 0px;
+}
+
+ul.no_indent {
+ list-style: none;
+ padding: 0px;
}
-ul {
-list-style: none;
-margin: 0px 0px 0px 15px;
-padding-left: 5px;
-border-left: 1px dotted #000;
+.attach_ul {
+ margin-bottom: 0px;
}
+.attach_ul + ul {
+ margin-top: 0px;
+}
+
+
/***********************************************/
/* Layout Divs */
/***********************************************/
-#pagecell1{
- position:absolute;
+
+#pagecell1 {
+ position: absolute;
top: 2%;
left: 2%;
right: 2%;
width: 96%;
background-color: #ffffff;
-
}
#tl {
- position:absolute;
+ position: absolute;
top: -1px;
left: -1px;
margin: 0px;
@@ -116,7 +126,7 @@ border-left: 1px dotted #000;
}
#tr {
- position:absolute;
+ position: absolute;
top: -1px;
right: -1px;
margin: 0px;
@@ -124,43 +134,43 @@ border-left: 1px dotted #000;
z-index: 100;
}
-#masthead{
+#masthead {
position: absolute;
top: 0px;
left: 2%;
right: 2%;
- width:95.6%;
-
+ width: 95.6%;
}
-#pageNav{
+#pageNav {
float: right;
- width:178px;
+ width: 178px;
padding: 0px;
background-color: #F5f7f7;
border-left: 1px solid #cccccc;
font: small Verdana,sans-serif;
}
-#content{
+#content {
padding: 0px 10px 0px 0px;
- margin:0px 178px 0px 0px;
+ margin: 0px 178px 0px 0px;
}
/***********************************************/
/* Component Divs */
/***********************************************/
-#siteName{
+#siteName {
margin: 0px;
padding: 16px 0px 8px 0px;
color: #ffffff;
font-weight: normal;
}
+
/************** utility styles *****************/
-#utility{
+#utility {
font: 75% Verdana,sans-serif;
position: absolute;
top: 16px;
@@ -168,7 +178,7 @@ border-left: 1px dotted #000;
color: #919999;
}
-#utility a{
+#utility a {
color: #ffffff;
}
@@ -176,46 +186,48 @@ border-left: 1px dotted #000;
text-decoration: underline;
}
+
/************** pageName styles ****************/
-#pageName{
+#pageName {
padding: 0px 0px 14px 10px;
margin: 0px;
- border-bottom:1px solid #ccd2d2;
+ border-bottom: 1px solid #ccd2d2;
z-index: 2;
}
-#pageName h2{
+#pageName h2 {
font: bold 175% Arial,sans-serif;
color: #000000;
- margin:0px;
+ margin: 0px;
padding: 0px;
}
+
/*
#pageLogo {
- position: absolute;
- top: 8px;
- left: 10px;
- z-index: 5;
+ position: absolute;
+ top: 8px;
+ left: 10px;
+ z-index: 5;
}
*/
+
/************* globalNav styles ****************/
-#globalNav{
-position: relative;
-width: 100%;
-min-width: 640px;
-height: 32px;
-color: #cccccc;
-padding: 0px;
-margin: 0px;
-background-image: url("siteimages/glbnav_background.gif");
+#globalNav {
+ position: relative;
+ width: 100%;
+ min-width: 640px;
+ height: 32px;
+ color: #cccccc;
+ padding: 0px;
+ margin: 0px;
+ background-image: url("siteimages/glbnav_background.gif");
}
-#globalNav img{
+#globalNav img {
margin-bottom: -4px;
-
}
#gnl {
@@ -230,7 +242,7 @@ background-image: url("siteimages/glbnav_background.gif");
right:0px;
}
-#globalLink{
+#globalLink {
position: absolute;
top: 6px;
height: 22px;
@@ -243,24 +255,27 @@ background-image: url("siteimages/glbnav_background.gif");
a.glink, a.glink:visited {
- font-size: small;
- color: #000000;
+ font-size: small;
+ color: #000000;
font-weight: bold;
margin: 0px;
