diff options
author | Michael Tänzer <neo@nhng.de> | 2013-09-08 21:35:14 +0200 |
---|---|---|
committer | Michael Tänzer <neo@nhng.de> | 2013-09-08 21:35:14 +0200 |
commit | 9d4ec70dda220ab42c013de4313d26b3914ba668 (patch) | |
tree | b6879403ab958023da59c70447997b9af8e19adc /includes | |
parent | aea694d929d09db48b008eda40fc2a77ea086e8d (diff) | |
download | cacert-9d4ec70dda220ab42c013de4313d26b3914ba668.tar.gz cacert-9d4ec70dda220ab42c013de4313d26b3914ba668.tar.xz cacert-9d4ec70dda220ab42c013de4313d26b3914ba668.zip |
Source code taken from cacert-20130906.tar.bz2
Diffstat (limited to 'includes')
-rw-r--r-- | includes/account.php | 499 | ||||
-rw-r--r-- | includes/account_stuff.php | 6 | ||||
-rw-r--r-- | includes/notary.inc.php | 615 | ||||
-rw-r--r-- | includes/wot.inc.php | 640 |
4 files changed, 842 insertions, 918 deletions
diff --git a/includes/account.php b/includes/account.php index cc2c581..54373b0 100644 --- a/includes/account.php +++ b/includes/account.php @@ -17,7 +17,8 @@ */ require_once("../includes/loggedin.php"); require_once("../includes/lib/l10n.php"); - require_once('lib/check_weak_key.php'); + require_once("../includes/lib/check_weak_key.php"); + require_once("../includes/notary.inc.php"); loadem("account"); @@ -70,9 +71,7 @@ } $oldid=0; $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))); - $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + if(check_email_exists($_REQUEST['email'])==true) { showheader(_("My CAcert.org Account!")); printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email'])); @@ -160,17 +159,7 @@ { $row = mysql_fetch_assoc($res); echo $row['email']."<br>\n"; - $query = "select `emailcerts`.`id` - from `emaillink`,`emailcerts` where - `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and - `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 - group by `emailcerts`.`id`"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'"); - - $query = "update `email` set `deleted`=NOW() where `id`='$id'"; - mysql_query($query); + account_email_delete($row['id']); $delcount++; } } @@ -192,6 +181,14 @@ if($process != "" && $oldid == 3) { + if(!array_key_exists('CCA',$_REQUEST)) + { + showheader(_("My CAcert.org Account!")); + echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again."); + showfooter(); + exit; + } + if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1') { showheader(_("My CAcert.org Account!")); @@ -240,6 +237,11 @@ $_REQUEST['keytype'] = "MS"; $csr = clean_csr($_REQUEST['optionalCSR']); } + if(trim($_REQUEST['description']) != ""){ + $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); + }else{ + $_SESSION['_config']['description']= ""; + } } if($oldid == 4) @@ -316,6 +318,8 @@ exit; } + write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1); + $query = "insert into emailcerts set `CN`='$defaultemail', `keytype`='NS', @@ -323,7 +327,8 @@ `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `codesign`='".intval($_SESSION['_config']['codesign'])."', `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', - `rootcert`='".intval($_SESSION['_config']['rootcert'])."'"; + `rootcert`='".intval($_SESSION['_config']['rootcert'])."', + `description`='".$_SESSION['_config']['description']."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) @@ -334,15 +339,15 @@ fputs($fp, $emails); fclose($fp); $challenge=$_SESSION['spkac_hash']; - $res=`openssl spkac -verify -in $CSRname`; - if(!strstr($res,"Challenge String: ".$challenge)) - { - $id = $oldid; - showheader(_("My CAcert.org Account!")); - echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest."); - showfooter(); - exit; - } + $res=`openssl spkac -verify -in $CSRname`; + if(!strstr($res,"Challenge String: ".$challenge)) + { + $id = $oldid; + showheader(_("My CAcert.org Account!")); + echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest."); + showfooter(); + exit; + } mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'"); } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") { if($csr == "") @@ -367,8 +372,8 @@ $csrsubject=""; $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'")); - if(strlen($user['mname']) == 1) - $user['mname'] .= '.'; + if(strlen($user['mname']) == 1) + $user['mname'] .= '.'; if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4) $csrsubject = "/CN=CAcert WoT User"; if($_SESSION['_config']['incname'] == 1) @@ -423,7 +428,8 @@ `subject`='".mysql_real_escape_string($csrsubject)."', `codesign`='".$_SESSION['_config']['codesign']."', `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', - `rootcert`='".$_SESSION['_config']['rootcert']."'"; + `rootcert`='".$_SESSION['_config']['rootcert']."', + `description`='".$_SESSION['_config']['description']."'"; mysql_query($query); $emailid = mysql_insert_id(); if(is_array($addys)) @@ -457,10 +463,10 @@ csrf_check("adddomain"); if(strstr($_REQUEST['newdomain'],"\x00")) { - showheader(_("My CAcert.org Account!")); - echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes."); - showfooter(); - exit; + showheader(_("My CAcert.org Account!")); + echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes."); + showfooter(); + exit; } list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest @@ -622,32 +628,9 @@ { $row = mysql_fetch_assoc($res); echo $row['domain']."<br>\n"; - - $dres = mysql_query( - "select `domaincerts`.`id` - from `domaincerts` - where `domaincerts`.`domid` = '$id' - union distinct - select `domaincerts`.`id` - from `domaincerts`, `domlink` - where `domaincerts`.`id` = `domlink`.`certid` - and `domlink`.`domid` = '$id'"); - while($drow = mysql_fetch_assoc($dres)) - { - mysql_query( - "update `domaincerts` - set `revoked`='1970-01-01 10:00:01' - where `id` = '".$drow['id']."' - and `revoked` = 0 - and UNIX_TIMESTAMP(`expire`) - - UNIX_TIMESTAMP() > 0"); - } - - mysql_query( - "update `domains` - set `deleted`=NOW() - where `id` = '$id'"); + account_domain_delete($row['id']); } + } } else @@ -661,11 +644,19 @@ if($process != "" && $oldid == 10) { + if(!array_key_exists('CCA',$_REQUEST)) + { + showheader(_("My CAcert.org Account!")); + echo _("You did not accept the CAcert Community Agreement (CCA), hit the back button and try again."); + showfooter(); + exit; + } + $CSR = clean_csr($_REQUEST['CSR']); if(strpos($CSR,"---BEGIN")===FALSE) { - // In case the CSR is missing the ---BEGIN lines, add them automatically: - $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n"; + // In case the CSR is missing the ---BEGIN lines, add them automatically: + $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n"; } if (($weakKey = checkWeakKeyCSR($CSR)) !== "") @@ -676,6 +667,12 @@ exit; } + if(trim($_REQUEST['description']) != ""){ + $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); + }else{ + $_SESSION['_config']['description']= ""; + } + $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); @@ -742,7 +739,7 @@ $subject = ""; $count = 0; $supressSAN=0; - if($_SESSION["profile"]["id"] == 104074) $supressSAN=1; + if($_SESSION["profile"]["id"] == 104074) $supressSAN=1; if(is_array($_SESSION['_config']['rows'])) foreach($_SESSION['_config']['rows'] as $row) @@ -771,19 +768,23 @@ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; + write_user_agreement(intval($_SESSION['profile']['id']), "CCA", "certificate creation", "", 1); + if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0) { $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', - `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'"; + `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', + `description`='".$_SESSION['_config']['description']."'"; } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) { $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', - `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'"; + `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', + `description`='".