diff options
| author | Michael Tänzer <neo@nhng.de> | 2013-09-08 21:35:14 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2013-09-08 21:35:14 +0200 |
| commit | 9d4ec70dda220ab42c013de4313d26b3914ba668 (patch) | |
| tree | b6879403ab958023da59c70447997b9af8e19adc /pages | |
| parent | aea694d929d09db48b008eda40fc2a77ea086e8d (diff) | |
| download | cacert-9d4ec70dda220ab42c013de4313d26b3914ba668.tar.gz cacert-9d4ec70dda220ab42c013de4313d26b3914ba668.tar.xz cacert-9d4ec70dda220ab42c013de4313d26b3914ba668.zip | |
Source code taken from cacert-20130906.tar.bz2
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/account/10.php | 14 | ||||
| -rw-r--r-- | pages/account/12.php | 36 | ||||
| -rw-r--r-- | pages/account/13.php | 82 | ||||
| -rw-r--r-- | pages/account/16.php | 20 | ||||
| -rw-r--r-- | pages/account/18.php | 20 | ||||
| -rw-r--r-- | pages/account/20.php | 14 | ||||
| -rw-r--r-- | pages/account/22.php | 27 | ||||
| -rw-r--r-- | pages/account/3.php | 68 | ||||
| -rw-r--r-- | pages/account/43.php | 21 | ||||
| -rw-r--r-- | pages/account/5.php | 39 | ||||
| -rw-r--r-- | pages/account/50.php | 6 | ||||
| -rw-r--r-- | pages/account/6.php | 266 | ||||
| -rw-r--r-- | pages/account/8.php | 4 | ||||
| -rw-r--r-- | pages/gpg/0.php | 10 | ||||
| -rw-r--r-- | pages/gpg/2.php | 24 | ||||
| -rw-r--r-- | pages/index/21.php | 39 | ||||
| -rw-r--r-- | pages/wot/15.php | 2 | ||||
| -rw-r--r-- | pages/wot/4.php | 2 | ||||
| -rw-r--r-- | pages/wot/6.php | 16 |
19 files changed, 435 insertions, 275 deletions
diff --git a/pages/account/10.php b/pages/account/10.php index a394695..6371f76 100644 --- a/pages/account/10.php +++ b/pages/account/10.php @@ -31,12 +31,16 @@ <form method="post" action="account.php"> <? if($_SESSION['profile']['points'] >= 50) { ?> -<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br> -<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br> +<input type="radio" name="rootcert" value="1"/> <?=_("Sign by class 1 root certificate")?><br /> +<input type="radio" name="rootcert" value="2" checked/> <?=_("Sign by class 3 root certificate")?><br /> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <? } ?> +<p><?=_("Optional comment, only used in the certifictate overview")?><br> + <input type="text" name="description" maxlength="80" size=80/></p> <p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p> -<textarea name="CSR" cols="80" rows="15"></textarea><br> -<input type="submit" name="process" value="<?=_("Submit")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> +<textarea name="CSR" cols="80" rows="15"></textarea><br /> +<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please Note: You need to accept the CCA to proceed.")?></p> +<input type="submit" name="process" value="<?=_("Submit")?>" /> +<input type="hidden" name="oldid" value="<?=$id?>" /> </form> diff --git a/pages/account/12.php b/pages/account/12.php index fa8b41a..6d85cdc 100644 --- a/pages/account/12.php +++ b/pages/account/12.php @@ -19,22 +19,24 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> - <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> + <td colspan="2" class="DataTD"><?=_("Comment *")?></td> </tr> <? $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`, UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`, `domaincerts`.`expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id` + UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`, + `domaincerts`.`description` from `domaincerts`,`domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` "; if($viewall != 1) @@ -49,7 +51,7 @@ { ?> <tr> - <td colspan="6" class="DataTD"><?=_("No certificates are currently listed.")?></td> + <td colspan="8" class="DataTD"><?=_("No certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -62,33 +64,41 @@ $verified = _("Pending"); if($row['revoked'] > 0) $verified = _("Revoked"); - if($row['revoked'] == 0) - $row['revoke'] = _("Not Revoked"); + if($row['revoked'] == 0) + $row['revoke'] = _("Not Revoked"); ?> <tr> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td> <? } else if($verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td> <? } else { ?> <td class="DataTD"> </td> <? } ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=15&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> + <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     + <td class="DataTD" colspan="8"> + <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?> + </td> + </tr> + <tr> + <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>"/>     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> + <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"/> </td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="6"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td> + <td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td> </tr> </table> -<input type="hidden" name="oldid" value="<?=$id?