padding: 2px 5px 4px 5px;
- border-right: 1px solid #8FB8BC;
+ border-right: 1px solid #8fb8bc;
}
a.glink:hover {
- background-image: url("siteimages/glblnav_selected.gif");
+ background-image: url("siteimages/glblnav_selected.gif");
text-decoration: none;
}
-.skipLinks {display: none;}
+.skipLinks {
+ display: none;
+}
+
/************ subglobalNav styles **************/
-.subglobalNav{
+.subglobalNav {
position: absolute;
top: 84px;
left: 0px;
@@ -281,13 +296,15 @@ a.glink:hover {
color: #cccccc;
}
+
/*************** search styles *****************/
/*
#listshow {
z-order: 101;
}
*/
-#search{
+
+#search {
position: absolute;
top: 125px;
right: 0px;
@@ -302,46 +319,46 @@ a.glink:hover {
font-size: 11px;
}
-#search1{
+#search1 {
position: absolute;
top: 85px;
right: 300px;
}
-#search2{
+#search2 {
position: absolute;
top: 100px;
right: 300px;
}
-#search3{
+#search3 {
position: absolute;
top: 85px;
right: 240px;
}
-#search4{
+#search4 {
position: absolute;
top: 100px;
right: 226px;
}
-#googlead{
+#googlead {
position: absolute;
top: 5px;
right: 0px;
z-index: -10;
}
-#search input{
- font-size: 70%;
- margin: 0px 0px 0px 10px;
+#search input {
+ font-size: 70%;
+ margin: 0px 0px 0px 10px;
}
-
+
#search a:link, #search a:visited {
font-size: 80%;
font-weight: bold;
-
+
}
#search a:hover {
@@ -351,40 +368,42 @@ a.glink:hover {
/************* breadCrumb styles ***************/
-#breadCrumb{
+#breadCrumb {
padding: 5px 0px 5px 10px;
font: small Verdana,sans-serif;
- color: #AAAAAA;
+ color: #aaaaaa;
}
-#breadCrumb a{
- color: #AAAAAA;
+#breadCrumb a {
+ color: #aaaaaa;
}
#breadCrumb a:hover {
- color: #005FA9;
+ color: #005fa9;
text-decoration: underline;
}
/************** feature styles *****************/
-.feature{
+.feature {
padding: 0px 0px 10px 10px;
font-size: 80%;
min-height: 200px;
height: 200px;
}
-.feature {height: auto;}
+.feature {
+ height: auto;
+}
-.feature h3{
+.feature h3 {
font: bold 175% Arial,sans-serif;
color: #000000;
padding: 30px 0px 5px 0px;
}
-.feature img{
+.feature img {
float: left;
padding: 0px 10px 0px 0px;
}
@@ -398,19 +417,15 @@ a.glink:hover {
min-height: 450px;
}
-.story h3{
+.story h3 {
font: bold 125% Arial,sans-serif;
color: #000000;
}
-.story p {
- padding: 0px 0px 10px 0px;
-}
-
-.story a.capsule{
+.story a.capsule {
font: bold 1em Arial,sans-serif;
color: #005FA9;
- display:block;
+ display: block;
padding-bottom: 5px;
}
@@ -418,14 +433,14 @@ a.glink:hover {
text-decoration: underline;
}
-td.storyLeft{
+td.storyLeft {
padding-right: 12px;
}
/************** siteInfo styles ****************/
-#siteInfo{
+#siteInfo {
clear: both;
border-top: 1px solid #cccccc;
font-size: small;
@@ -433,15 +448,15 @@ td.storyLeft{
padding: 10px 10px 10px 10px;
}
+
/************ sectionLinks styles **************/
-#sectionLinks{
+#sectionLinks {
margin: 0px;
padding: 0px;
-
}
-#sectionLinks h3{
+#sectionLinks h3 {
padding: 10px 0px 2px 10px;
border-bottom: 1px solid #cccccc;
}
@@ -450,7 +465,7 @@ td.storyLeft{
display: block;
border-top: 1px solid #ffffff;
border-bottom: 1px solid #cccccc;
- background-image: url("siteimages/bg_nav.jpg");
