From 461cb4fa36ea02a5e83a1c8af93c916c2bacecce Mon Sep 17 00:00:00 2001
From: INOPIAE <inopiae@cacert.org>
Date: Sun, 26 Jan 2014 15:25:08 +0100
Subject: bug 1226: added dob to form assure someone wot/5.php, implemented
 check for dob match to account in not ttpadmin

---
 pages/wot/5.php | 47 ++++++++++++++++++++++++++++++++++++++++++++---
 pages/wot/6.php |  3 +++
 www/wot.php     | 13 ++++++++++++-
 3 files changed, 59 insertions(+), 4 deletions(-)

diff --git a/pages/wot/5.php b/pages/wot/5.php
index c1a6438..a9c3dcb 100644
--- a/pages/wot/5.php
+++ b/pages/wot/5.php
@@ -18,14 +18,24 @@
 	include_once("../includes/shutdown.php");
 	require_once("../includes/lib/l10n.php");
 ?>
-<? 
-  if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") 
+<?
+  if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
   {
     ?><font color="orange" size="+1">
       <? echo _("ERROR").": ".$_SESSION['_config']['error'] ?>
     </font>
     <?unset($_SESSION['_config']['error']);
-  } 
+  }
+
+  if (!isset($_SESSION['assuresomeone']['year'])) {
+      $_SESSION['assuresomeone']['year'] = '';
+  }
+  if (!isset($_SESSION['assuresomeone']['month'])) {
+      $_SESSION['assuresomeone']['month'] = '';
+  }
+  if (!isset($_SESSION['assuresomeone']['day'])) {
+      $_SESSION['assuresomeone']['day'] = '';
+  }
 ?>
 <? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>
 <form method="post" action="wot.php">
@@ -60,6 +70,37 @@
     <td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td>
 <? } ?>
   </tr>
+    <tr>
+    <td class="DataTD">
+        <?=_("Date of Birth")?><br/>
+        (<?=_("yyyy/mm/dd")?>)</td>
+    <td class="DataTD">
+        <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) ? sanitizeHTML($_SESSION['assuresomeone']['year']):""?>" size="4" autocomplete="off"></nobr>
+        <select name="month">
+<?
+for($i = 1; $i <= 12; $i++)
+{
+    echo "<option value='$i'";
+    if(array_key_exists('month',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['month'] == $i)
+        echo " selected=\"selected\"";
+    echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
+}
+?>
+        </select>
+        <select name="day">
+<?
+for($i = 1; $i <= 31; $i++)
+{
+    echo "<option";
+    if(array_key_exists('day',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['day'] == $i)
+        echo " selected=\"selected\"";
+    echo ">$i</option>";
+}
+?>
+        </select>
+    </td>
+  </tr>
+
   <tr>
     <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
   </tr>
diff --git a/pages/wot/6.php b/pages/wot/6.php
index a565aa7..6934d0f 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -24,6 +24,9 @@
 	}
 
 	$row = $_SESSION['_config']['notarise'];
+	$_SESSION['assuresomeone']['year'] = '';
+	$_SESSION['assuresomeone']['month'] = '';
+	$_SESSION['assuresomeone']['day'] = '';
 
 	if($_SESSION['profile']['ttpadmin'] == 1)
 //		$methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP");
diff --git a/www/wot.php b/www/wot.php
index 7200517..0ce23b4 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -198,6 +198,17 @@ function send_reminder()
 				show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
 				exit;
 			}
+			if ($_SESSION['profile']['ttpadmin'] != 1) {
+				$_SESSION['assuresomeone']['year'] = mysql_real_escape_string(stripslashes($_POST['year']));
+				$_SESSION['assuresomeone']['month'] = mysql_real_escape_string(stripslashes($_POST['month']));
+				$_SESSION['assuresomeone']['day'] = mysql_real_escape_string(stripslashes($_POST['day']));
+				$dob = $_SESSION['assuresomeone']['year'] . '-' . sprintf('%02d',$_SESSION['assuresomeone']['month']) . '-' . sprintf('%02d', $_SESSION['assuresomeone']['day']);
+
+				if (	$_SESSION['_config']['notarise']['dob'] != $dob) {
+					show_page("EnterEmail","",_("The data entered is not matching with an account."));
+					exit;
+				}
+			}
 		}
 		$query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
 		$res = mysql_query($query);
@@ -236,7 +247,7 @@ function send_reminder()
 
