summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2013-09-08 21:35:14 +0200
committerMichael Tänzer <neo@nhng.de>2013-09-08 21:35:14 +0200
commit9d4ec70dda220ab42c013de4313d26b3914ba668 (patch)
treeb6879403ab958023da59c70447997b9af8e19adc /includes
parentaea694d929d09db48b008eda40fc2a77ea086e8d (diff)
downloadcacert-9d4ec70dda220ab42c013de4313d26b3914ba668.tar.gz
cacert-9d4ec70dda220ab42c013de4313d26b3914ba668.tar.xz
cacert-9d4ec70dda220ab42c013de4313d26b3914ba668.zip
Source code taken from cacert-20130906.tar.bz2
Diffstat (limited to 'includes')
-rw-r--r--includes/account.php499
-rw-r--r--includes/account_stuff.php6
-rw-r--r--includes/notary.inc.php615
-rw-r--r--includes/wot.inc.php640
4 files changed, 842 insertions, 918 deletions
diff --git a/includes/account.php b/includes/account.php
index cc2c581..54373b0 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -17,7 +17,8 @@
*/
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
- require_once('lib/check_weak_key.php');
+ require_once("../includes/lib/check_weak_key.php");
+ require_once("../includes/notary.inc.php");
loadem("account");
@@ -70,9 +71,7 @@
}
$oldid=0;
$_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail'])));
- $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ if(check_email_exists($_REQUEST['email'])==true)
{
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email']));
@@ -160,17 +159,7 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
- $query = "select `emailcerts`.`id`
- from `emaillink`,`emailcerts` where
- `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
- `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
- group by `emailcerts`.`id`";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
-
- $query = "update `email` set `deleted`=NOW() where `id`='$id'";
- mysql_query($query);
+ account_email_delete($row['id']);
$delcount++;
}
}
@@ -192,6 +181,14 @@
if($process != "" && $oldid == 3)
{
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
+
if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
{
showheader(_("My CAcert.org Account!"));
@@ -240,6 +237,11 @@
$_REQUEST['keytype'] = "MS";
$csr = clean_csr($_REQUEST['optionalCSR']);
}
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
}
if($oldid == 4)
@@ -316,6 +318,8 @@
exit;
}
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
$query = "insert into emailcerts set
`CN`='$defaultemail',
`keytype`='NS',
@@ -323,7 +327,8 @@
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
- `rootcert`='".intval($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@@ -334,15 +339,15 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $res=`openssl spkac -verify -in $CSRname`;
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
if($csr == "")
@@ -367,8 +372,8 @@
$csrsubject="";
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
- if(strlen($user['mname']) == 1)
- $user['mname'] .= '.';
+ if(strlen($user['mname']) == 1)
+ $user['mname'] .= '.';
if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
$csrsubject = "/CN=CAcert WoT User";
if($_SESSION['_config']['incname'] == 1)
@@ -423,7 +428,8 @@
`subject`='".mysql_real_escape_string($csrsubject)."',
`codesign`='".$_SESSION['_config']['codesign']."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
@@ -457,10 +463,10 @@
csrf_check("adddomain");
if(strstr($_REQUEST['newdomain'],"\x00"))
{
- showheader(_("My CAcert.org Account!"));
- echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
+ showfooter();
+ exit;
}
list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
@@ -622,32 +628,9 @@
{
$row = mysql_fetch_assoc($res);
echo $row['domain']."<br>\n";
-
- $dres = mysql_query(
- "select `domaincerts`.`id`
- from `domaincerts`
- where `domaincerts`.`domid` = '$id'
- union distinct
- select `domaincerts`.`id`
- from `domaincerts`, `domlink`
- where `domaincerts`.`id` = `domlink`.`certid`
- and `domlink`.`domid` = '$id'");
- while($drow = mysql_fetch_assoc($dres))
- {
- mysql_query(
- "update `domaincerts`
- set `revoked`='1970-01-01 10:00:01'
- where `id` = '".$drow['id']."'