+ background-image: url("siteimages/bg_nav.jpg");
font-weight: bold;
padding: 3px 0px 3px 10px;
color: #21536A;
@@ -467,85 +482,99 @@ td.storyLeft{
/************* relatedLinks styles **************/
-.relatedLinks{
+.relatedLinks {
margin: 0px;
padding: 0px 0px 10px 10px;
border-bottom: 1px solid #cccccc;
}
-.relatedLinks h3{
+.relatedLinks h3 {
padding: 10px 0px 2px 0px;
}
-.relatedLinks a{
- display: block;
+.relatedLinks a {
+ display: block;
}
/**************** advert styles *****************/
-#advert{
+#advert {
padding: 10px;
}
-#advert img{
+#advert img {
display: block;
}
+
/********************* end **********************/
.DataTD input, .DataTD textarea {
- FONT-SIZE: 92%;
+ font-size: 92%;
}
.DataTD select, .DataTD option {
- FONT-SIZE: 92%;
+ font-size: 92%;
}
.DataTD {
- background-color: #E2E2E2;
+ background-color: #e2e2e2;
border-style: inset;
border-width: 1px;
- FONT-SIZE: 8pt;
- COLOR: #000000;
- FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica, sans-serif;
+ font-size: 8pt;
+ color: #000000;
+ font-family: Arial, Tahoma, Verdana, Helvetica, sans-serif;
background: #ffffff;
padding: 1px 5px 1px 5px;
- border: 1px #CFCFCF solid;
- border-left: 1px #CFCFCF dotted;
- border-right: 1px #CFCFCF dotted;
+ border: 1px #cfcfcf solid;
+ border-left: 1px #cfcfcf dotted;
+ border-right: 1px #cfcfcf dotted;
}
.DataTDGrey {
background-color: #EFEDED;
border-style: inset;
border-width: 1px;
- FONT-SIZE: 8pt;
- COLOR: #000000;
- FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica, sans-serif;
+ font-size: 8pt;
+ color: #000000;
+ font-family: Arial, Tahoma, Verdana, Helvetica, sans-serif;
padding: 1px 5px 1px 5px;
border: 1px #CFCFCF solid;
- border-left: 1px #CFCFCF dotted;
- border-right: 1px #CFCFCF dotted;
+ border-left: 1px #cfcfcf dotted;
+ border-right: 1px #cfcfcf dotted;
}
.DataTDNotDotted {
- background-color: #E2E2E2;
+ background-color: #e2e2e2;
border-style: inset;
border-width: 1px;
- FONT-SIZE: 8pt;
- COLOR: #000000;
- FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica, sans-serif;
+ font-size: 8pt;
+ color: #000000;
+ font-family: Arial, Tahoma, Verdana, Helvetica, sans-serif;
background: #ffffff;
padding: 1px 5px 1px 5px;
border: 1px #CFCFCF solid;
- border-left: 1px #CFCFCF solid;
- border-right: 1px #CFCFCF solid;
+ border-left: 1px #cfcfcf solid;
+ border-right: 1px #cfcfcf solid;
}
+.DataTDError {
+ border-style: inset;
+ border-width: 1px;
+ font-size: 8pt;
+ color: #ff0000;
+ font-family: Arial, Tahoma, Verdana, Helvetica, sans-serif;
+
+ background: #ffffff;
+ padding: 1px 5px 1px 5px;
+ border: 1px #cfcfcf solid;
+ border-left: 1px #cfcfcf dotted;
+ border-right: 1px #cfcfcf dotted;
+}
.wrapper {
border-collapse: collapse;
font-family: verdana, sans-serif;
@@ -554,100 +583,147 @@ td.storyLeft{
}
td.greytxt {
- color: #CCCCCC;
+ color: #cccccc;
font-size: smaller;
text-align: right;
vertical-align: bottom;
}
-
+.bold, .primaryemailaddress {
+ font-weight:bold;
+}
+.italic, .deletedemailaddress {
+ font-style:italic;
+}
.title {
- background: #E2E2E2;
- font-weight:BOLD;
+ background: #e2e2e2;
+ font-weight: bold;
padding: 1px 5px 1px 5px;