$_SESSION['_config']['description']."'"; } else { showheader(_("My CAcert.org Account!")); echo _("Domain not verified."); @@ -865,7 +866,8 @@ `modified`=NOW(), `rootcert`='".$row['rootcert']."', `type`='".$row['type']."', - `pkhash`='".$row['pkhash']."'"; + `pkhash`='".$row['pkhash']."', + `description`='".$row['description']."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","server",$newid); @@ -1003,6 +1005,24 @@ exit; } + if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "") + { + showheader(_("My CAcert.org Account!")); + foreach($_REQUEST as $id => $val) + { + if(substr($id,0,14)=="check_comment_") + { + $cid = intval(substr($id,14)); + $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); + mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'"); + } + } + echo(_("Certificate settings have been changed.")."<br/>\n"); + showfooter(); + exit; + } + + if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "") { showheader(_("My CAcert.org Account!")); @@ -1041,7 +1061,8 @@ `modified`=NOW(), `disablelogin`='".$row['disablelogin']."', `codesign`='".$row['codesign']."', - `rootcert`='".$row['rootcert']."'"; + `rootcert`='".$row['rootcert']."', + `description`='".$row['description']."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","client",$newid); @@ -1140,26 +1161,47 @@ if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "") { - showheader(_("My CAcert.org Account!")); - //echo _("Now changing the settings for the following certificates:")."<br>\n"; - foreach($_REQUEST as $id => $val) - { - //echo $id."<br/>"; - if(substr($id,0,5)=="cert_") - { - $id = intval(substr($id,5)); - $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1"; - //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n"; - mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"); - //$row = mysql_fetch_assoc($res); - } - } - echo(_("Certificate settings have been changed.")."<br/>\n"); - showfooter(); - exit; + showheader(_("My CAcert.org Account!")); + foreach($_REQUEST as $id => $val) + { + if(substr($id,0,5)=="cert_") + { + $cid = intval(substr($id,5)); + $dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1"; + mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'"); + } + if(substr($id,0,14)=="check_comment_") + { + $cid = intval(substr($id,14)); + if(!empty($_REQUEST['check_comment_'.$cid])) { + $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); + mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'"); + } + } + } + echo(_("Certificate settings have been changed.")."<br/>\n"); + showfooter(); + exit; } + if($oldid == 6 && $_REQUEST['certid'] != "") + { + if(trim($_REQUEST['description']) != ""){ + $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); + }else{ + $description= ""; + } + + if(trim($_REQUEST['disablelogin']) == "1"){ + $disablelogin = 1; + }else{ + $disablelogin = 0; + } + + mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); + } + if($oldid == 13 && $process != "") { csrf_check("perschange"); @@ -1176,42 +1218,42 @@ $_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4'])))); $_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5'])))); - if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] || - $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] || - $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] || - $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] || - $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] || - $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] || - $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] || - $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] || - $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] || - $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] || - $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] || - $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] || - $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] || - $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] || - $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] || - $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] || - $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] || - $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] || - $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] || - $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] || - $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] || - $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] || - $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] || - $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] || - $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] || - $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] || - $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] || - $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] || - $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] || - $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] || - $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5']) - { - $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n"; - $id = $oldid; + if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] || + $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] || + $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] || + $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] || + $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] || + $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] || + $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] || + $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] || + $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] || + $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] || + $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] || + $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] || + $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] || + $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] || + $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] || + $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] || + $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] || + $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] || + $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] || + $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] || + $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] || + $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] || + $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] || + $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] || + $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] || + $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] || + $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] || + $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] || + $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] || + $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] || + $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5']) + { + $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n"; + $id = $oldid; $oldid=0; - } + } if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" || $_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" || @@ -1394,6 +1436,13 @@ } $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name']))); $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU']))); + + + if(trim($_REQUEST['description']) != ""){ + $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); + }else{ + $_SESSION['_config']['description']= ""; + } } if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0) @@ -1423,6 +1472,12 @@ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; + if(trim($_REQUEST['description']) != ""){ + $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); + }else{ + $_SESSION['_config']['description']= ""; + } + if(@count($_SESSION['_config']['emails']) > 0) $id = 17; } @@ -1469,6 +1524,7 @@ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; + $emails .