 	if($oldid == 6)
 	{
-$iecho= "c";
+		$iecho= "c";
 		//date checks
 		if(trim($_REQUEST['date']) == '')
 		{
-- 
cgit v1.2.1


From c5d4d5f3087ef5afaa9a972c9c4adce4c114769c Mon Sep 17 00:00:00 2001
From: INOPIAE <inopiae@cacert.org>
Date: Sun, 26 Jan 2014 16:34:56 +0100
Subject: bug 1226: fixed missing variable statement in notary.inc.php
 regarding wot.6

---
 includes/notary.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index b34b2f4..79cfe59 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -774,7 +774,7 @@
 <?
 		} else {
 ?>
-	<input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" />
+	<input type="hidden" name="method" value="<?=$methods[0]?>" />
 <?
 		}
 	}
-- 
cgit v1.2.1


From a723dd33e4aeaaccba00192647b4638ae4be48fe Mon Sep 17 00:00:00 2001
From: INOPIAE <inopiae@cacert.org>
Date: Tue, 28 Jan 2014 22:39:21 +0100
Subject: bug 1226: fixed missing dob in second form

---
 www/wot.php | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/www/wot.php b/www/wot.php
index 0ce23b4..3351233 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -464,6 +464,37 @@ function send_reminder()
 		<td class="DataTD"><?=_("Email")?>:</td>
 		<td class="DataTD"><input type="text" name="email" id="email" value=""></td>
 	</tr>
+	<tr>
+	<td class="DataTD">
+		<?=_("Date of Birth")?><br/>
+		(<?=_("yyyy/mm/dd")?>)</td>
+	<td class="DataTD">
+		<input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) ? sanitizeHTML($_SESSION['assuresomeone']['year']):""?>" size="4" autocomplete="off"></nobr>
+		<select name="month">
+			<?
+for($i = 1; $i <= 12; $i++)
+{
+	echo "<option value='$i'";
+	if(array_key_exists('month',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['month'] == $i)
+		echo " selected=\"selected\"";
+	echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
+}
+			?>
+		</select>
+		<select name="day">
+			<?
+for($i = 1; $i <= 31; $i++)
+{
+	echo "<option";
+	if(array_key_exists('day',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['day'] == $i)
+		echo " selected=\"selected\"";
+	echo ">$i</option>";
+}
+			?>
+		</select>
+	</td>
+  </tr>
+
 	<tr>
 		<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
 	</tr>
-- 
cgit v1.2.1


From 98d7e6833b3fb094d88b8aea74077e6f646665e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20T=C3=A4nzer?= <neo@nhng.de>
Date: Sat, 21 Jun 2014 23:55:43 +0200
Subject: bug 1226: Remove really redundant code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michael Tänzer <neo@nhng.de>
---
 www/wot.php | 61 +------------------------------------------------------------
 1 file changed, 1 insertion(+), 60 deletions(-)

diff --git a/www/wot.php b/www/wot.php
index 3351233..e1d1572 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -453,66 +453,7 @@ function send_reminder()
 