- and `revoked` = 0
- and UNIX_TIMESTAMP(`expire`) -
- UNIX_TIMESTAMP() > 0");
- }
-
- mysql_query(
- "update `domains`
- set `deleted`=NOW()
- where `id` = '$id'");
+ account_domain_delete($row['id']);
}
+
}
}
else
@@ -661,11 +644,19 @@
if($process != "" && $oldid == 10)
{
+ if(!array_key_exists('CCA',$_REQUEST))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again.");
+ showfooter();
+ exit;
+ }
+
$CSR = clean_csr($_REQUEST['CSR']);
if(strpos($CSR,"---BEGIN")===FALSE)
{
- // In case the CSR is missing the ---BEGIN lines, add them automatically:
- $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
+ // In case the CSR is missing the ---BEGIN lines, add them automatically:
+ $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
}
if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
@@ -676,6 +667,12 @@
exit;
}
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -742,7 +739,7 @@
$subject = "";
$count = 0;
$supressSAN=0;
- if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
+ if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
if(is_array($_SESSION['_config']['rows']))
foreach($_SESSION['_config']['rows'] as $row)
@@ -771,19 +768,23 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+ write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1);
+
if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0)
{
$query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `description`='".$_SESSION['_config']['description']."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
$query = "insert into `domaincerts` set
`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
- `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+ `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `description`='".$_SESSION['_config']['description']."'";
} else {
showheader(_("My CAcert.org Account!"));
echo _("Domain not verified.");
@@ -865,7 +866,8 @@
`modified`=NOW(),
`rootcert`='".$row['rootcert']."',
`type`='".$row['type']."',
- `pkhash`='".$row['pkhash']."'";
+ `pkhash`='".$row['pkhash']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","server",$newid);
@@ -1003,6 +1005,24 @@
exit;
}
+ if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
{
showheader(_("My CAcert.org Account!"));
@@ -1041,7 +1061,8 @@
`modified`=NOW(),
`disablelogin`='".$row['disablelogin']."',
`codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."'";
+ `rootcert`='".$row['rootcert']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","client",$newid);
@@ -1140,26 +1161,47 @@
if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
{
- showheader(_("My CAcert.org Account!"));
- //echo _("Now changing the settings for the following certificates:")."<br>\n";
- foreach($_REQUEST as $id => $val)
- {
- //echo $id."<br/>";
- if(substr($id,0,5)=="cert_")
- {
- $id = intval(substr($id,5));
- $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
- //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
- mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
- //$row = mysql_fetch_assoc($res);
- }
- }
- echo(_("Certificate settings have been changed.")."<br/>\n");
- showfooter();
- exit;
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,5)=="cert_")
+ {
+ $cid = intval(substr($id,5));
+ $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
+ mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ if(!empty($_REQUEST['check_comment_'.$cid])) {
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
}
+ if($oldid == 6 && $_REQUEST['certid'] != "")
+ {
+ if(trim($_REQUEST['description']) != ""){
+ $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $description= "";
+ }
+
+ if(trim($_REQUEST['disablelogin']) == "1"){
+ $disablelogin = 1;
+ }else{
+ $disablelogin = 0;
+ }
+
+ mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
+ }
+
if($oldid == 13 && $process != "")
{
csrf_check("perschange");
@@ -1176,42 +1218,42 @@
$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
- if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
- $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
- $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
- {
- $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
- $id = $oldid;
+ if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
+ $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
+ $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
+ {
+ $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
+ $id = $oldid;
$oldid=0;
- }
+ }
if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
@@ -1394,6 +1436,13 @@
}
$_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
$_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
+
+
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
}
if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
@@ -1423,6 +1472,12 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
if(@count($_SESSION['_config']['emails']) > 0)
$id = 17;
}
@@ -1469,6 +1524,7 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+
$emails .= "SPKAC = $spkac";
if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
{
@@ -1485,7 +1541,8 @@
`orgid`='".$org['orgid']."',
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1497,15 +1554,15 @@
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
- if(!strstr($res,"Challenge String: ".$challenge))
- {
- $id = $oldid;
- showheader(_("My CAcert.org Account!"));
- echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
- showfooter();
- exit;
- }
+ $res=`openssl spkac -verify -in $CSRname`;
+ if(!strstr($res,"Challenge String: ".$challenge))
+ {
+ $id = $oldid;
+ showheader(_("My CAcert.org Account!"));
+ echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+ showfooter();
+ exit;
+ }
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
@@ -1575,7 +1632,8 @@
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`subject`='$csrsubject',
`codesign`='".$_SESSION['_config']['codesign']."',
- `rootcert`='".$_SESSION['_config']['rootcert']."'";
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `description`='".$_SESSION['_config']['description']."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1650,7 +1708,8 @@
`created`='".$row['created']."',
`modified`=NOW(),
`codesign`='".$row['codesign']."',
- `rootcert`='".$row['rootcert']."'";
+ `rootcert`='".$row['rootcert']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","orgclient",$newid);
@@ -1742,6 +1801,24 @@
exit;
}
+ if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if($process != "" && $oldid == 20)
{
$CSR = clean_csr($_REQUEST['CSR']);
@@ -1755,6 +1832,12 @@
exit;
}
+ if(trim($_REQUEST['description']) != ""){
+ $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+ }else{
+ $_SESSION['_config']['description']= "";
+ }
+
$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
@@ -1830,8 +1913,8 @@
exit;
}
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
$query = "select * from `org`,`orginfo` where
`orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
`orginfo`.`id`=`org`.`orgid` and
@@ -1878,25 +1961,27 @@
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
- if($_SESSION['_config']['rowid']['0'] > 0)
- {
- $query = "insert into `orgdomaincerts` set
- `CN`='".$_SESSION['_config']['rows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type'";
- } else {
- $query = "insert into `orgdomaincerts` set
- `CN`='".$_SESSION['_config']['altrows']['0']."',
- `orgid`='".$org['id']."',
- `created`=NOW(),
- `subject`='$csrsubject',
- `rootcert`='".$_SESSION['_config']['rootcert']."',
- `type`='$type'";
- }
- mysql_query($query);
+ if($_SESSION['_config']['rowid']['0'] > 0)
+ {
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".$_SESSION['_config']['rows']['0']."',
+ `orgid`='".$org['id']."',
+ `created`=NOW(),
+ `subject`='$csrsubject',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `type`='$type',