= "SPKAC = $spkac"; if (($weakKey = checkWeakKeySPKAC($emails)) !== "") { @@ -1485,7 +1541,8 @@ `orgid`='".$org['orgid']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `codesign`='".$_SESSION['_config']['codesign']."', - `rootcert`='".$_SESSION['_config']['rootcert']."'"; + `rootcert`='".$_SESSION['_config']['rootcert']."', + `description`='".$_SESSION['_config']['description']."'"; mysql_query($query); $emailid = mysql_insert_id(); @@ -1497,15 +1554,15 @@ fputs($fp, $emails); fclose($fp); $challenge=$_SESSION['spkac_hash']; - $res=`openssl spkac -verify -in $CSRname`; - if(!strstr($res,"Challenge String: ".$challenge)) - { - $id = $oldid; - showheader(_("My CAcert.org Account!")); - echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest."); - showfooter(); - exit; - } + $res=`openssl spkac -verify -in $CSRname`; + if(!strstr($res,"Challenge String: ".$challenge)) + { + $id = $oldid; + showheader(_("My CAcert.org Account!")); + echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest."); + showfooter(); + exit; + } mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") { $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n"; @@ -1575,7 +1632,8 @@ `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `subject`='$csrsubject', `codesign`='".$_SESSION['_config']['codesign']."', - `rootcert`='".$_SESSION['_config']['rootcert']."'"; + `rootcert`='".$_SESSION['_config']['rootcert']."', + `description`='".$_SESSION['_config']['description']."'"; mysql_query($query); $emailid = mysql_insert_id(); @@ -1650,7 +1708,8 @@ `created`='".$row['created']."', `modified`=NOW(), `codesign`='".$row['codesign']."', - `rootcert`='".$row['rootcert']."'"; + `rootcert`='".$row['rootcert']."', + `description`='".$row['description']."'"; mysql_query($query); $newid = mysql_insert_id(); $newfile=generatecertpath("csr","orgclient",$newid); @@ -1742,6 +1801,24 @@ exit; } + if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "") + { + showheader(_("My CAcert.org Account!")); + foreach($_REQUEST as $id => $val) + { + if(substr($id,0,14)=="check_comment_") + { + $cid = intval(substr($id,14)); + $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); + mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'"); + } + } + echo(_("Certificate settings have been changed.")."<br/>\n"); + showfooter(); + exit; + } + + if($process != "" && $oldid == 20) { $CSR = clean_csr($_REQUEST['CSR']); @@ -1755,6 +1832,12 @@ exit; } + if(trim($_REQUEST['description']) != ""){ + $_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); + }else{ + $_SESSION['_config']['description']= ""; + } + $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); @@ -1830,8 +1913,8 @@ exit; } - if($_SESSION['_config']['rowid']['0'] > 0) - { + if($_SESSION['_config']['rowid']['0'] > 0) + { $query = "select * from `org`,`orginfo` where `orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and `orginfo`.`id`=`org`.`orgid` and @@ -1878,25 +1961,27 @@ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; - if($_SESSION['_config']['rowid']['0'] > 0) - { - $query = "insert into `orgdomaincerts` set - `CN`='".$_SESSION['_config']['rows']['0']."', - `orgid`='".$org['id']."', - `created`=NOW(), - `subject`='$csrsubject', - `rootcert`='".$_SESSION['_config']['rootcert']."', - `type`='$type'"; - } else { - $query = "insert into `orgdomaincerts` set - `CN`='".$_SESSION['_config']['altrows']['0']."', - `orgid`='".$org['id']."', - `created`=NOW(), - `subject`='$csrsubject', - `rootcert`='".$_SESSION['_config']['rootcert']."', - `type`='$type'"; - } - mysql_query($query); + if($_SESSION['_config']['rowid']['0'] > 0) + { + $query = "insert into `orgdomaincerts` set + `CN`='".$_SESSION['_config']['rows']['0']."', + `orgid`='".$org['id']."', + `created`=NOW(), + `subject`='$csrsubject', + `rootcert`='".$_SESSION['_config']['rootcert']."', + `type`='$type', + `description`='".$_SESSION['_config']['description']."'"; + } else { + $query = "insert into `orgdomaincerts` set + `CN`='".$_SESSION['_config']['altrows']['0']."', + `orgid`='".$org['id']."', + `created`=NOW(), + `subject`='$csrsubject', + `rootcert`='".$_SESSION['_config']['rootcert']."', + `type`='$type', + `description`='".$_SESSION['_config']['description']."'"; + } + mysql_query($query); $CSRid = mysql_insert_id(); $CSRname=generatecertpath("csr","orgserver",$CSRid); @@ -1970,7 +2055,8 @@ `modified`=NOW(), `subject`='".$row['subject']."', `type`='".$row['type']."', - `rootcert`='".$row['rootcert']."'"; + `rootcert`='".$row['rootcert']."', + `description`='".$row['description']."'"; mysql_query($query); $newid = mysql_insert_id(); //echo "NewID: $newid<br/>\n"; @@ -2071,6 +2157,24 @@ exit; } + if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "") + { + showheader(_("My CAcert.org Account!")); + foreach($_REQUEST as $id => $val) + { + if(substr($id,0,14)=="check_comment_") + { + $cid = intval(substr($id,14)); + $comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid]))); + mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'"); + } + } + echo(_("Certificate settings have been changed.")."<br/>\n"); + showfooter(); + exit; + } + + if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 || $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 || $id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) && @@ -2462,7 +2566,7 @@ } if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") || - ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" && + ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" && $_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add")) { $id = 53; @@ -2472,7 +2576,7 @@ $locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0); $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):""; $long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):""; - $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):""; + $lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):""; $action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:""; if($locid > 0 && $action == "edit") @@ -2580,6 +2684,13 @@ mysql_query($query); } + if($oldid == 43 && $_REQUEST['action'] == 'revokecert') + { + $userid = intval($_REQUEST['userid']); + revoke_all_private_cert($userid); + $id=43; + } + if($oldid == 48 && $_REQUEST['domain'] == "") { $id = $oldid; @@ -2730,24 +2841,24 @@ mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'"); } - if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0) - { - csrf_check('admsetassuret'); - $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']); - $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); - $ver = !$row['assurer']; - mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'"); - } - - if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0) - { - $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']); - $query = "select * from `users` where `id`='$memid'"; - $row = mysql_fetch_assoc(mysql_query($query)); - $ver = !$row['assurer_blocked']; - mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'"); - } + if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0) + { + csrf_check('admsetassuret'); + $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']); + $query = "select * from `users` where `id`='$memid'"; + $row = mysql_fetch_assoc(mysql_query($query)); + $ver = !