summaryrefslogtreecommitdiff
path: root/pages/wot
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-12-04 18:26:23 +0100
committerMichael Tänzer <neo@nhng.de>2014-12-04 18:26:23 +0100
commitb0904b2bda37b292fa5d29d5d3b7ec64d100ad16 (patch)
treea10f5fb0dfefccc4bbf5890d02f273ef770ba4b6 /pages/wot
parentc7c4d077688807bcbec21e11d0aeb0af9ebfbd30 (diff)
downloadcacert-b0904b2bda37b292fa5d29d5d3b7ec64d100ad16.tar.gz
cacert-b0904b2bda37b292fa5d29d5d3b7ec64d100ad16.tar.xz
cacert-b0904b2bda37b292fa5d29d5d3b7ec64d100ad16.zip
Source code taken from cacert-20141124.tar.bz2HEADmaster
Diffstat (limited to 'pages/wot')
-rw-r--r--pages/wot/1.php22
-rw-r--r--pages/wot/10.php30
-rw-r--r--pages/wot/15.php2
-rw-r--r--pages/wot/5.php47
-rw-r--r--pages/wot/6.php15
-rw-r--r--pages/wot/9.php25
6 files changed, 92 insertions, 49 deletions
diff --git a/pages/wot/1.php b/pages/wot/1.php
index a45b5df..9047f27 100644
--- a/pages/wot/1.php
+++ b/pages/wot/1.php
@@ -14,9 +14,9 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
+*/
+
+ $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
$total1 =$res['summe'];
$locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
@@ -91,7 +91,7 @@
{
$query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and
`ccid`='".$ccid."' and `regid`='".$regid."' and
- `locid`='".$locid."' and `users`.`id`=`notary`.`to`
+ `locid`='".$locid."' and `users`.`id`=`notary`.`to` and `notary`.`deleted`=0
group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
$list = mysql_query($query);
if(mysql_num_rows($list) > 0)
@@ -104,19 +104,19 @@
<td class="title"><?=_("Contact Details")?></td>
<td class="title"><?=_("Email Assurer")?></td>
<td class="title"><?=_("Assurer Challenge")?></td>
-
</tr>
-<? while($row = mysql_fetch_assoc($list)) { ?>
+
+<? while($row = mysql_fetch_assoc($list)) { ?>
<tr>
- <td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td>
+ <td class="DataTD" width="100"><nobr><?=sanitizeHTML($row['fname'])?> <?=substr($row['lname'], 0, 1)?>.</nobr></td>
<td class="DataTD"><?=maxpoints($row['id'])?></td>
- <td class="DataTD"><?=$row['contactinfo']?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['contactinfo'])?></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td>
<td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td>
-
</tr>
-<? }
- }
+<?
+ }
+ }
?>
</table>
<br>
diff --git a/pages/wot/10.php b/pages/wot/10.php
index bc76a86..b5e146c 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -24,7 +24,7 @@
<td colspan="5" class="title"><?=_("Assurer Ranking")?></td>
</tr>
<tr>
-<?
+<?// the rank calculation is not adjusted to the new deletion method
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
@@ -36,8 +36,8 @@
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
*/
- $query = "SELECT count(*) AS `list` FROM `users`
- inner join `notary` on `users`.`id` = `notary`.`from`
+ $query = "SELECT count(*) AS `list` FROM `users`
+ inner join `notary` on `users`.`id` = `notary`.`from`
GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
$rank = mysql_num_rows(mysql_query($query)) + 1;
@@ -64,18 +64,18 @@
<td class="DataTD"><b><?=_("Method")?></b></td>
</tr>
<?
- $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
+ $query = "select `id`, `date`, `from`, `points`, `location`, `method` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'"));
+ $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'"));
?>
<tr>
- <td class="DataTD"><?=$row['id']?></td>
+ <td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=$row['date']?></td>
- <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
- <td class="DataTD"><?=$row['points']?></td>
- <td class="DataTD"><?=$row['location']?></td>
+ <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=sanitizeHTML(trim($fromuser['fname']." ".$fromuser['lname']))?></td>
+ <td class="DataTD"><?=intval($row['points'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
<td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td>
</tr>
<?
@@ -114,30 +114,30 @@ if ($thawte)
</tr>
<?
$points = 0;
- $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'";
+ $query = "select `id`, `date`, `points`, `to`, `location`, `method` from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."' and `deleted`=0" ;
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'"));
- $points += $row['points'];
+ $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'"));
+ $points += intval($row['points']);
$name = trim($fromuser['fname']." ".$fromuser['lname']);
if($name == "")
$name = _("Deleted before Verification");
else
- $name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>$name</a>";
+ $name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>".sanitizeHTML($name)."</a>";
?>
<tr>
<td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=$row['date']?></td>
<td class="DataTD"><?=$name?></td>
<td class="DataTD"><?=intval($row['points'])?></td>
- <td class="DataTD"><?=$row['location']?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
<td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="3"><b><?=_("Total Points Issued")?>:</b></td>
- <td class="DataTD"><?=$points?></td>
+ <td class="DataTD"><?=intval($points)?></td>
<td class="DataTD" colspan="2">&nbsp;</td>
</tr>
</table>
diff --git a/pages/wot/15.php b/pages/wot/15.php
index cca2702..c1f3e0f 100644
--- a/pages/wot/15.php
+++ b/pages/wot/15.php
@@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
+*/
require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
diff --git a/pages/wot/5.php b/pages/wot/5.php
index c1a6438..565dd6a 100644
--- a/pages/wot/5.php
+++ b/pages/wot/5.php
@@ -18,14 +18,24 @@
include_once("../includes/shutdown.php");
require_once("../includes/lib/l10n.php");
?>
-<?