+ `description`='".$_SESSION['_config']['description']."'";
+ } else {
+ $query = "insert into `orgdomaincerts` set
+ `CN`='".$_SESSION['_config']['altrows']['0']."',
+ `orgid`='".$org['id']."',
+ `created`=NOW(),
+ `subject`='$csrsubject',
+ `rootcert`='".$_SESSION['_config']['rootcert']."',
+ `type`='$type',
+ `description`='".$_SESSION['_config']['description']."'";
+ }
+ mysql_query($query);
$CSRid = mysql_insert_id();
$CSRname=generatecertpath("csr","orgserver",$CSRid);
@@ -1970,7 +2055,8 @@
`modified`=NOW(),
`subject`='".$row['subject']."',
`type`='".$row['type']."',
- `rootcert`='".$row['rootcert']."'";
+ `rootcert`='".$row['rootcert']."',
+ `description`='".$row['description']."'";
mysql_query($query);
$newid = mysql_insert_id();
//echo "NewID: $newid<br/>\n";
@@ -2071,6 +2157,24 @@
exit;
}
+ if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+ {
+ showheader(_("My CAcert.org Account!"));
+ foreach($_REQUEST as $id => $val)
+ {
+ if(substr($id,0,14)=="check_comment_")
+ {
+ $cid = intval(substr($id,14));
+ $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+ mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
+ }
+ }
+ echo(_("Certificate settings have been changed.")."<br/>\n");
+ showfooter();
+ exit;
+ }
+
+
if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
@@ -2462,7 +2566,7 @@
}
if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") ||
- ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
+ ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
$_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
{
$id = 53;
@@ -2472,7 +2576,7 @@
$locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
$name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
$long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
- $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
+ $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
$action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
if($locid > 0 && $action == "edit")
@@ -2580,6 +2684,13 @@
mysql_query($query);
}
+ if($oldid == 43 && $_REQUEST['action'] == 'revokecert')
+ {
+ $userid = intval($_REQUEST['userid']);
+ revoke_all_private_cert($userid);
+ $id=43;
+ }
+
if($oldid == 48 && $_REQUEST['domain'] == "")
{
$id = $oldid;
@@ -2730,24 +2841,24 @@
mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
}
- if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
- {
- csrf_check('admsetassuret');
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer'];
- mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
- }
-
- if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
- {
- $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
- $query = "select * from `users` where `id`='$memid'";
- $row = mysql_fetch_assoc(mysql_query($query));
- $ver = !$row['assurer_blocked'];
- mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
- }
+ if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
+ {
+ csrf_check('admsetassuret');
+ $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer'];
+ mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+ }
+
+ if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
+ {
+ $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
+ $query = "select * from `users` where `id`='$memid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $ver = !$row['assurer_blocked'];
+ mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+ }
if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
{
@@ -2876,23 +2987,39 @@
if($oldid == 50 && $process != "")
{
$_REQUEST['userid'] = intval($_REQUEST['userid']);
- $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'");
- if(mysql_num_rows($res) > 0)
- {
- $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01'
- WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
+ if (trim($_REQUEST['arbitrationno'])==""){
+ showheader(_("My CAcert.org Account!"));
+ echo _("You did not enter an arbitration number entry.");
+ showfooter();
+ exit;
+ }
+ if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
+ showfooter();
+ exit;
+ }
+ if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
+ showfooter();
+ exit;
+ }
+ if (check_client_cert_running($_REQUEST['userid'],1) ||
+ check_server_cert_running($_REQUEST['userid'],1) ||
+ check_gpg_cert_running($_REQUEST['userid'],1)) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("The CCA retention time for at least one certificate is not over. Can't continue."));
+ showfooter();
+ exit;
+ }
+ if (check_is_orgadmin($_REQUEST['userid'],1)) {
+ showheader(_("My CAcert.org Account!"));
+ printf(_("The user is listed as Organisation Administrator. Can't continue."));
+ showfooter();
+ exit;
}
+ account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
}
if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index b9544e0..dbebf6a 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -172,7 +172,7 @@ function hideall() {
</div>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('mydetails')">+ <?=_("My Details")?></h3>
- <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><?
+ <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("View/Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><?
if($_SESSION['profile']['id'] == 1 || $_SESSION['profile']['id'] == 5897)
echo "<li><a href='sqldump.php'>SQL Dump</a></li>";
?></ul>
@@ -281,7 +281,7 @@ function hideall() {
<div id="siteInfo"><a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="account.php?id=38"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> |
<a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a>
| &copy;2002-<?=date("Y")?> <?=_("by CAcert")?></div>
-</div>
-</body>
+</div>
+</body>
</html><?
}
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index d6f86a8..37a7ed0 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -41,6 +41,15 @@
return intval($row['list']);
}
+ function get_number_of_ttpassurances ($userid)
+ {
+ $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+ WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
+ $row = query_getnextrow($res);
+
+ return intval($row['list']);
+ }
+
function get_number_of_assurees ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
@@ -106,7 +115,7 @@
function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked)
{
- $apoints = max($row['points'],$row['awarded']);
+ $apoints = max($row['points'], $row['awarded']);
$points += $apoints;
$experience = "&nbsp;";
$revoked = false; # to be coded later (after DB-upgrade)
@@ -192,15 +201,15 @@
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="title"><?=_("Assurer Ranking")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
- </tr>
+ <tr>
+ <td class="title"><?=_("Assurer Ranking")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
+ </tr>
</table>
<br/>
<?
@@ -210,65 +219,68 @@
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
+ <tr>
<?
if ($support == "1")
{
?>
- <td colspan="10" class="title"><?=$title?></td>
+ <td colspan="10" class="title"><?=$title?></td>
<?
} else {
?>
- <td colspan="7" class="title"><?=$title?></td>
-<? }
+ <td colspan="7" class="title"><?=$title?></td>
+<?
+ }
?>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("ID")?></strong></td>
- <td class="DataTD"><strong><?=_("Date")?></strong></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("ID")?></strong></td>
+ <td class="DataTD"><strong><?=_("Date")?></strong></td>
<?
if ($support == "1")
{
?>
- <td class="DataTD"><strong><?=_("When")?></strong></td>
- <td class="DataTD"><strong><?=_("Email")?></strong></td>
-<? } ?>
- <td class="DataTD"><strong><?=_("Who")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Location")?></strong></td>
- <td class="DataTD"><strong><?=_("Method")?></strong></td>
- <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("When")?></strong></td>
+ <td class="DataTD"><strong><?=_("Email")?></strong></td>
+<?