$row['assurer']; + mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'"); + } + + if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0) + { + $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']); + $query = "select * from `users` where `id`='$memid'"; + $row = mysql_fetch_assoc(mysql_query($query)); + $ver = !$row['assurer_blocked']; + mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'"); + } if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0) { @@ -2876,23 +2987,39 @@ if($oldid == 50 && $process != "") { $_REQUEST['userid'] = intval($_REQUEST['userid']); - $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"); - if(mysql_num_rows($res) > 0) - { - $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01' - WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); + if (trim($_REQUEST['arbitrationno'])==""){ + showheader(_("My CAcert.org Account!")); + echo _("You did not enter an arbitration number entry."); + showfooter(); + exit; + } + if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) { + showheader(_("My CAcert.org Account!")); + printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno']))); + showfooter(); + exit; + } + if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) { + showheader(_("My CAcert.org Account!")); + printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org')); + showfooter(); + exit; + } + if (check_client_cert_running($_REQUEST['userid'],1) || + check_server_cert_running($_REQUEST['userid'],1) || + check_gpg_cert_running($_REQUEST['userid'],1)) { + showheader(_("My CAcert.org Account!")); + printf(_("The CCA retention time for at least one certificate is not over. Can't continue.")); + showfooter(); + exit; + } + if (check_is_orgadmin($_REQUEST['userid'],1)) { + showheader(_("My CAcert.org Account!")); + printf(_("The user is listed as Organisation Administrator. Can't continue.")); + showfooter(); + exit; } + account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']); } if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0) diff --git a/includes/account_stuff.php b/includes/account_stuff.php index b9544e0..dbebf6a 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -172,7 +172,7 @@ function hideall() { </div> <div class="relatedLinks"> <h3 class="pointer" onclick="explode('mydetails')">+ <?=_("My Details")?></h3> - <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><? + <ul class="menu" id="mydetails"><li><a href="account.php?id=13"><?=_("View/Edit")?></a></li><li><a href="account.php?id=14"><?=_("Change Password")?></a></li><li><a href="account.php?id=41"><?=_("Default Language")?></a></li><li><a href="wot.php?id=8"><?=_("My Listing")?></a></li><li><a href="wot.php?id=13"><?=_("My Location")?></a></li><li><a href="account.php?id=36"><?=_("My Alert Settings")?></a></li><li><a href="wot.php?id=10"><?=_("My Points")?></a></li><? if($_SESSION['profile']['id'] == 1 || $_SESSION['profile']['id'] == 5897) echo "<li><a href='sqldump.php'>SQL Dump</a></li>"; ?></ul> @@ -281,7 +281,7 @@ function hideall() { <div id="siteInfo"><a href="//wiki.cacert.org/FAQ/AboutUs"><?=_("About Us")?></a> | <a href="account.php?id=38"><?=_("Donations")?></a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated"><?=_("Association Membership")?></a> | <a href="/policy/PrivacyPolicy.html"><?=_("Privacy Policy")?></a> | <a href="account.php?id=40"><?=_("Contact Us")?></a> | ©2002-<?=date("Y")?> <?=_("by CAcert")?></div> -</div> -</body> +</div> +</body> </html><? } diff --git a/includes/notary.inc.php b/includes/notary.inc.php index d6f86a8..37a7ed0 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -41,6 +41,15 @@ return intval($row['list']); } + function get_number_of_ttpassurances ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' "); + $row = query_getnextrow($res); + + return intval($row['list']); + } + function get_number_of_assurees ($userid) { $res = query_init ("SELECT count(*) AS `list` FROM `notary` @@ -106,7 +115,7 @@ function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked) { - $apoints = max($row['points'],$row['awarded']); + $apoints = max($row['points'], $row['awarded']); $points += $apoints; $experience = " "; $revoked = false; # to be coded later (after DB-upgrade) @@ -192,15 +201,15 @@ ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td class="title"><?=_("Assurer Ranking")?></td> - </tr> - <tr> - <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td> - </tr> - <tr> - <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td> - </tr> + <tr> + <td class="title"><?=_("Assurer Ranking")?></td> + </tr> + <tr> + <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td> + </tr> + <tr> + <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td> + </tr> </table> <br/> <? @@ -210,65 +219,68 @@ { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> + <tr> <? if ($support == "1") { ?> - <td colspan="10" class="title"><?=$title?></td> + <td colspan="10" class="title"><?=$title?></td> <? } else { ?> - <td colspan="7" class="title"><?=$title?></td> -<? } + <td colspan="7" class="title"><?=$title?></td> +<? + } ?> - </tr> - <tr> - <td class="DataTD"><strong><?=_("ID")?></strong></td> - <td class="DataTD"><strong><?=_("Date")?></strong></td> + </tr> + <tr> + <td class="DataTD"><strong><?=_("ID")?></strong></td> + <td class="DataTD"><strong><?=_("Date")?></strong></td> <? if ($support == "1") { ?> - <td class="DataTD"><strong><?=_("When")?></strong></td> - <td class="DataTD"><strong><?=_("Email")?></strong></td> -<? } ?> - <td class="DataTD"><strong><?=_("Who")?></strong></td> - <td class="DataTD"><strong><?=_("Points")?></strong></td> - <td class="DataTD"><strong><?=_("Location")?></strong></td> - <td class="DataTD"><strong><?=_("Method")?></strong></td> - <td class="DataTD"><strong><?=_("Experience Points")?></strong></td> + <td class="DataTD"><strong><?=_("When")?></strong></td> + <td class="DataTD"><strong><?=_("Email")?></strong></td> +<? + } +?> + <td class="DataTD"><strong><?=_("Who")?></strong></td> + <td class="DataTD"><strong><?=_("Points")?></strong></td> + <td class="DataTD"><strong><?=_("Location")?></strong></td> + <td class="DataTD"><strong><?=_("Method")?></strong></td> + <td class="DataTD"><strong><?=_("Experience Points")?></strong></td> <? if ($support == "1") { ?> - <td class="DataTD"><strong><?=_("Revoke")?></strong></td> + <td class="DataTD"><strong><?=_("Revoke")?></strong></td> <? } ?> - </tr> + </tr> <? } function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support) { ?> - <tr> - <td class="DataTD" colspan="5"><strong><?=$points_txt?>:</strong></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD"> </td> - <td class="DataTD"><strong><?=$experience_txt?>:</strong></td> - <td class="DataTD"><?=$sumexperience?></td> + <tr> + <td<?=($support == "1")?' colspan="5"':' colspan="3"'?> class="DataTD"><strong><?=$points_txt?>:</strong></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD"> </td> + <td class="DataTD"><strong><?=$experience_txt?>:</strong></td> + <td class="DataTD"><?=$sumexperience?></td> <? if ($support == "1") { ?> - <td class="DataTD"> </td> + <td class="DataTD"> </td> <? } ?> - </tr> + </tr> </table> <br/> <? @@ -277,52 +289,54 @@ function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked) { - $tdstyle=""; - $emopen=""; - $emclose=""; + $tdstyle=""; + $emopen=""; + $emclose=""; - if ($awarded == $points) - { - if ($awarded == "0") + if ($awarded == $points) { - if ($when < "2006-09-01") + if ($awarded == "0") { - $tdstyle="style='background-color: #ffff80'"; - $emopen="<em>"; - $emclose="</em>"; + if ($when < "2006-09-01") + { + $tdstyle="style='background-color: #ffff80'"; + $emopen="<em>"; + $emclose="</em>"; + } } } - } ?