>"> -<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" /> +<input type="hidden" name="oldid" value="<?=$id?>"/> +<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/> </form> diff --git a/pages/account/13.php b/pages/account/13.php index c2b7cc5..1c1cfc6 100644 --- a/pages/account/13.php +++ b/pages/account/13.php @@ -16,30 +16,33 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? - $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0"; - $res = mysql_query($query); - $user = mysql_fetch_assoc($res); + $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0"; + $res = mysql_query($query); + $user = mysql_fetch_assoc($res); - $year = intval(substr($user['dob'], 0, 4)); - $month = intval(substr($user['dob'], 5, 2)); - $day = intval(substr($user['dob'], 8, 2)); + $year = intval(substr($user['dob'], 0, 4)); + $month = intval(substr($user['dob'], 5, 2)); + $day = intval(substr($user['dob'], 8, 2)); + $showdetails = array_key_exists('showdetails', $_REQUEST) && !!intval($_REQUEST['showdetails']); + if($showdetails){ + $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n"; + $body .= _("You receive this automatic mail since you yourself or someone ". + "else looked up your secret questions and answers for a forgotten ". + "password.\n\n". + "If it was you who looked up or changed that data, or clicked ". + "through the menu in your account, everything is in best order ". + "and you can ignore this mail.\n\n". + "But if you received this mail without a recognisable reason, ". + "there is a danger that an unauthorised person accessed your ". + "account, and you should promptly change your password and your ". + "secret questions and answers.")."\n\n"; - $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n"; - $body .= _("You receive this automatic mail since you yourself or someone ". - "else looked up your secret questions and answers for a forgotten ". - "password.\n\n". - "If it was you who looked up or changed that data, or clicked ". - "through the menu in your account, everything is in best order ". - "and you can ignore this mail.\n\n". - "But if you received this mail without a recognisable reason, ". - "there is a danger that an unauthorised person accessed your ". - "account, and you should promptly change your password and your ". - "secret questions and answers.")."\n\n"; + $body .= _("Best regards")."\n"._("CAcert Support"); - $body .= _("Best regards")."\n"._("CAcert Support"); - - sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); + sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); + } ?> + <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> <tr> @@ -70,24 +73,24 @@ (<?=_("dd/mm/yyyy")?>)</td> <td class="DataTD"><nobr><select name="day"> <? - for($i = 1; $i <= 31; $i++) - { - echo "<option"; - if($day == $i) - echo " selected='selected'"; - echo ">$i</option>"; - } + for($i = 1; $i <= 31; $i++) + { + echo "<option"; + if($day == $i) + echo " selected='selected'"; + echo ">$i</option>"; + } ?> </select> <select name="month"> <? - for($i = 1; $i <= 12; $i++) - { - echo "<option value='$i'"; - if($month == $i) - echo " selected='selected'"; - echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>"; - } + for($i = 1; $i <= 12; $i++) + { + echo "<option value='$i'"; + if($month == $i) + echo " selected='selected'"; + echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>"; + } ?> </select> <input type="text" name="year" value="<?=$year?>" size="4"></nobr> @@ -115,18 +118,22 @@ </tr> <tr> <td class="DataTD"><?=_("Date of Birth")?><br> - (<?=_("dd/mm/yyyy")?>)</td> + (<?=_("dd/mm/yyyy")?>)</td> <td class="DataTD"><?=$day?> <?=ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$month,1,1))))?> <?=$year?></td> </tr> <? } ?> <tr> + <td colspan="2" class="title"><a href="account.php?id=13&showdetails=<?=!$showdetails?>"><?=_("View secret question & answers and OTP phrases")?></a></td> + </tr> + <? if($showdetails){ ?> + <tr> <td class="DataTD"><?=_("OTP Hash")?><br> - (<?=_("Not displayed")?>)</td> + (<?=_("Not displayed")?>)</td> <td class="DataTD"><input type="text" name="otphash"></td> </tr> <tr> <td class="DataTD"><?=_("OTP PIN")?><br> - (<?=_("Not displayed")?>)</td> + (<?=_("Not displayed")?>)</td> <td class="DataTD"><input type="text" name="otppin"></td> </tr> <tr> @@ -153,6 +160,7 @@ <td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td> </tr> <tr> + <? } ?> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> </tr> </table> diff --git a/pages/account/16.php b/pages/account/16.php index 514ecfd..6f055d7 100644 --- a/pages/account/16.php +++ b/pages/account/16.php @@ -29,25 +29,25 @@ foreach($_SESSION['_config']['emails'] as $val) { ?> <tr> <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td> + <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"/></td> </tr> <? } ?> <tr> <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><input type="text" name="emails[]"></td> + <td class="DataTD"><input type="text" name="emails[]"/></td> </tr> <tr> <td class="DataTD"><?