 		sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
 
-		showheader(_("My CAcert.org Account!"));
-		echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
-?><form method="post" action="wot.php">
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
-	<tr>
-		<td colspan="2" class="title"><?=_("Assure Someone")?></td>
-	</tr>
-	<tr>
-		<td class="DataTD"><?=_("Email")?>:</td>
-		<td class="DataTD"><input type="text" name="email" id="email" value=""></td>
-	</tr>
-	<tr>
-	<td class="DataTD">
-		<?=_("Date of Birth")?><br/>
-		(<?=_("yyyy/mm/dd")?>)</td>
-	<td class="DataTD">
-		<input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) ? sanitizeHTML($_SESSION['assuresomeone']['year']):""?>" size="4" autocomplete="off"></nobr>
-		<select name="month">
-			<?
-for($i = 1; $i <= 12; $i++)
-{
-	echo "<option value='$i'";
-	if(array_key_exists('month',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['month'] == $i)
-		echo " selected=\"selected\"";
-	echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
-}
-			?>
-		</select>
-		<select name="day">
-			<?
-for($i = 1; $i <= 31; $i++)
-{
-	echo "<option";
-	if(array_key_exists('day',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['day'] == $i)
-		echo " selected=\"selected\"";
-	echo ">$i</option>";
-}
-			?>
-		</select>
-	</td>
-  </tr>
-
-	<tr>
-		<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
-	</tr>
-</table>
-<input type="hidden" name="oldid" value="5">
-</form>
-<SCRIPT LANGUAGE="JavaScript">
-//<![CDATA[
-	function my_init()
-	{
-		document.getElementById("email").focus();
-	}
-
-	window.onload = my_init();
-//]]>
-</script>
-<?
-		showfooter();
+		show_page('EnterEmail', _("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this."));
 		exit;
 	}
 
-- 
cgit v1.2.1


From 7fbd25520ae6d4920453961728b115d8a974eb97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20T=C3=A4nzer?= <neo@nhng.de>
Date: Sat, 21 Jun 2014 23:56:28 +0200
Subject: bug 1226: Treat the date values as integer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michael Tänzer <neo@nhng.de>
---
 pages/wot/5.php | 12 ++++++------
 pages/wot/6.php |  6 +++---
 www/wot.php     |  6 +++---
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/pages/wot/5.php b/pages/wot/5.php
index a9c3dcb..7fdd1c5 100644
--- a/pages/wot/5.php
+++ b/pages/wot/5.php
@@ -28,13 +28,13 @@
   }
 
   if (!isset($_SESSION['assuresomeone']['year'])) {
-      $_SESSION['assuresomeone']['year'] = '';
+      $_SESSION['assuresomeone']['year'] = 0;
   }
   if (!isset($_SESSION['assuresomeone']['month'])) {
-      $_SESSION['assuresomeone']['month'] = '';
+      $_SESSION['assuresomeone']['month'] = 0;
   }
   if (!isset($_SESSION['assuresomeone']['day'])) {
-      $_SESSION['assuresomeone']['day'] = '';
+      $_SESSION['assuresomeone']['day'] = 0;
   }
 ?>
 <? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>
@@ -75,13 +75,13 @@
         <?=_("Date of Birth")?><br/>
         (<?=_("yyyy/mm/dd")?>)</td>
     <td class="DataTD">
-        <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) ? sanitizeHTML($_SESSION['assuresomeone']['year']):""?>" size="4" autocomplete="off"></nobr>
+        <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['year']) !== 0 ? intval($_SESSION['assuresomeone']['year']):''?>" size="4" autocomplete="off"></nobr>
         <select name="month">
 <?
 for($i = 1; $i <= 12; $i++)
 {
     echo "<option value='$i'";
-    if(array_key_exists('month',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['month'] == $i)
+    if(array_key_exists('month',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['month']) === $i)
         echo " selected=\"selected\"";
     echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
 }
@@ -92,7 +92,7 @@ for($i = 1; $i <= 12; $i++)
 for($i = 1; $i <= 31; $i++)
 {
     echo "<option";
-    if(array_key_exists('day',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['day'] == $i)
+    if(array_key_exists('day',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['day']) === $i)
         echo " selected=\"selected\"";
     echo ">$i</option>";
 }
diff --git a/pages/wot/6.php b/pages/wot/6.php
index 6934d0f..200a526 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -24,9 +24,9 @@
 	}
 