> - <tr> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td> + <tr> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td> <? - if ($support == "1") - { + if ($support == "1") + { ?> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td> -<? } +<? + } ?> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td> <? - if ($support == "1") - { - if ($revoked == true) + if ($support == "1") { + if ($revoked == true) + { ?> - <td class="DataTD" <?=$tdstyle?>> </td> -<? } else { + <td class="DataTD" <?=$tdstyle?>> </td> +<? + } else { ?> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&userid=<?=intval($userid)?>&assurance=<?=intval($assuranceid)?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&userid=<?=intval($userid)?>&assurance=<?=intval($assuranceid)?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td> <? + } } - } ?> </tr> <? @@ -332,14 +346,14 @@ { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="4" class="title"><?=_("Summary of your Points")?></td> - </tr> - <tr> - <td class="DataTD"><strong><?=_("Description")?></strong></td> - <td class="DataTD"><strong><?=_("Points")?></strong></td> - <td class="DataTD"><strong><?=_("Countable Points")?></strong></td> - <td class="DataTD"><strong><?=_("Remark")?></strong></td> + <tr> + <td colspan="4" class="title"><?=_("Summary of your Points")?></td> + </tr> + <tr> + <td class="DataTD"><strong><?=_("Description")?></strong></td> + <td class="DataTD"><strong><?=_("Points")?></strong></td> + <td class="DataTD"><strong><?=_("Countable Points")?></strong></td> + <td class="DataTD"><strong><?=_("Remark")?></strong></td> </tr> <? } @@ -355,12 +369,12 @@ function output_summary_row($title,$points,$points_countable,$remark) { ?> - <tr> - <td class="DataTD"><strong><?=$title?></strong></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD"><?=$points_countable?></td> - <td class="DataTD"><?=$remark?></td> - </tr> + <tr> + <td class="DataTD"><strong><?=$title?></strong></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD"><?=$points_countable?></td> + <td class="DataTD"><?=$remark?></td> + </tr> <? } @@ -430,6 +444,8 @@ break; case 'Unknown': // to be revoked in the future? limit to max 50 pts? case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts? + case 'TTP-Assisted': // TTP assurances, limit to 35 + case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30 case '': // to be revoked in the future? limit to max 50 pts? case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future? break; @@ -575,14 +591,14 @@ return $issue_points; } - function output_given_assurances($userid,$support) + function output_given_assurances($userid,$support=0) { output_assurances_header(_("Assurance Points You Issued"),$support); output_given_assurances_content($userid,$points,$sum_experience,$support); output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support); } - function output_received_assurances($userid,$support) + function output_received_assurances($userid,$support=0) { output_assurances_header(_("Your Assurance Points"),$support); output_received_assurances_content($userid,$points,$sum_experience,$support); @@ -602,18 +618,30 @@ <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> <? } - + //functions to do with recording user agreements + /** + * write_user_agreement() + * writes a new record to the table user_agreement + * + * @param mixed $memid + * @param mixed $document + * @param mixed $method + * @param mixed $comment + * @param integer $active + * @param integer $secmemid + * @return + */ function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){ // write a new record to the table user_agreement - $query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid. - ",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ; + $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid). + ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ; $res = mysql_query($query); } - + function get_user_agreement_status($memid, $type="CCA"){ //returns 0 - no user agreement, 1- at least one entry - $query="SELECT u.`document` FROM `user_agreements` u + $query="SELECT u.`document` FROM `user_agreements` u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ; $res = mysql_query($query); if(mysql_num_rows($res) <=0){ @@ -650,8 +678,8 @@ function get_last_user_agreement($memid, $type="CCA"){ //returns an array (`document`,`date`,`method`, `comment`,`active`) $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1) - union - (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; + union + (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; $res = mysql_query($query); if(mysql_num_rows($res) >0){ $row = mysql_fetch_assoc($res); @@ -664,7 +692,7 @@ $rec=array(); } return $rec; -} + } function delete_user_agreement($memid, $type="CCA"){ //deletes all entries to an user for the given type of user agreements @@ -672,4 +700,413 @@ mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'"); } + // functions for 6.php (assure somebody) + + function AssureHead($confirmation,$checkname) + { +?> +<form method="post" action="wot.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600"> + <tr> + <td colspan="2" class="title"><?=$confirmation?></td> + </tr> + <tr> + <td class="DataTD" colspan="2" align="left"><?=$checkname?></td> + </tr> +<? + } + + function AssureTextLine($field1,$field2) + { +?> + <tr> + <td class="DataTD"><?=$field1.(empty($field1)?'':':')?>:</td> + <td class="DataTD"><?=$field2?></td> + </tr> +<? + } + + function AssureBoxLine($type,$text,$checked) + { +?> + <tr> + <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td> + <td class="DataTD"><?=$text?></td> + </tr> +<? + } + + function AssureMethodLine($text,$methods,$remark) + { + if (count($methods) != 1) { +?> + <tr> + <td class="DataTD"><?=$text.(empty($text)?'':':')?></td> + <td class="DataTD"> + <select name="method"> +<? + foreach($methods as $val) { +?> + <option value="<?=$val?>"><?=$val?></option> +<? + } +?> + </select> + <br /> + <?=$remark?> + </td> + </tr> +<? + } else { +?> + <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" /> +<? + } + } + + function AssureInboxLine($type,$field,$value,$description) + { +?> + <tr> + <td class="DataTD"><?=$field.(empty($field)?'':':')?>:</td> + <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td> + </tr> +<? + } + + function AssureFoot($oldid,$confirm) + { ?> + <tr> + <td class="DataTD" colspan="2"> + <input type="submit" name="process" value="<?=$confirm?>" /> + <input type="submit" name="cancel" value="<?=_("Cancel")?>" /> + </td> + </tr> +</table> +<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" /> +<input type="hidden" name="oldid" value="<?=$oldid?>" /> +</form> +<? + } + + function account_email_delete($mailid){ + //deletes an email entry from an acount + //revolkes all certifcates for that email address + //called from www/account.php if($process != "" && $oldid == 2) + //called from www/diputes.php if($type == "reallyemail") / if($action == "accept") + //called from account_delete + $mailid = intval($mailid); + revoke_all_client_cert($mailid); + $query = "update `email` set `deleted`=NOW() where `id`='$mailid'"; + mysql_query($query); + } + + function account_domain_delete($domainid){ + //deletes an domain entry from an acount + //revolkes all certifcates for that domain address + //called from www/account.php if($process != "" && $oldid == 9) + //called from www/diputes.php if($type == "reallydomain") / if($action == "accept") + //called from account_delete + $domainid = intval($domainid); + revoke_all_server_cert($domainid); + mysql_query( + "update `domains` + set `deleted`=NOW() + where `id` = '$domainid'"); + } + + function account_delete($id, $arbno, $adminid){ + //deletes an account following the deleted account routnie V3 + // called from www/account.php if($oldid == 50 && $process != "") + //change password + $id = intval($id); + $arbno = mysql_real_escape_string($arbno); + $adminid = intval($adminid); + $pool = 'abcdefghijklmnopqrstuvwxyz'; + $pool .