- border: 1px solid #CFCFCF;
- border-bottom: 3px double #CFCFCF;
+ border: 1px solid #cfcfcf;
+ border-bottom: 3px double #cfcfcf;
border-top: 1px solid #656565;
text-align: center;
}
.errmsg {
- font-weight: BOLD;
+ font-weight: bold;
color: #FF0000;
}
-.ac_menu
-{
- border:1px solid black
+.ac_menu {
+ border: 1px solid black
}
-.ac_normal
-{
- background-color:#ffffff;
- cursor:pointer;
+
+.ac_normal {
+ background-color: #ffffff;
+ cursor: pointer;
}
-.ac_highlight
-{
- background-color:#3366cc;
- color:white;
- cursor:pointer;
+
+.ac_highlight {
+ background-color: #3366cc;
+ color: white;
+ cursor: pointer;
}
-.ac_normal .a
-{
- font-size:13px;
- color:black;
+
+.ac_normal .a {
+ font-size: 13px;
+ color: black;
}
-.ac_highlight .a
-{
- font-size:13px;
+
+.ac_highlight .a {
+ font-size: 13px;
}
-.ac_normal .d
-{
- float:right;
- font-size:10px;
- color:green;
+
+.ac_normal .d {
+ float: right;
+ font-size: 10px;
+ color: green;
}
-.ac_highlight .d
-{
- float:right;
- font-size:10px;
+
+.ac_highlight .d {
+ float: right;
+ font-size: 10px;
}
+
/************** sponsorInfo styles ****************/
div.sponsorinfo {
- clear: both;
- border-top: 1px solid #cccccc;
- font-size: small;
- color: #000000;
- padding: 10px 10px 10px 10px;
+ clear: both;
+ border-top: 1px solid #cccccc;
+ font-size: small;
+ color: #000000;
+ padding: 10px 10px 10px 10px;
}
img.sponsorlogo {
- margin-left: 10px;
- margin-right: 10px;
- border: 0px none;
- vertical-align: middle;
+ margin-left: 10px;
+ margin-right: 10px;
+ border: 0px none;
+ vertical-align: middle;
}
+
/************ Newsbox *************/
-#lnews { /* class for the text "Latest News" */
- font-size: small;
- font-variant: small-caps;
+#lnews { /* class for the text "Latest News" */
+ font-size: small;
+ font-variant: small-caps;
}
div.newsbox {
- border-top: 1px solid #cccccc;
- color: #101010;
- padding: 10px 10px 10px 10px;
+ border-top: 1px solid #cccccc;
+ color: #101010;
+ padding: 10px 10px 10px 10px;
}
+
/************ SQL Performance ***********/
div.footerbar {
- clear: both;
- border-top: 1px solid #cccccc;
- font-size: small;
- color: black;
- padding: 10px 10px 10px 10px;
+ clear: both;
+ border-top: 1px solid #cccccc;
+ font-size: small;
+ color: black;
+ padding: 10px 10px 10px 10px;
}
+
+/************ Honeypot ***********/
+
+.robotic {
+ display: none;
+}
+
+
+/************ unicode fallbacks ***********/
+
+/* Some embedding of font */
+@font-face {
+ font-family: 'Source Code Pro';
+ src: local('Source Code Pro');
+/* src: url(/res/fonts/SourceCodePro-Medium.ttf); */
+}
+
+@font-face {
+ font-family: 'Last Resort';
+ src: local('LastResort');
+/* src: url(/res/fonts/LastResort.ttf); */
+}
+
+.accountdetail {
+ font-family: 'Source Code Pro', 'Lucida Console', 'Arial Unicode MS', monospace, 'Last Resort';
+ font-size: 1.1em;
+}
+
+.accountdetail.fname {
+}
+
+.accountdetail.mname {
+}
+
+.accountdetail.lname {
+ font-weight: bold;
+}
+
+.accountdetail.suffix {
+}
diff --git a/www/wot.php b/www/wot.php
index 3747a67..35dce1f 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -18,6 +18,8 @@
<?