+ }
+?>
+ <td class="DataTD"><strong><?=_("Who")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Location")?></strong></td>
+ <td class="DataTD"><strong><?=_("Method")?></strong></td>
+ <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
<?
if ($support == "1")
{
?>
- <td class="DataTD"><strong><?=_("Revoke")?></strong></td>
+ <td class="DataTD"><strong><?=_("Revoke")?></strong></td>
<?
}
?>
- </tr>
+ </tr>
<?
}
function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support)
{
?>
- <tr>
- <td class="DataTD" colspan="5"><strong><?=$points_txt?>:</strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD">&nbsp;</td>
- <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
- <td class="DataTD"><?=$sumexperience?></td>
+ <tr>
+ <td<?=($support == "1")?' colspan="5"':' colspan="3"'?> class="DataTD"><strong><?=$points_txt?>:</strong></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD">&nbsp;</td>
+ <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
+ <td class="DataTD"><?=$sumexperience?></td>
<?
if ($support == "1")
{
?>
- <td class="DataTD">&nbsp;</td>
+ <td class="DataTD">&nbsp;</td>
<?
}
?>
- </tr>
+ </tr>
</table>
<br/>
<?
@@ -277,52 +289,54 @@
function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
{
- $tdstyle="";
- $emopen="";
- $emclose="";
+ $tdstyle="";
+ $emopen="";
+ $emclose="";
- if ($awarded == $points)
- {
- if ($awarded == "0")
+ if ($awarded == $points)
{
- if ($when < "2006-09-01")
+ if ($awarded == "0")
{
- $tdstyle="style='background-color: #ffff80'";
- $emopen="<em>";
- $emclose="</em>";
+ if ($when < "2006-09-01")
+ {
+ $tdstyle="style='background-color: #ffff80'";
+ $emopen="<em>";
+ $emclose="</em>";
+ }
}
}
- }
?>
- <tr>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
+ <tr>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
<?
- if ($support == "1")
- {
+ if ($support == "1")
+ {
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
-<? }
+<?
+ }
?>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
<?
- if ($support == "1")
- {
- if ($revoked == true)
+ if ($support == "1")
{
+ if ($revoked == true)
+ {
?>
- <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
-<? } else {
+ <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
+<?
+ } else {
?>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
+ }
}
- }
?>
</tr>
<?
@@ -332,14 +346,14 @@
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("Description")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Remark")?></strong></td>
+ <tr>
+ <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><strong><?=_("Description")?></strong></td>
+ <td class="DataTD"><strong><?=_("Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
+ <td class="DataTD"><strong><?=_("Remark")?></strong></td>
</tr>
<?
}
@@ -355,12 +369,12 @@
function output_summary_row($title,$points,$points_countable,$remark)
{
?>
- <tr>
- <td class="DataTD"><strong><?=$title?></strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD"><?=$points_countable?></td>
- <td class="DataTD"><?=$remark?></td>
- </tr>
+ <tr>
+ <td class="DataTD"><strong><?=$title?></strong></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD"><?=$points_countable?></td>
+ <td class="DataTD"><?=$remark?></td>
+ </tr>
<?
}
@@ -430,6 +444,8 @@
break;
case 'Unknown': // to be revoked in the future? limit to max 50 pts?
case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
+ case 'TTP-Assisted': // TTP assurances, limit to 35
+ case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
case '': // to be revoked in the future? limit to max 50 pts?
case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
break;
@@ -575,14 +591,14 @@
return $issue_points;
}
- function output_given_assurances($userid,$support)
+ function output_given_assurances($userid,$support=0)
{
output_assurances_header(_("Assurance Points You Issued"),$support);
output_given_assurances_content($userid,$points,$sum_experience,$support);
output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support);
}
- function output_received_assurances($userid,$support)
+ function output_received_assurances($userid,$support=0)
{
output_assurances_header(_("Your Assurance Points"),$support);
output_received_assurances_content($userid,$points,$sum_experience,$support);
@@ -602,18 +618,30 @@
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<?
}
-
+
//functions to do with recording user agreements
+ /**
+ * write_user_agreement()
+ * writes a new record to the table user_agreement
+ *
+ * @param mixed $memid
+ * @param mixed $document
+ * @param mixed $method
+ * @param mixed $comment
+ * @param integer $active
+ * @param integer $secmemid
+ * @return
+ */
function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
// write a new record to the table user_agreement
- $query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid.
- ",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ;
+ $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
+ ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
$res = mysql_query($query);
}
-
+
function get_user_agreement_status($memid, $type="CCA"){
//returns 0 - no user agreement, 1- at least one entry
- $query="SELECT u.`document` FROM `user_agreements` u
+ $query="SELECT u.`document` FROM `user_agreements` u
WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ;
$res = mysql_query($query);
if(mysql_num_rows($res) <=0){
@@ -650,8 +678,8 @@
function get_last_user_agreement($memid, $type="CCA"){
//returns an array (`document`,`date`,`method`, `comment`,`active`)
$query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
- union
- (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
+ union
+ (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
$res = mysql_query($query);
if(mysql_num_rows($res) >0){
$row = mysql_fetch_assoc($res);
@@ -664,7 +692,7 @@
$rec=array();
}
return $rec;
-}
+ }
function delete_user_agreement($memid, $type="CCA"){
//deletes all entries to an user for the given type of user agreements
@@ -672,4 +700,413 @@
mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'");
}
+ // functions for 6.php (assure somebody)
+
+ function AssureHead($confirmation,$checkname)
+ {
+?>
+<form method="post" action="wot.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
+ <tr>
+ <td colspan="2" class="title"><?=$confirmation?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
+ </tr>
+<?