= '0123456789!()§'; + $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; + srand ((double)microtime()*1000000); + $password=""; + for($index = 0; $index < 30; $index++) + { + $password .= substr($pool,(rand()%(strlen ($pool))), 1); + } + mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'"); + + //create new mail for arbitration number + $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1"; + mysql_query($query); + $emailid = mysql_insert_id(); + + //set new mail as default + $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'"; + mysql_query($query); + + //delete all other email address + $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + account_email_delete($row['id']); + } + + //delete all domains + $query = "select `id` from `domains` where `memid`='".$id."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + account_domain_delete($row['id']); + } + + //clear alert settings + mysql_query( + "update `alerts` set + `general`='0', + `country`='0', + `regional`='0', + `radius`='0' + where `memid`='$id'"); + + //set default location + $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'"; + mysql_query($query); + + //clear listings + $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'"; + mysql_query($query); + + //set lanuage to default + //set default language + mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'"); + //delete secondary langugaes + mysql_query("delete from `addlang` where `userid`='".$id."'"); + + //change secret questions + for($i=1;$i<=5;$i++){ + $q=""; + $a=""; + for($index = 0; $index < 30; $index++) + { + $q .= substr($pool,(rand()%(strlen ($pool))), 1); + $a .= substr($pool,(rand()%(strlen ($pool))), 1); + } + $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'"; + mysql_query($query); + } + + //change personal information to arbitration number and DOB=1900-01-01 + $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'"; + $details = mysql_fetch_assoc(mysql_query($query)); + $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}', + `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'"; + mysql_query($query); + $query = "update `users` set `fname`='".$arbno."', + `mname`='".$arbno."', + `lname`='".$arbno."', + `suffix`='".$arbno."', + `dob`='1900-01-01' + where `id`='".$id."'"; + mysql_query($query); + + //clear all admin and board flags + mysql_query( + "update `users` set + `assurer`='0', + `assurer_blocked`='0', + `codesign`='0', + `orgadmin`='0', + `ttpadmin`='0', + `locadmin`='0', + `admin`='0', + `adadmin`='0', + `tverify`='0', + `board`='0' + where `id`='$id'"); + + //block account + mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now() + } + + + function check_email_exists($email){ + // called from includes/account.php if($process != "" && $oldid == 1) + // called from includes/account.php if($oldid == 50 && $process != "") + $email = mysql_real_escape_string($email); + $query = "select 1 from `email` where `email`='$email' and `deleted`=0"; + $res = mysql_query($query); + return mysql_num_rows($res) > 0; + } + + function check_gpg_cert_running($uid,$cca=0){ + //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + if (0==$cca) { + $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()"; + }else{ + $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)"; + } + $res = mysql_query($query); + return mysql_num_rows($res) > 0; + } + + function check_client_cert_running($uid,$cca=0){ + //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + if (0==$cca) { + $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`"; + $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()"; + }else{ + $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`"; + $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)"; + } + $res = mysql_query($query1); + $r1 = mysql_num_rows($res)>0; + $res = mysql_query($query2); + $r2 = mysql_num_rows($res)>0; + return !!($r1 || $r2); + } + + function check_server_cert_running($uid,$cca=0){ + //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + if (0==$cca) { + $query1 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `domaincerts`.`expire` > NOW() + and `domaincerts`.`revoked` < `domaincerts`.`created`"; + $query2 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `revoked`>NOW()"; + }else{ + $query1 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `expire`>(NOW()-90*86400) + and `revoked`<`created`"; + $query2 = " + select 1 from `domaincerts` join `domains` + on `domaincerts`.`domid` = `domains`.`id` + where `domains`.`memid` = '$uid' + and `revoked`>(NOW()-90*86400)"; + } + $res = mysql_query($query1); + $r1 = mysql_num_rows($res)>0; + $res = mysql_query($query2); + $r2 = mysql_num_rows($res)>0; + return !!($r1 || $r2); + } + + function check_is_orgadmin($uid){ + // called from includes/account.php if($oldid == 50 && $process != "") + $uid = intval($uid); + $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0"; + $res = mysql_query($query); + return mysql_num_rows($res) > 0; + } + + + // revokation of certificates + function revoke_all_client_cert($mailid){ + //revokes all client certificates for an email address + $mailid = intval($mailid); + $query = "select `emailcerts`.`id` + from `emaillink`,`emailcerts` where + `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0 + group by `emailcerts`.`id`"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)){ + mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'"); + } + } + + function revoke_all_server_cert($domainid){ + //revokes all server certs for an domain + $domainid = intval($domainid); + $query = + "select `domaincerts`.`id` + from `domaincerts` + where `domaincerts`.`domid` = '$domainid' + union distinct + select `domaincerts`.`id` + from `domaincerts`, `domlink` + where `domaincerts`.`id` = `domlink`.`certid` + and `domlink`.`domid` = '$domainid'"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)) + { + mysql_query( + "update `domaincerts` + set `revoked`='1970-01-01 10:00:01' + where `id` = '".$drow['id']."' + and `revoked` = 0"); + } + } + + function revoke_all_private_cert($uid){ + //revokes all certificates linked to a personal accounts + //gpg revokation needs to be added to a later point + $uid=intval($uid); + $query = "select `id` from `email` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_client_cert($row['id']); + } + + + $query = "select `id` from `domains` where `memid`='".$uid."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){ + revoke_all_server_cert($row['id']); + } + } + + /** + * check_date_format() + * checks if the date is entered in the right date format YYYY-MM-DD and + * if the date is after the 1st January of the given year + * + * @param mixed $date + * @param integer $year + * @return + */ + function check_date_format($date, $year=2000){ + if (!strpos($date,'-')) { + return FALSE; + } + $arr=explode('-',$date); + + if ((count($arr)!