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
+require_once("../includes/notary.inc.php");
+
function show_page($target,$message,$error)
{
@@ -86,34 +88,32 @@ function send_reminder()
{
$body = "";
$my_translation = L10n::get_translation();
-
+
$_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
-
+
$reminder_translations[] = $_POST['reminder-lang'];
if ( !in_array("en", $reminder_translations, $strict=true) ) {
$reminder_translations[] = "en";
}
-
+
foreach ($reminder_translations as $translation) {
L10n::set_translation($translation);
-
+
$body .= L10n::$translations[$translation].":\n\n";
$body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team")."\n\n";
}
-
+
L10n::set_translation($reminder_translations[0]); // for the subject
sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
-
+
L10n::set_translation($my_translation);
-
+
$_SESSION['_config']['remindersent'] = 1;
$_SESSION['_config']['error'] = _("A reminder notice has been sent.");
}
-
-
loadem("account");
if(array_key_exists('date',$_POST) && $_POST['date'] != "")
$_SESSION['_config']['date'] = $_POST['date'];
@@ -121,13 +121,47 @@ function send_reminder()
if(array_key_exists('location',$_POST) && $_POST['location'] != "")
$_SESSION['_config']['location'] = $_POST['location'];
- $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
+ $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
if($oldid == 12)
$id = $oldid;
+ if($oldid == 4)
+ {
+ if ($_POST['ttp']!='') {
+ //This mail does not need to be translated
+ $body = "Hi TTP adminstrators,\n\n";
+ $body .= "User ".$_SESSION['profile']['fname']." ".
+ $_SESSION['profile']['lname']." with email address '".
+ $_SESSION['profile']['email']."' is requesting a TTP assurances for ".
+ mysql_escape_string(stripslashes($_POST['country'])).".\n\n";
+ if ($_POST['ttptopup']=='1') {
+ $body .= "The user is also requesting TTP TOPUP.\n\n";
+ }else{
+ $body .= "The user is NOT requesting TTP TOPUP.\n\n";
+ }
+ $body .= "The user received ".intval($_SESSION['profile']['points'])." assurance points up to today.\n\n";
+ $body .= "Please start the TTP assurance process.";
+ sendmail("support@cacert.org", "[CAcert.org] TTP request.", $body, "support@cacert.org", "", "", "CAcert Website");
+
+ //This mail needs to be translated
+ $body =_("You are receiving this email because you asked for TTP assurance.")."\n\n";
+ if ($_POST['ttptopup']=='1') {
+ $body .=_("You are requesting TTP TOPUP.")."\n\n";
+ }else{
+ $body .=_("You are NOT requesting TTP TOPUP.")."\n\n";
+ }
+ $body .= _("Best regards")."\n";
+ $body .= _("CAcert Support Team");
+
+ sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You requested TTP assurances"), $body, "support@cacert.org", "", "", "CAcert Support");
+
+ }
+
+ }
+
if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
- if (!is_assurer($_SESSION['profile']['id']))
+ if (!is_assurer($_SESSION['profile']['id']))
{
show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
exit;
@@ -154,7 +188,7 @@ function send_reminder()
$_SESSION['_config']['noemailfound'] = 1;
show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
exit;
- } else
+ } else
{
$_SESSION['_config']['noemailfound'] = 0;
$_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
@@ -163,6 +197,25 @@ function send_reminder()
show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
exit;
}
+ if ($_SESSION['profile']['ttpadmin'] != 1) {
+ $_SESSION['assuresomeone']['year'] = intval($_POST['year']);
+ $_SESSION['assuresomeone']['month'] = intval($_POST['month']);
+ $_SESSION['assuresomeone']['day'] = intval($_POST['day']);
+ $dob = sprintf('%04d-%02d-%02d', $_SESSION['assuresomeone']['year'], $_SESSION['assuresomeone']['month'], $_SESSION['assuresomeone']['day']);
+
+ if ( $_SESSION['_config']['notarise']['dob'] != $dob) {
+ show_page("EnterEmail","",_("The data entered is not matching with an account."));
+ exit;
+ }
+ }
+ }
+ $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) >= 1)
+ {
+ $_SESSION['_config']['noemailfound'] = 0;
+ show_page("EnterEmail","",_("This account is locked and can not be assured. For more information ask support@cacert.org."));
+ exit;
}
}
@@ -181,8 +234,8 @@ function send_reminder()
exit;
}
- $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
- `to`='".$_SESSION['_config']['notarise']['id']."'";
+ $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and
+ `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -193,42 +246,84 @@ function send_reminder()
if($oldid == 6)
{
-$iecho= "c";
+ $iecho= "c";
+ //date checks
+ if(trim($_REQUEST['date']) == '')
+ {
+ show_page("VerifyData","",_("You must enter the date when you met the assuree."));
+ exit;
+ }
+
+ if(!check_date_format(trim($_REQUEST['date'])))
+ {
+ show_page("VerifyData","",_("You must enter the date in this format: YYYY-MM-DD."));
+ exit;
+ }
+
+ if(!check_date_difference(trim($_REQUEST['date'])))
+ {
+ show_page("VerifyData","",_("You must not enter a date in the future."));
+ exit;
+ }
+
+ //proof of identity check and accept arbitration, implements CCA
if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
-/* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
+ //proof of CCA agreement by assuree after 2010-01-01