=_("Name")?>:</td> - <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"></td> + <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td> </tr> <tr> <td class="DataTD"><?=_("Department")?>:</td> - <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"></td> + <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td> </tr> <tr> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br> - <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br> + <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br /> + <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br /> <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?> </td> </tr> @@ -56,9 +56,15 @@ <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td> </tr> <? } ?> + <tr> + <td class="DataTD" colspan="2" align="left"> + <?=_("Optional comment, only used in the certifictate overview")?><br /> + <input type="text" name="description" maxlength="80" size=80 /> + </td> + </tr> <tr> <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>"> - <input type="submit" name="process" value="<?=_("Next")?>"></td> + <input type="submit" name="process" value="<?=_("Next")?>" /></td> </tr> </table> <input type="hidden" name="oldid" value="<?=$id?>"> diff --git a/pages/account/18.php b/pages/account/18.php index 13dcc30..2fbb8b4 100644 --- a/pages/account/18.php +++ b/pages/account/18.php @@ -19,13 +19,14 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="8" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> - <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("Comment")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> @@ -35,7 +36,8 @@ UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`, `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`, UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`, - `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id` + `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`, + `oemail`.`description` from `orgemailcerts` as `oemail`, `org` where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`oemail`.`orgid` "; @@ -50,7 +52,7 @@ { ?> <tr> - <td colspan="6" class="DataTD"><?=_("No client certificates are currently listed.")?></td> + <td colspan="8" class="DataTD"><?=_("No client certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -80,14 +82,22 @@ <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> <? } ?> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> + <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> </tr> <? } ?> <tr> + <td class="DataTD" colspan="8"> + <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?> + </td> + </tr> + <tr> <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> + <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td> </tr> <? } ?> </table> diff --git a/pages/account/20.php b/pages/account/20.php index 510b708..0187013 100644 --- a/pages/account/20.php +++ b/pages/account/20.php @@ -27,11 +27,13 @@ <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> <form method="post" action="account.php"> -<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br> -<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br> +<input type="radio" name="rootcert" value="1" /> <?=_("Sign by class 1 root certificate")?><br /> +<input type="radio" name="rootcert" value="2" checked /> <?=_("Sign by class 3 root certificate")?><br /> +<p> <?=_("Optional comment, only used in the certifictate overview")?><br /> + <input type="text" name="description" maxlength="80" size=80 /></p> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <p><?=_("Paste your CSR below...")?></p> -<textarea name="CSR" cols="80" rows="15"></textarea><br> -<input type="submit" name="process" value="<?=_("Submit")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> -</form> +<textarea name="CSR" cols="80" rows="15"></textarea><br /> +<input type="submit" name="process" value="<?=_("Submit")?>" /> +<input type="hidden" name="oldid" value="<?=$id?>" /> +</form>
\ No newline at end of file diff --git a/pages/account/22.php b/pages/account/22.php index 9df8200..cb40cf2 100644 --- a/pages/account/22.php +++ b/pages/account/22.php @@ -19,16 +19,16 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("CommonName")?></td> - <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> - + <td colspan="2" class="DataTD"><?=_("Comment *")?></td> <? $query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`, UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, @@ -36,7 +36,8 @@ `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`, UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`serial`, - `orgdomaincerts`.`id` as `id` + `orgdomaincerts`.`id` as `id`, + `orgdomaincerts`.`description` from `orgdomaincerts`,`org` where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` "; if($viewall != 1) @@ -51,7 +52,7 @@ { ?> <tr> - <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td> + <td colspan="8" class="DataTD"><?