=3)) { + return FALSE; + } + if (intval($arr[0])<=$year) { + return FALSE; + } + if (intval($arr[1])>12 or intval($arr[1])<=0) { + return FALSE; + } + if (intval($arr[2])>31 or intval($arr[2])<=0) { + return FALSE; + } + + return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0])); + + } + + /** + * check_date_difference() + * returns false if the date is larger then today + time diffrence + * + * @param mixed $date + * @param integer $diff + * @return + */ + function check_date_difference($date, $diff=1){ + return (strtotime($date)<=time()+$diff*86400); + } diff --git a/includes/wot.inc.php b/includes/wot.inc.php deleted file mode 100644 index 9471bee..0000000 --- a/includes/wot.inc.php +++ /dev/null @@ -1,640 +0,0 @@ -<? /* - LibreSSL - CAcert web application - Copyright (C) 2004-2011 CAcert Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - - function query_init ($query) - { - return mysql_query($query); - } - - function query_getnextrow ($res) - { - $row1 = mysql_fetch_assoc($res); - return $row1; - } - - function query_get_number_of_rows ($resultset) - { - return intval(mysql_num_rows($resultset)); - } - - function get_number_of_assurances ($userid) - { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' "); - $row = query_getnextrow($res); - - return intval($row['list']); - } - - function get_number_of_ttpassurances ($userid) - { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' "); - $row = query_getnextrow($res); - - return intval($row['list']); - } - - function get_number_of_assurees ($userid) - { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' "); - $row = query_getnextrow($res); - - return intval($row['list']); - } - - function get_top_assurer_position ($no_of_assurances) - { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' - GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'"); - return intval(query_get_number_of_rows($res)+1); - } - - function get_top_assuree_position ($no_of_assurees) - { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' - GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'"); - return intval(query_get_number_of_rows($res)+1); - } - - function get_given_assurances ($userid) - { - $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc"); - return $res; - } - - function get_received_assurances ($userid) - { - $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc "); - return $res; - } - - function get_given_assurances_summary ($userid) - { - $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method"); - return $res; - } - - function get_received_assurances_summary ($userid) - { - $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method"); - return $res; - } - - function get_user ($userid) - { - $res = query_init ("select * from `users` where `id`='".intval($userid)."'"); - return mysql_fetch_assoc($res); - } - - function get_cats_state ($userid) - { - - $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1 - WHERE `cats_passed`.`user_id` = '".intval($userid)."'"); - return mysql_num_rows($res); - } - - function calc_experience ($row,&$points,&$experience,&$sum_experience) - { - $apoints = max($row['points'], $row['awarded']); - - $points += $apoints; - - $experience = " "; - if ($row['method'] == "Face to Face Meeting") - { - $sum_experience = $sum_experience +2; - $experience = "2"; - } - return $apoints; - } - - function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded) - { - $awarded = calc_points($row); - - if ($awarded > 100) - { - $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100) - $awarded = 100; - } - else - $experience = 0; - - switch ($row['method']) - { - case 'Thawte Points Transfer': - case 'CT Magazine - Germany': - case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented - $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked")); - $experience=0; - break; - default: - $points += $awarded; - } - $sumexperience = $sumexperience + $experience; - } - - - function show_user_link ($name,$userid) - { - $name = trim($name); - if($name == "") - { - if ($userid == 0) - $name = _("System"); - else - $name = _("Deleted account"); - } - else - $name = "<a href='wot.php?id=9&userid=".intval($userid)."'>$name</a>"; - return $name; - } - - function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer) - { - $num_of_assurances = get_number_of_assurances (intval($userid)); - $rank_of_assurer = get_top_assurer_position($num_of_assurances); - } - - function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree) - { - $num_of_assurees = get_number_of_assurees (intval($userid)); - $rank_of_assuree = get_top_assuree_position($num_of_assurees); - } - - -// ************* html table definitions ****************** - - function output_ranking($userid) - { - get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer); - get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree); - -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td class="title"><?=_("Assurer Ranking")?></td> - </tr> - <tr> - <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td> - </tr> - <tr> - <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td> - </tr> -</table> -<br/> -<? - } - - function output_assurances_header($title) - { -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="7" class="title"><?=$title?></td> - </tr> - <tr> - <td class="DataTD"><strong><?=_("ID")?></strong></td> - <td class="DataTD"><strong><?=_("Date")?></strong></td> - <td class="DataTD"><strong><?=_("Who")?></strong></td> - <td class="DataTD"><strong><?=_("Points")?></strong></td> - <td class="DataTD"><strong><?=_("Location")?></strong></td> - <td class="DataTD"><strong><?=_("Method")?></strong></td> - <td class="DataTD"><strong><?=_("Experience Points")?></strong></td> - </tr> -<? - } - - function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience) - { -?> - <tr> - <td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD"> </td> - <td class="DataTD"><strong><?=$experience_txt?>:</strong></td> - <td class="DataTD"><?=$sumexperience?></td> - </tr> -</table> -<br/> -<? - } - - function output_assurances_row($assuranceid,$date,$when,$name,$awarded,$points,$location,$method,$experience) - { - - $tdstyle=""; - $emopen=""; - $emclose=""; - - if ($awarded == $points) - { - if ($awarded == "0") - { - if ($when < "2006-09-01") - { - $tdstyle="style='background-color: #ffff80'"; - $emopen="<em>"; - $emclose="</em>"; - } - } - } - -?> - <tr> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td> - </tr> -<? - } - - function output_summary_header() - { -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="4" class="title"><?=_("Summary of your Points")?></td> - </tr> - <tr> - <td class="DataTD"><strong><?=_("Description")?></strong></td> - <td class="DataTD"><strong><?=_("Points")?></strong></td> - <td class="DataTD"><strong><?=_("Countable Points")?></strong></td> - <td class="DataTD"><strong><?=_("Remark")?></strong></td> - </tr> -<? - } - - function output_summary_footer() - { -?> -</table> -<br/> -<? - } - - function output_summary_row($title,$points,$points_countable,$remark) - { -?> - <tr> - <td class="DataTD"><strong><?=$title?></strong></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD"><?=$points_countable?></td> - <td class="DataTD"><?=$remark?