+ if((!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1) and (check_date_format(trim($_REQUEST['date']),2010)))
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
-*/
- if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
+ //assurance done according to rules
+ if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
- if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
+ //met assuree in person, not appliciable for TTP / TTP Topup assurances
+ if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_REQUEST['method'] != "Trusted 3rd Parties")
+ {
+ show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
+ exit;
+ }
+
+ //check location, min 3 characters
+ if(!array_key_exists('location',$_POST) || trim($_POST['location']) == "")
{
show_page("VerifyData","",_("You failed to enter a location of your meeting."));
exit;
}
- if($_REQUEST['points'] == "")
+ if(strlen(trim($_REQUEST['location']))<=2)
+ {
+ show_page("VerifyData","",_("You must enter a location with at least 3 characters eg town and country."));
+ exit;
+ }
+
+ //check for points in range 0-35, for nucleus 35 + 15 temporary
+ if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points']))
{
show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
exit;
}
- $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
+ if($_REQUEST['points'] <0 || ($_REQUEST['points']>35))
+ {
+ show_page("VerifyData","",_("The number of points you entered are out of the range given by policy."));
+ exit;
+ }
+
+ $query = "select * from `users` where `id`='".intval($_SESSION['_config']['notarise']['id'])."'";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
- $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
+ $name = sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])." ".sanitizeHTML($row['suffix']);
if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
{
show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
@@ -246,8 +341,8 @@ $iecho= "c";
$newpoints = $awarded = $max;
if($newpoints < 0)
$newpoints = $awarded = 0;
-
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
+
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0 group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
@@ -259,44 +354,44 @@ $iecho= "c";
$newpoints = $max - $drow['total'];
if($newpoints < 0)
$newpoints = 0;
-
- if(mysql_escape_string(stripslashes($_POST['date'])) == "")
+
+ if(mysql_real_escape_string(stripslashes($_POST['date'])) == "")
$_POST['date'] = date("Y-m-d H:i:s");
- $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
- `to`='".$_SESSION['_config']['notarise']['id']."' AND
- `awarded`='$awarded' AND
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
+ $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' AND
+ `to`='".intval($_SESSION['_config']['notarise']['id'])."' AND
+ `awarded`='".intval($awarded)."' AND
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."' AND
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."' AND
+ `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
- show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
+ show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
exit;
}
}
if($oldid == 6)
{
- $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
- `to`='".$_SESSION['_config']['notarise']['id']."',
- `points`='$newpoints', `awarded`='$awarded',
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
+ $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."',
+ `to`='".intval($_SESSION['_config']['notarise']['id'])."',
+ `points`='".intval($newpoints)."', `awarded`='".intval($awarded)."',
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
`when`=NOW()";
- if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
- {
- $query .= ",\n`method`='Temporary Increase'";
- $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
- $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
- } else if($_SESSION['profile']['board'] == 1) {
- $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
- } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
- $query .= ",\n`method`='Trusted Third Parties'";
+ //record active acceptance by Assurer
+ if (check_date_format(trim($_REQUEST['date']),2010)) {
+ write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);
+ write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']);
+ }
+ if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
+ $query .= ",\n`method`='TTP-Assisted'";
}
mysql_query($query);
fix_assurer_flag($_SESSION['_config']['notarise']['id']);
-
+ include_once("../includes/notary.inc.php");
+
if($_SESSION['profile']['points'] < 150)
{
$addpoints = 0;
@@ -304,21 +399,22 @@ $iecho= "c";
$addpoints = 2;
else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
$addpoints = 1;
- $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
- `to`='".$_SESSION['profile']['id']."',
- `points`='$addpoints', `awarded`='$addpoints',
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
+ $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."',
+ `to`='".intval($_SESSION['profile']['id'])."',
+ `points`='".intval($addpoints)."', `awarded`='".intval($addpoints)."',
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
`method`='Administrative Increase',
`when`=NOW()";
mysql_query($query);
+
// No need to fix_assurer_flag here, this should only happen for assurers...
