includes/lib/account.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

<?php
/*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/

/**
 * Function to recalculate the cached Assurer status
 *
 * @param int $userID
 * 	if the user ID is not given the flag will be recalculated for all users
 *
 * @return bool
 * 	false if there was an error on fixing the flag. This does NOT return the
 * 	new value of the flag
 */
function fix_assurer_flag($userID = NULL)
{
	// Update Assurer-Flag on users table if 100 points and CATS passed.
	//
	// We may have some performance issues here if no userID is given
	// there are ~150k assurances and ~220k users currently
	// but the exists-clause on cats_passed should be a good filter
	$sql = '
		UPDATE `users` AS `u` SET `assurer` = 1
		WHERE '.(
					($userID === NULL) ?
					'`u`.`assurer` = 0' :
					'`u`.`id` = \''.intval($userID).'\''
				).'
			AND EXISTS(
				SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv`
				WHERE `cp`.`variant_id` = `cv`.`id`
					AND `cv`.`type_id` = 1
					AND `cp`.`user_id` = `u`.`id`
			)
			AND (
				SELECT SUM(`points`) FROM `notary` AS `n`
				WHERE `n`.`to` = `u`.`id`
					AND (`n`.`expire` > now()
					     OR `n`.`expire` IS NULL)
					AND `n`.`deleted` = 0
			) >= 100';

	$query = mysql_query($sql);
	if (!$query) {
		return false;
	}
	// Challenge has been passed and non-expired points >= 100

	// Reset flag if requirements are not met
	//
	// Also a bit performance critical but assurer flag is only set on
	// ~5k accounts
	$sql = '
		UPDATE `users` AS `u` SET `assurer` = 0
		WHERE '.(
					($userID === NULL) ?
					'`u`.`assurer` <> 0' :
					'`u`.`id` = \''.intval($userID).'\''
				).'
			AND (
				NOT EXISTS(
					SELECT 1 FROM `cats_passed` AS `cp`,
						`cats_variant` AS `cv`
					WHERE `cp`.`variant_id` = `cv`.`id`
						AND `cv`.`type_id` = 1
						AND `cp`.`user_id` = `u`.`id`
				)
				OR (
					SELECT SUM(`points`) FROM `notary` AS `n`
					WHERE `n`.`to` = `u`.`id`
						AND (
							`n`.`expire` > now()
							OR `n`.`expire` IS NULL
						)
						AND `n`.`deleted` = 0
				) < 100
			)';

	$query = mysql_query($sql);
	if (!$query) {
		return false;
	}

	return true;
}

/**
 * Supported hash algorithms for signing certificates
 */
class HashAlgorithms {
	/**
	 * Default hash algorithm identifier for signing
	 * @var string
	 */
	public static $default = 'sha256';

	/**
	 * Get display strings for the supported hash algorithms
	 * @return array(string=>array('name'=>string, 'info'=>string))
	 *     - [$hash_identifier]['name'] = Name that should be displayed in UI
	 *     - [$hash_identifier]['info'] = Additional information that can help
	 *       with the selection of a suitable algorithm
	 */
	public static function getInfo() {
		return array(
				'sha256' => array(
						'name' => 'SHA-256',
						'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),
					),
				'sha384' => array(
						'name' => 'SHA-384',
						'info' => '',
					),
				'sha512' => array(
						'name' => 'SHA-512',
						'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),
					),
			);
	}

	/**
	 * Check if the input is a supported hash algorithm identifier otherwise
	 * return the identifier of the default hash algorithm
	 *
	 * @param string $hash_identifier
	 * @return string The cleaned identifier
	 */
	public static function clean($hash_identifier) {
		if (array_key_exists($hash_identifier, self::getInfo() )) {
			return $hash_identifier;
		} else {
			return self::$default;
		}
	}
}