></td> - </tr> -<? - } - - -// ************* output given assurances ****************** - - function output_given_assurances_content($userid,&$points,&$sum_experience) - { - $points = 0; - $sumexperience = 0; - $res = get_given_assurances(intval($userid)); - while($row = mysql_fetch_assoc($res)) - { - $fromuser = get_user (intval($row['to'])); - $apoints = calc_experience ($row,$points,$experience,$sum_experience); - $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to'])); - output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); - } - } - -// ************* output received assurances ****************** - - function output_received_assurances_content($userid,&$points,&$sum_experience) - { - $points = 0; - $sumexperience = 0; - $res = get_received_assurances(intval($userid)); - while($row = mysql_fetch_assoc($res)) - { - $fromuser = get_user (intval($row['from'])); - calc_assurances ($row,$points,$experience,$sum_experience,$awarded); - $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from'])); - output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience); - } - } - -// ************* output summary table ****************** - - function check_date_limit ($userid,$age) - { - $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age)); - $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'"); - return intval(query_get_number_of_rows($res)); - } - - function calc_points($row) - { - $awarded = intval($row['awarded']); - if ($awarded == "") - $awarded = 0; - if (intval($row['points']) < $awarded) - $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value - else - $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value - switch ($row['method']) - { - case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration) - case 'CT Magazine - Germany': // revoke c't (only one test-entry) - case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented) - $points = 0; - break; - case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation) - if ($points <= 2) // maybe limit to 35/50 pts in the future? - $points = 0; - break; - case 'Unknown': // to be revoked in the future? limit to max 50 pts? - case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts? - case 'TTP-Assisted': // TTP assurances, limit to 35 - case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30 - case '': // to be revoked in the future? limit to max 50 pts? - case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future? - break; - default: // should never happen ... ;-) - $points = 0; - } - if ($points < 0) // ignore negative points (bug needs to be fixed) - $points = 0; - return $points; - } - - function max_points($userid) - { - return output_summary_content ($userid,0); - } - - function output_summary_content($userid,$display_output) - { - $sum_points = 0; - $sum_experience = 0; - $sum_experience_other = 0; - $max_points = 100; - $max_experience = 50; - - $experience_limit_reached_txt = _("Limit reached"); - - if (check_date_limit($userid,18) != 1) - { - $max_experience = 10; - $experience_limit_reached_txt = _("Limit given by PoJAM reached"); - } - if (check_date_limit($userid,14) != 1) - { - $max_experience = 0; - $experience_limit_reached_txt = _("Limit given by PoJAM reached"); - } - - $res = get_received_assurances_summary($userid); - while($row = mysql_fetch_assoc($res)) - { - $points = calc_points ($row); - - if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed) - { - $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']); - $points = $max_points; - } - $sum_points += $points*intval($row['number']); - } - - $res = get_given_assurances_summary($userid); - while($row = mysql_fetch_assoc($res)) - { - switch ($row['method']) - { - case 'Face to Face Meeting': // count Face to Face only - $sum_experience += 2*intval($row['number']); - break; - } - - } - - if ($sum_points > $max_points) - { - $sum_points_countable = $max_points; - $remark_points = _("Limit reached"); - } - else - { - $sum_points_countable = $sum_points; - $remark_points = " "; - } - if ($sum_experience > $max_experience) - { - $sum_experience_countable = $max_experience; - $remark_experience = $experience_limit_reached_txt; - } - else - { - $sum_experience_countable = $sum_experience; - $remark_experience = " "; - } - - if ($sum_experience_countable + $sum_experience_other > $max_experience) - { - $sum_experience_other_countable = $max_experience-$sum_experience_countable; - $remark_experience_other = $experience_limit_reached_txt; - } - else - { - $sum_experience_other_countable = $sum_experience_other; - $remark_experience_other = " "; - } - - if ($sum_points_countable < $max_points) - { - if ($sum_experience_countable != 0) - $remark_experience = _("Points on hold due to less assurance points"); - $sum_experience_countable = 0; - if ($sum_experience_other_countable != 0) - $remark_experience_other = _("Points on hold due to less assurance points"); - $sum_experience_other_countable = 0; - } - - $issue_points = 0; - $cats_test_passed = get_cats_state ($userid); - if ($cats_test_passed == 0) - { - $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>"; - if ($sum_points_countable < $max_points) - { - $issue_points_txt = "<strong style='color: red'>"; - $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points)); - $issue_points_txt .= "</strong>"; - } - } - else - { - $experience_total = $sum_experience_countable+$sum_experience_other_countable; - $issue_points_txt = ""; - if ($sum_points_countable == $max_points) - $issue_points = 10; - if ($experience_total >= 10) - $issue_points = 15; - if ($experience_total >= 20) - $issue_points = 20; - if ($experience_total >= 30) - $issue_points = 25; - if ($experience_total >= 40) - $issue_points = 30; - if ($experience_total >= 50) - $issue_points = 35; - if ($issue_points != 0) - $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points); - } - if ($display_output) - { - output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points); - output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience); - output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other); - output_summary_row (_("Total Points")," ",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt); - } - return $issue_points; - } - - function output_given_assurances($userid) - { - output_assurances_header(_("Assurance Points You Issued")); - output_given_assurances_content($userid,$points,$sum_experience); - output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience); - } - - function output_received_assurances($userid) - { - output_assurances_header(_("Your Assurance Points")); - output_received_assurances_content($userid,$points,$sum_experience); - output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience); - } - - function output_summary($userid) - { - output_summary_header(); - output_summary_content($userid,1); - output_summary_footer(); - } - - function output_end_of_page() - { -?> - <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> -<? - } - -// functions for 6.php (assure somebody) - -function AssureHead($confirmation,$checkname) -{ -?> -<form method="post" action="wot.php"> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600"> - <tr> - <td colspan="2" class="title"><?=$confirmation?></td> - </tr> - <tr> - <td class="DataTD" colspan="2" align="left"><?=$checkname?></td> - </tr> -<? - } - -function AssureTextLine($field1,$field2) -{ -?> - <tr> - <td class="DataTD"><?=$field1?>:</td> - <td class="DataTD"><?=$field2?></td> - </tr> -<? -} - -function AssureCCABoxLine($type,$text) -{ - return; - AssureBoxLine($type,$text); -} - -function AssureBoxLine($type,$text,$checked) -{ -?> - <tr> - <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td> - <td class="DataTD"><?=$text?></td> - </tr> -<? -} - -function AssureMethodLine($text,$methods,$remark) -{ - if (count($methods) != 1) - { -?> - <tr> - <td class="DataTD"><?=$text?></td> - <td class="DataTD"> - <select name="method"> -<? - foreach($methods as $val) { ?> - <option value="<?=$val?>"> <?=$val?></option> - -<? } ?> - </select> - </br><?=$remark?> - </td> - </tr> -<? - } else { -?> - <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>"> -<? - } -} - -function AssureInboxLine($type,$field,$value,$description) -{ -?> - <tr> - <td class="DataTD"><?=$field?>:</td> - <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td> - </tr> -<? -} - -function AssureFoot($oldid,$confirm) -{?> - <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=$confirm?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td> - </tr> - </table> - <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>"> - <input type="hidden" name="oldid" value="<?=$oldid?>"> -</form> -<? -} - |