$_SESSION['profile']['points'] += $addpoints;
}
$my_translation = L10n::get_translation();
L10n::set_translation($_SESSION['_config']['notarise']['language']);
-
+
$body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
if($_POST['points'] != $newpoints)
$body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
@@ -332,22 +428,13 @@ $iecho= "c";
if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
{
- $body .= _("You have at least 100 Assurance Points. If you want ".
- "to become an assurer try the Assurer Challenge").
- " ( https://cats.cacert.org ).\n\n";
- $body .= _("To make it easier for others in your area to find ".
- "you, it's helpful to list yourself as an assurer (this ".
- "is voluntary), as well as a physical location where you ".
- "live or work the most. You can flag your account to be ".
- "listed, and add a comment to the display by going to:")."\n";
+ $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the Assurer Challenge")." ( https://cats.cacert.org )\n\n";
+ $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n";
$body .= "https://www.cacert.org/wot.php?id=8\n\n";
$body .= _("You can list your location by going to:")."\n";
$body .= "https://www.cacert.org/wot.php?id=13\n\n";
}
- if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
- $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
-
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
@@ -361,51 +448,12 @@ $iecho= "c";
else
$body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
- if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
- $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
- if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
- {
- $my_translation = L10n::get_translation();
- L10n::set_translation('en_AU');
- $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
- sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
- L10n::set_translation($my_translation);
- }
-
- showheader(_("My CAcert.org Account!"));
- echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
-?><form method="post" action="wot.php">
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("Assure Someone")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
- </tr>
-</table>
-<input type="hidden" name="oldid" value="5">
-</form>
-<SCRIPT LANGUAGE="JavaScript">
-//<![CDATA[
- function my_init()
- {
- document.getElementById("email").focus();
- }
-
- window.onload = my_init();
-//]]>
-</script>
-<?
- showfooter();
+ show_page('EnterEmail', _("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this."));
exit;
}
@@ -413,7 +461,7 @@ $iecho= "c";
{
csrf_check("chgcontact");
- $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
+ $info = mysql_real_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
$listme = intval($_POST['listme']);
if($listme < 0 || $listme > 1)
$listme = 0;
@@ -421,7 +469,7 @@ $iecho= "c";
$_SESSION['profile']['listme'] = $listme;
$_SESSION['profile']['contactinfo'] = $info;
- $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
+ $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
showheader(_("My CAcert.org Account!"));
@@ -442,17 +490,17 @@ $iecho= "c";
$body = $_REQUEST['message'];
$subject = $_REQUEST['subject'];
$userid = intval($_REQUEST['userid']);
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
- $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
- where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
+ $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($userid)."' and `listme`=1"));
+ $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
+ where `to`='".intval($user['id'])."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
if($points > 0)
{
$my_translation = L10n::get_translation();
L10n::set_translation($user['language']);
-
+
$subject = "[CAcert.org] ".sprintf(_("Message from %s"),
$_SESSION['profile']['fname']);
-
+
$body = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
$body .= sprintf(_("%s %s has sent you a message via the ".
"contact an Assurer form on CAcert.org."),
@@ -468,19 +516,19 @@ $iecho= "c";
"abused, please write to support@cacert.org")."\n\n";
$body .= _("Best regards")."\n";
$body .= _("Your CAcert Community");
-
+
sendmail($user['email'], $subject, $body,
$_SESSION['profile']['email'], //from
"", //replyto
"", //toname
$_SESSION['profile']['fname']." ".
$_SESSION['profile']['lname']); //fromname
-
+
L10n::set_translation($my_translation);
-
+
showheader(_("My CAcert.org Account!"));?>
<p>
- <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
+ <? printf(_("Your email has been sent to %s."), sanitizeHTML($user['fname'])); ?>
</p>
<p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
<?
@@ -490,10 +538,10 @@ $iecho= "c";
show_page(0,"",_("Sorry, I was unable to locate that user."));
exit;
}
-
+
}
- }
- if($oldid == 9)
+ }
+ if($oldid == 9)
{
$oldid=0;
$id = 9;
generated by cgit v1.2.1 (git 2.18.0) at 2023-03-27 08:01:49 +0000