+ }
+
+ function AssureTextLine($field1,$field2)
+ {
+?>
+ <tr>
+ <td class="DataTD"><?=$field1.(empty($field1)?'':':')?>:</td>
+ <td class="DataTD"><?=$field2?></td>
+ </tr>
+<?
+ }
+
+ function AssureBoxLine($type,$text,$checked)
+ {
+?>
+ <tr>
+ <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
+ <td class="DataTD"><?=$text?></td>
+ </tr>
+<?
+ }
+
+ function AssureMethodLine($text,$methods,$remark)
+ {
+ if (count($methods) != 1) {
+?>
+ <tr>
+ <td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
+ <td class="DataTD">
+ <select name="method">
+<?
+ foreach($methods as $val) {
+?>
+ <option value="<?=$val?>"><?=$val?></option>
+<?
+ }
+?>
+ </select>
+ <br />
+ <?=$remark?>
+ </td>
+ </tr>
+<?
+ } else {
+?>
+ <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" />
+<?
+ }
+ }
+
+ function AssureInboxLine($type,$field,$value,$description)
+ {
+?>
+ <tr>
+ <td class="DataTD"><?=$field.(empty($field)?'':':')?>:</td>
+ <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
+ </tr>
+<?
+ }
+
+ function AssureFoot($oldid,$confirm)
+ {
?>
+ <tr>
+ <td class="DataTD" colspan="2">
+ <input type="submit" name="process" value="<?=$confirm?>" />
+ <input type="submit" name="cancel" value="<?=_("Cancel")?>" />
+ </td>
+ </tr>
+</table>
+<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
+<input type="hidden" name="oldid" value="<?=$oldid?>" />
+</form>
+<?
+ }
+
+ function account_email_delete($mailid){
+ //deletes an email entry from an acount
+ //revolkes all certifcates for that email address
+ //called from www/account.php if($process != "" && $oldid == 2)
+ //called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
+ //called from account_delete
+ $mailid = intval($mailid);
+ revoke_all_client_cert($mailid);
+ $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
+ mysql_query($query);
+ }
+
+ function account_domain_delete($domainid){
+ //deletes an domain entry from an acount
+ //revolkes all certifcates for that domain address
+ //called from www/account.php if($process != "" && $oldid == 9)
+ //called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
+ //called from account_delete
+ $domainid = intval($domainid);
+ revoke_all_server_cert($domainid);
+ mysql_query(
+ "update `domains`
+ set `deleted`=NOW()
+ where `id` = '$domainid'");
+ }
+
+ function account_delete($id, $arbno, $adminid){
+ //deletes an account following the deleted account routnie V3
+ // called from www/account.php if($oldid == 50 && $process != "")
+ //change password
+ $id = intval($id);
+ $arbno = mysql_real_escape_string($arbno);
+ $adminid = intval($adminid);
+ $pool = 'abcdefghijklmnopqrstuvwxyz';
+ $pool .= '0123456789!()§';
+ $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+ srand ((double)microtime()*1000000);
+ $password="";
+ for($index = 0; $index < 30; $index++)
+ {
+ $password .= substr($pool,(rand()%(strlen ($pool))), 1);
+ }
+ mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
+
+ //create new mail for arbitration number
+ $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
+ mysql_query($query);
+ $emailid = mysql_insert_id();
+
+ //set new mail as default
+ $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
+ mysql_query($query);
+
+ //delete all other email address
+ $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ account_email_delete($row['id']);
+ }
+
+ //delete all domains
+ $query = "select `id` from `domains` where `memid`='".$id."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ account_domain_delete($row['id']);
+ }
+
+ //clear alert settings
+ mysql_query(
+ "update `alerts` set
+ `general`='0',
+ `country`='0',
+ `regional`='0',
+ `radius`='0'
+ where `memid`='$id'");
+
+ //set default location
+ $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
+ mysql_query($query);
+
+ //clear listings
+ $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
+ mysql_query($query);
+
+ //set lanuage to default
+ //set default language
+ mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
+ //delete secondary langugaes
+ mysql_query("delete from `addlang` where `userid`='".$id."'");
+
+ //change secret questions
+ for($i=1;$i<=5;$i++){
+ $q="";
+ $a="";
+ for($index = 0; $index < 30; $index++)
+ {
+ $q .= substr($pool,(rand()%(strlen ($pool))), 1);
+ $a .= substr($pool,(rand()%(strlen ($pool))), 1);
+ }
+ $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
+ mysql_query($query);
+ }
+
+ //change personal information to arbitration number and DOB=1900-01-01
+ $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
+ $details = mysql_fetch_assoc(mysql_query($query));
+ $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
+ `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
+ mysql_query($query);
+ $query = "update `users` set `fname`='".$arbno."',
+ `mname`='".$arbno."',
+ `lname`='".$arbno."',
+ `suffix`='".$arbno."',
+ `dob`='1900-01-01'
+ where `id`='".$id."'";
+ mysql_query($query);
+
+ //clear all admin and board flags
+ mysql_query(
+ "update `users` set
+ `assurer`='0',
+ `assurer_blocked`='0',
+ `codesign`='0',
+ `orgadmin`='0',
+ `ttpadmin`='0',
+ `locadmin`='0',
+ `admin`='0',
+ `adadmin`='0',
+ `tverify`='0',
+ `board`='0'
+ where `id`='$id'");
+
+ //block account
+ mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
+ }
+
+
+ function check_email_exists($email){
+ // called from includes/account.php if($process != "" && $oldid == 1)
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $email = mysql_real_escape_string($email);
+ $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+ function check_gpg_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
+ }else{
+ $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+ function check_client_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
+ $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
+ }else{
+ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
+ $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query1);
+ $r1 = mysql_num_rows($res)>0;
+ $res = mysql_query($query2);
+ $r2 = mysql_num_rows($res)>0;