- if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
+<?
+ if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
{
?><font color="orange" size="+1">
<? echo _("ERROR").": ".$_SESSION['_config']['error'] ?>
</font>
<?unset($_SESSION['_config']['error']);
- }
+ }
+
+ if (!isset($_SESSION['assuresomeone']['year'])) {
+ $_SESSION['assuresomeone']['year'] = 0;
+ }
+ if (!isset($_SESSION['assuresomeone']['month'])) {
+ $_SESSION['assuresomeone']['month'] = 0;
+ }
+ if (!isset($_SESSION['assuresomeone']['day'])) {
+ $_SESSION['assuresomeone']['day'] = 0;
+ }
?>
<? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>
<form method="post" action="wot.php">
@@ -60,6 +70,37 @@
<td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td>
<? } ?>
</tr>
+ <tr>
+ <td class="DataTD">
+ <?=_("Date of Birth")?><br/>
+ (<?=_("yyyy/mm/dd")?>)</td>
+ <td class="DataTD">
+ <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['year']) >= 1900 ? intval($_SESSION['assuresomeone']['year']):''?>" size="4" autocomplete="off"></nobr>
+ <select name="month">
+<?
+for($i = 1; $i <= 12; $i++)
+{
+ echo "<option value='$i'";
+ if(array_key_exists('month',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['month']) === $i)
+ echo " selected=\"selected\"";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
+}
+?>
+ </select>
+ <select name="day">
+<?
+for($i = 1; $i <= 31; $i++)
+{
+ echo "<option";
+ if(array_key_exists('day',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['day']) === $i)
+ echo " selected=\"selected\"";
+ echo ">$i</option>";
+}
+?>
+ </select>
+ </td>
+ </tr>
+
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
diff --git a/pages/wot/6.php b/pages/wot/6.php
index a565aa7..4094a18 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -24,6 +24,9 @@
}
$row = $_SESSION['_config']['notarise'];
+ $_SESSION['assuresomeone']['year'] = 0;
+ $_SESSION['assuresomeone']['month'] = 0;
+ $_SESSION['assuresomeone']['day'] = 0;
if($_SESSION['profile']['ttpadmin'] == 1)
// $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP");
@@ -47,10 +50,10 @@
'12' => _('December')
);
- $fname = $row['fname'];
- $mname = $row['mname'];
- $lname = $row['lname'];
- $suffix = $row['suffix'];
+ $fname = sanitizeHTML($row['fname']);
+ $mname = sanitizeHTML($row['mname']);
+ $lname = sanitizeHTML($row['lname']);
+ $suffix = sanitizeHTML($row['suffix']);
$dob = $row['dob'];
$dob_date = explode('-', $dob, 3);
@@ -74,8 +77,8 @@
AssureMethodLine(_("Method"),$methods,'');
AssureBoxLine("certify",sprintf(_("I certify that %s %s %s %s has appeared in person."), $fname, $mname, $lname, $suffix),array_key_exists('certify',$_POST) && $_POST['certify'] == 1);
AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname, $suffix),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1);
- AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"","");
- AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD)."));
+ AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['location']):"","");
+ AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['date']):date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD)."));
AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
diff --git a/pages/wot/9.php b/pages/wot/9.php
index bfa7a98..20f2c6d 100644
--- a/pages/wot/9.php
+++ b/pages/wot/9.php
@@ -15,9 +15,9 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-
+
require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
-
+
$res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
if(mysql_num_rows($res) <= 0)
@@ -26,11 +26,10 @@
} else {
$user = mysql_fetch_array($res);
- $userlang = $user['language'];
+ $userlang = L10n::normalise_translation($user['language']);
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
- where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
- if($points <= 0)
- {
+ where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0"));
+ if($points <= 0) {
echo _("Sorry, I was unable to locate that user.");
} else {
@@ -38,31 +37,31 @@
?>
<? if($_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?>
<form method="post" action="wot.php">
-<input type="hidden" name="userid" value="<?=$user['id']?>">
+<input type="hidden" name="userid" value="<?=intval($user['id'])?>">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Contact Assurer")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("To")?>:</td>
- <td class="DataTD" align="left"><?=$user['fname']?> <?=substr($user['lname'], 0, 1)?></td>
+ <td class="DataTD" align="left"><?=sanitizeHTML(trim($user['fname'].' '.substr($user['lname'], 0, 1)))?></td>
</tr>
<? if($userlang != "") { ?>
<tr>
<td class="DataTD"><?=_("Language")?>:</td>
- <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], L10n::$translations[$userlang]) ?></td>
+ <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), sanitizeHTML($user['fname']), L10n::$translations[$userlang]) ?></td>
</tr>
<? } ?>
<?
- $query = "select * from `addlang` where `userid`='".$user['id']."'";
+ $query = "select * from `addlang` where `userid`='".intval($user['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'"));
+ $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
- <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), $user['fname'], $lang['lang'], $lang['country']) ?></td>
+ <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), $lang['lang'], $lang['country']) ?></td>
</tr>
<? } ?>
<tr>
@@ -79,7 +78,7 @@
</table>
<input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>">
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
</form>
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<? } } ?>