 	$row = $_SESSION['_config']['notarise'];
-	$_SESSION['assuresomeone']['year'] = '';
-	$_SESSION['assuresomeone']['month'] = '';
-	$_SESSION['assuresomeone']['day'] = '';
+	$_SESSION['assuresomeone']['year'] = 0;
+	$_SESSION['assuresomeone']['month'] = 0;
+	$_SESSION['assuresomeone']['day'] = 0;
 
 	if($_SESSION['profile']['ttpadmin'] == 1)
 //		$methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP");
diff --git a/www/wot.php b/www/wot.php
index e1d1572..40a60a6 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -199,9 +199,9 @@ function send_reminder()
 				exit;
 			}
 			if ($_SESSION['profile']['ttpadmin'] != 1) {
-				$_SESSION['assuresomeone']['year'] = mysql_real_escape_string(stripslashes($_POST['year']));
-				$_SESSION['assuresomeone']['month'] = mysql_real_escape_string(stripslashes($_POST['month']));
-				$_SESSION['assuresomeone']['day'] = mysql_real_escape_string(stripslashes($_POST['day']));
+				$_SESSION['assuresomeone']['year'] = intval($_POST['year']);
+				$_SESSION['assuresomeone']['month'] = intval($_POST['month']);
+				$_SESSION['assuresomeone']['day'] = intval($_POST['day']);
 				$dob = $_SESSION['assuresomeone']['year'] . '-' . sprintf('%02d',$_SESSION['assuresomeone']['month']) . '-' . sprintf('%02d', $_SESSION['assuresomeone']['day']);
 
 				if (	$_SESSION['_config']['notarise']['dob'] != $dob) {
-- 
cgit v1.2.1


From b6a4c69f26fcdbefeeef6922a80b842e28610741 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20T=C3=A4nzer?= <neo@nhng.de>
Date: Sat, 21 Jun 2014 23:58:45 +0200
Subject: bug 1226: Properly use sprintf
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michael Tänzer <neo@nhng.de>
---
 www/wot.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/wot.php b/www/wot.php
index 40a60a6..e7a0f0d 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -202,7 +202,7 @@ function send_reminder()
 				$_SESSION['assuresomeone']['year'] = intval($_POST['year']);
 				$_SESSION['assuresomeone']['month'] = intval($_POST['month']);
 				$_SESSION['assuresomeone']['day'] = intval($_POST['day']);
-				$dob = $_SESSION['assuresomeone']['year'] . '-' . sprintf('%02d',$_SESSION['assuresomeone']['month']) . '-' . sprintf('%02d', $_SESSION['assuresomeone']['day']);
+				$dob = sprintf('%04d-%02d-%02d', $_SESSION['assuresomeone']['year'], $_SESSION['assuresomeone']['month'], $_SESSION['assuresomeone']['day']);
 
 				if (	$_SESSION['_config']['notarise']['dob'] != $dob) {
 					show_page("EnterEmail","",_("The data entered is not matching with an account."));
-- 
cgit v1.2.1


From 92e73d70093e44747edfbb7c731445dd74bc864a Mon Sep 17 00:00:00 2001
From: Benny Baumann <BenBE@geshi.org>
Date: Sun, 22 Jun 2014 00:45:15 +0200
Subject: bug 1226: Only consider values above 1900 as the year when returning
 a pre-filled form

---
 pages/wot/5.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/wot/5.php b/pages/wot/5.php
index 7fdd1c5..565dd6a 100644
--- a/pages/wot/5.php
+++ b/pages/wot/5.php
@@ -75,7 +75,7 @@
         <?=_("Date of Birth")?><br/>
         (<?=_("yyyy/mm/dd")?>)</td>
     <td class="DataTD">
-        <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['year']) !== 0 ? intval($_SESSION['assuresomeone']['year']):''?>" size="4" autocomplete="off"></nobr>
+        <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['year']) >= 1900 ? intval($_SESSION['assuresomeone']['year']):''?>" size="4" autocomplete="off"></nobr>
         <select name="month">
 <?
 for($i = 1; $i <= 12; $i++)
-- 
cgit v1.2.1