+ return !!($r1 || $r2);
+ }
+
+ function check_server_cert_running($uid,$cca=0){
+ //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ if (0==$cca) {
+ $query1 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `domaincerts`.`expire` > NOW()
+ and `domaincerts`.`revoked` < `domaincerts`.`created`";
+ $query2 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `revoked`>NOW()";
+ }else{
+ $query1 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `expire`>(NOW()-90*86400)
+ and `revoked`<`created`";
+ $query2 = "
+ select 1 from `domaincerts` join `domains`
+ on `domaincerts`.`domid` = `domains`.`id`
+ where `domains`.`memid` = '$uid'
+ and `revoked`>(NOW()-90*86400)";
+ }
+ $res = mysql_query($query1);
+ $r1 = mysql_num_rows($res)>0;
+ $res = mysql_query($query2);
+ $r2 = mysql_num_rows($res)>0;
+ return !!($r1 || $r2);
+ }
+
+ function check_is_orgadmin($uid){
+ // called from includes/account.php if($oldid == 50 && $process != "")
+ $uid = intval($uid);
+ $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
+ $res = mysql_query($query);
+ return mysql_num_rows($res) > 0;
+ }
+
+
+ // revokation of certificates
+ function revoke_all_client_cert($mailid){
+ //revokes all client certificates for an email address
+ $mailid = intval($mailid);
+ $query = "select `emailcerts`.`id`
+ from `emaillink`,`emailcerts` where
+ `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
+ group by `emailcerts`.`id`";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres)){
+ mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
+ }
+ }
+
+ function revoke_all_server_cert($domainid){
+ //revokes all server certs for an domain
+ $domainid = intval($domainid);
+ $query =
+ "select `domaincerts`.`id`
+ from `domaincerts`
+ where `domaincerts`.`domid` = '$domainid'
+ union distinct
+ select `domaincerts`.`id`
+ from `domaincerts`, `domlink`
+ where `domaincerts`.`id` = `domlink`.`certid`
+ and `domlink`.`domid` = '$domainid'";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ mysql_query(
+ "update `domaincerts`
+ set `revoked`='1970-01-01 10:00:01'
+ where `id` = '".$drow['id']."'
+ and `revoked` = 0");
+ }
+ }
+
+ function revoke_all_private_cert($uid){
+ //revokes all certificates linked to a personal accounts
+ //gpg revokation needs to be added to a later point
+ $uid=intval($uid);
+ $query = "select `id` from `email` where `memid`='".$uid."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ revoke_all_client_cert($row['id']);
+ }
+
+
+ $query = "select `id` from `domains` where `memid`='".$uid."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){
+ revoke_all_server_cert($row['id']);
+ }
+ }
+
+ /**
+ * check_date_format()
+ * checks if the date is entered in the right date format YYYY-MM-DD and
+ * if the date is after the 1st January of the given year
+ *
+ * @param mixed $date
+ * @param integer $year
+ * @return
+ */
+ function check_date_format($date, $year=2000){
+ if (!strpos($date,'-')) {
+ return FALSE;
+ }
+ $arr=explode('-',$date);
+
+ if ((count($arr)!=3)) {
+ return FALSE;
+ }
+ if (intval($arr[0])<=$year) {
+ return FALSE;
+ }
+ if (intval($arr[1])>12 or intval($arr[1])<=0) {
+ return FALSE;
+ }
+ if (intval($arr[2])>31 or intval($arr[2])<=0) {
+ return FALSE;
+ }
+
+ return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
+
+ }
+
+ /**
+ * check_date_difference()
+ * returns false if the date is larger then today + time diffrence
+ *
+ * @param mixed $date
+ * @param integer $diff
+ * @return
+ */
+ function check_date_difference($date, $diff=1){
+ return (strtotime($date)<=time()+$diff*86400);
+ }
diff --git a/includes/wot.inc.php b/includes/wot.inc.php
deleted file mode 100644
index 9471bee..0000000
--- a/includes/wot.inc.php
+++ /dev/null
@@ -1,640 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2011 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
-
- function query_init ($query)
- {
- return mysql_query($query);
- }
-
- function query_getnextrow ($res)
- {
- $row1 = mysql_fetch_assoc($res);
- return $row1;
- }
-
- function query_get_number_of_rows ($resultset)
- {
- return intval(mysql_num_rows($resultset));
- }
-
- function get_number_of_assurances ($userid)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
- $row = query_getnextrow($res);
-
- return intval($row['list']);
- }
-
- function get_number_of_ttpassurances ($userid)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
- $row = query_getnextrow($res);
-
- return intval($row['list']);
- }
-
- function get_number_of_assurees ($userid)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
- $row = query_getnextrow($res);
-
- return intval($row['list']);
- }
-
- function get_top_assurer_position ($no_of_assurances)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting'
- GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
- return intval(query_get_number_of_rows($res)+1);
- }
-
- function get_top_assuree_position ($no_of_assurees)
- {
- $res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting'
- GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
- return intval(query_get_number_of_rows($res)+1);
- }
-
- function get_given_assurances ($userid)
- {
- $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
- return $res;
- }
-
- function get_received_assurances ($userid)
- {
- $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
- return $res;
- }
-
- function get_given_assurances_summary ($userid)
- {
- $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
- return $res;
- }
-
- function get_received_assurances_summary ($userid)
- {
- $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
- return $res;
- }
-
- function get_user ($userid)
- {
- $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
- return mysql_fetch_assoc($res);
- }
-
- function get_cats_state ($userid)
- {
-
- $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
- WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
- return mysql_num_rows($res);
- }
-
- function calc_experience ($row,&$points,&$experience,&$sum_experience)
- {
- $apoints = max($row['points'], $row['awarded']);
-
- $points += $apoints;
-
- $experience = "&nbsp;";
- if ($row['method'] == "Face to Face Meeting")
- {
- $sum_experience = $sum_experience +2;
- $experience = "2";
- }
- return $apoints;
- }
-
- function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded)
- {
- $awarded = calc_points($row);
-
- if ($awarded > 100)
- {
- $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
- $awarded = 100;
- }
- else
- $experience = 0;
-
- switch ($row['method'])
- {
- case 'Thawte Points Transfer':
- case 'CT Magazine - Germany':
- case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
- $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
- $experience=0;
- break;
- default:
- $points += $awarded;
- }
- $sumexperience = $sumexperience + $experience;
- }
-
-
- function show_user_link ($name,$userid)
- {
- $name = trim($name);
- if($name == "")
- {
- if ($userid == 0)
- $name = _("System");
- else
- $name = _("Deleted account");
- }
- else
- $name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>$name</a>";
- return $name;
- }
-
- function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
- {
- $num_of_assurances = get_number_of_assurances (intval($userid));
- $rank_of_assurer = get_top_assurer_position($num_of_assurances);
- }
-
- function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
- {
- $num_of_assurees = get_number_of_assurees (intval($userid));
- $rank_of_assuree = get_top_assuree_position($num_of_assurees);
- }
-
-
-// ************* html table definitions ******************
-
- function output_ranking($userid)
- {
- get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
- get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
-
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="title"><?=_("Assurer Ranking")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
- </tr>
-</table>
-<br/>
-<?
- }
-
- function output_assurances_header($title)
- {
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="7" class="title"><?=$title?></td>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("ID")?></strong></td>
- <td class="DataTD"><strong><?=_("Date")?></strong></td>
- <td class="DataTD"><strong><?=_("Who")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Location")?></strong></td>
- <td class="DataTD"><strong><?=_("Method")?></strong></td>
- <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
- </tr>
-<?
- }
-
- function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience)
- {
-?>
- <tr>
- <td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD">&nbsp;</td>
- <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
- <td class="DataTD"><?=$sumexperience?></td>
- </tr>
-</table>
-<br/>
-<?
- }
-
- function output_assurances_row($assuranceid,$date,$when,$name,$awarded,$points,$location,$method,$experience)
- {
-
- $tdstyle="";
- $emopen="";
- $emclose="";
-
- if ($awarded == $points)
- {
- if ($awarded == "0")
- {
- if ($when < "2006-09-01")
- {
- $tdstyle="style='background-color: #ffff80'";
- $emopen="<em>";
- $emclose="</em>";
- }
- }
- }
-
-?>
- <tr>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
- </tr>
-<?
- }
-
- function output_summary_header()
- {
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
- </tr>
- <tr>
- <td class="DataTD"><strong><?=_("Description")?></strong></td>
- <td class="DataTD"><strong><?=_("Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
- <td class="DataTD"><strong><?=_("Remark")?></strong></td>
- </tr>
-<?
- }
-
- function output_summary_footer()
- {
-?>
-</table>
-<br/>
-<?
- }
-
- function output_summary_row($title,$points,$points_countable,$remark)
- {
-?>
- <tr>
- <td class="DataTD"><strong><?=$title?></strong></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD"><?=$points_countable?></td>
- <td class="DataTD"><?=$remark?></td>
- </tr>
-<?
- }
-
-
-// ************* output given assurances ******************
-
- function output_given_assurances_content($userid,&$points,&$sum_experience)
- {
- $points = 0;
- $sumexperience = 0;
- $res = get_given_assurances(intval($userid));
- while($row = mysql_fetch_assoc($res))
- {
- $fromuser = get_user (intval($row['to']));
- $apoints = calc_experience ($row,$points,$experience,$sum_experience);
- $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
- }
- }
-
-// ************* output received assurances ******************
-
- function output_received_assurances_content($userid,&$points,&$sum_experience)
- {
- $points = 0;
- $sumexperience = 0;
- $res = get_received_assurances(intval($userid));
- while($row = mysql_fetch_assoc($res))
- {
- $fromuser = get_user (intval($row['from']));
- calc_assurances ($row,$points,$experience,$sum_experience,$awarded);
- $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
- }
- }
-
-// ************* output summary table ******************
-
- function check_date_limit ($userid,$age)
- {
- $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
- $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
- return intval(query_get_number_of_rows($res));
- }
-
- function calc_points($row)
- {
- $awarded = intval($row['awarded']);
- if ($awarded == "")
- $awarded = 0;
- if (intval($row['points']) < $awarded)
- $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value
- else
- $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value
- switch ($row['method'])
- {
- case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
- case 'CT Magazine - Germany': // revoke c't (only one test-entry)
- case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
- $points = 0;
- break;
- case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
- if ($points <= 2) // maybe limit to 35/50 pts in the future?
- $points = 0;
- break;
- case 'Unknown': // to be revoked in the future? limit to max 50 pts?
- case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
- case 'TTP-Assisted': // TTP assurances, limit to 35
- case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
- case '': // to be revoked in the future? limit to max 50 pts?
- case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
- break;
- default: // should never happen ... ;-)
- $points = 0;
- }
- if ($points < 0) // ignore negative points (bug needs to be fixed)
- $points = 0;
- return $points;
- }
-
- function max_points($userid)
- {
- return output_summary_content ($userid,0);
- }
-
- function output_summary_content($userid,$display_output)
- {
- $sum_points = 0;
- $sum_experience = 0;
- $sum_experience_other = 0;
- $max_points = 100;
- $max_experience = 50;
-
- $experience_limit_reached_txt = _("Limit reached");
-
- if (check_date_limit($userid,18) != 1)
- {
- $max_experience = 10;
- $experience_limit_reached_txt = _("Limit given by PoJAM reached");
- }
- if (check_date_limit($userid,14) != 1)
- {
- $max_experience = 0;
- $experience_limit_reached_txt = _("Limit given by PoJAM reached");
- }
-
- $res = get_received_assurances_summary($userid);
- while($row = mysql_fetch_assoc($res))
- {
- $points = calc_points ($row);
-
- if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
- {
- $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
- $points = $max_points;
- }
- $sum_points += $points*intval($row['number']);
- }
-
- $res = get_given_assurances_summary($userid);
- while($row = mysql_fetch_assoc($res))
- {
- switch ($row['method'])
- {
- case 'Face to Face Meeting': // count Face to Face only
- $sum_experience += 2*intval($row['number']);
- break;
- }
-
- }
-
- if ($sum_points > $max_points)
- {
- $sum_points_countable = $max_points;
- $remark_points = _("Limit reached");
- }
- else
- {
- $sum_points_countable = $sum_points;
- $remark_points = "&nbsp;";
- }
- if ($sum_experience > $max_experience)
- {
- $sum_experience_countable = $max_experience;
- $remark_experience = $experience_limit_reached_txt;
- }
- else
- {
- $sum_experience_countable = $sum_experience;
- $remark_experience = "&nbsp;";
- }
-
- if ($sum_experience_countable + $sum_experience_other > $max_experience)
- {
- $sum_experience_other_countable = $max_experience-$sum_experience_countable;
- $remark_experience_other = $experience_limit_reached_txt;
- }
- else
- {
- $sum_experience_other_countable = $sum_experience_other;
- $remark_experience_other = "&nbsp;";
- }
-
- if ($sum_points_countable < $max_points)
- {
- if ($sum_experience_countable != 0)
- $remark_experience = _("Points on hold due to less assurance points");
- $sum_experience_countable = 0;
- if ($sum_experience_other_countable != 0)
- $remark_experience_other = _("Points on hold due to less assurance points");
- $sum_experience_other_countable = 0;
- }
-
- $issue_points = 0;
- $cats_test_passed = get_cats_state ($userid);
- if ($cats_test_passed == 0)
- {
- $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
- if ($sum_points_countable < $max_points)
- {
- $issue_points_txt = "<strong style='color: red'>";
- $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
- $issue_points_txt .= "</strong>";
- }
- }
- else
- {
- $experience_total = $sum_experience_countable+$sum_experience_other_countable;
- $issue_points_txt = "";
- if ($sum_points_countable == $max_points)
- $issue_points = 10;
- if ($experience_total >= 10)
- $issue_points = 15;
- if ($experience_total >= 20)
- $issue_points = 20;
- if ($experience_total >= 30)
- $issue_points = 25;
- if ($experience_total >= 40)
- $issue_points = 30;
- if ($experience_total >= 50)
- $issue_points = 35;
- if ($issue_points != 0)
- $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
- }
- if ($display_output)
- {
- output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
- output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
- output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
- output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
- }
- return $issue_points;
- }
-
- function output_given_assurances($userid)
- {
- output_assurances_header(_("Assurance Points You Issued"));
- output_given_assurances_content($userid,$points,$sum_experience);
- output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience);
- }
-
- function output_received_assurances($userid)
- {
- output_assurances_header(_("Your Assurance Points"));
- output_received_assurances_content($userid,$points,$sum_experience);
- output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience);
- }
-
- function output_summary($userid)
- {
- output_summary_header();
- output_summary_content($userid,1);
- output_summary_footer();
- }
-
- function output_end_of_page()
- {
-?>
- <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
-<?
- }
-
-// functions for 6.php (assure somebody)
-
-function AssureHead($confirmation,$checkname)
-{
-?>
-<form method="post" action="wot.php">
- <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
- <tr>
- <td colspan="2" class="title"><?=$confirmation?></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
- </tr>
-<?
- }
-
-function AssureTextLine($field1,$field2)
-{
-?>
- <tr>
- <td class="DataTD"><?=$field1?>:</td>
- <td class="DataTD"><?=$field2?></td>
- </tr>
-<?
-}
-
-function AssureCCABoxLine($type,$text)
-{
- return;
- AssureBoxLine($type,$text);
-}
-
-function AssureBoxLine($type,$text,$checked)
-{
-?>
- <tr>
- <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
- <td class="DataTD"><?=$text?></td>
- </tr>
-<?
-}
-
-function AssureMethodLine($text,$methods,$remark)
-{
- if (count($methods) != 1)
- {
-?>
- <tr>
- <td class="DataTD"><?=$text?></td>
- <td class="DataTD">
- <select name="method">
-<?
- foreach($methods as $val) { ?>
- <option value="<?=$val?>"> <?=$val?></option>
-
-<? } ?>
- </select>
- </br><?=$remark?>
- </td>
- </tr>
-<?
- } else {
-?>
- <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>">
-<?
- }
-}
-
-function AssureInboxLine($type,$field,$value,$description)
-{
-?>
- <tr>
- <td class="DataTD"><?=$field?>:</td>
- <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
- </tr>
-<?
-}
-
-function AssureFoot($oldid,$confirm)
-{?>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=$confirm?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
- </tr>
- </table>
- <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>">
- <input type="hidden" name="oldid" value="<?=$oldid?>">
-</form>
-<?
-}
-