=_("No domains are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -77,18 +78,26 @@ <? } ?> <td class="DataTD"><?=$verified?></td> <td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> + <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">     - <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> + <td class="DataTD" colspan="8"> + <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?> + </td> + </tr> + <tr> + <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>" />     + <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td> + <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td> </tr> <? } ?> </table> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=$id?>" /> <input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" /> </form> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> diff --git a/pages/account/3.php b/pages/account/3.php index 5590488..b760c11 100644 --- a/pages/account/3.php +++ b/pages/account/3.php @@ -44,7 +44,7 @@ <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td> <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> </tr> -<? } +<? } if($_SESSION['profile']['points'] >= 50) { $fname = $_SESSION['profile']['fname']; @@ -52,55 +52,68 @@ if($_SESSION['profile']['points'] >= 50) $lname = $_SESSION['profile']['lname']; $suffix = $_SESSION['profile']['suffix']; ?> - <tr> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br> - <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br> - <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?> + <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br /> + <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br /> + <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?> </td> </tr> <tr> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br> -<? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?> -<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?> -<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?> -<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?> + <input type="radio" name="incname" value="0" checked /> <?=_("No Name")?><br /> + <? if($fname && $lname) { ?><input type="radio" name="incname" value="1" /> <?=_("Include")?> '<?=$fname." ".$lname?>'<br /><? } ?> + <? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br /><? } ?> + <? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3" /> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br /><? } ?> + <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br /><? } ?> </td> </tr> -<? } ?> +<? } ?> <? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> <tr> + <td class="DataTD"> + <input type="checkbox" name="codesign" value="1" /> + </td> <td class="DataTD" align="left"> - <input type="checkbox" name="codesign" value="1"> <?=_("Code Signing")?></td> - <td class="DataTD" align="left"> - <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> + <?=_("Code Signing")?><br /> + <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> </td> </tr> <? } ?> <tr> - <td class="DataTD" colspan="2" align="left"> - <input type="checkbox" name="login" value="1" checked="checked"> <?=_("Enable certificate login with this certificate")?><br> + <td class="DataTD"> + <input type="checkbox" name="login" value="1" checked="checked" /> + </td> + <td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br /> <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/> </td> </tr> - + <tr> + <td class="DataTD" colspan="2" align="left"> + <?=_("Optional comment, only used in the certifictate overview max. 100 characters")?><br /> + <input type="text" name="description" maxlength="100" size="100" /> + </td> + </tr> <tr name="expertoff" style="display:none"> - <td class="DataTD" colspan="2" align="left"> - <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)"/><?=_("Show advanced options")?> + <td class="DataTD"> + <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)" /> + </td> + <td class="DataTD"> + <?=_("Show advanced options")?> </td> </tr> <tr name="expert"> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="SSO" value="0" checked> <?=_("No Single Sign On ID")?><br> - <input type="radio" name="SSO" value="1"> <?=_("Add Single Sign On ID Information")?><br> + <input type="radio" name="SSO" value="0" checked /> <?=_("No Single Sign On ID")?><br /> + <input type="radio" name="SSO" value="1" /> <?=_("Add Single Sign On ID Information")?><br /> <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?> <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a> </td> </tr> + + <tr name="expert"> <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td> </tr> @@ -108,10 +121,19 @@ if($_SESSION['profile']['points'] >= 50) <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> + <td class="DataTD"> + <input type="checkbox" name="CCA" /> + </td> + <td class="DataTD" align="left"> + <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please Note: You need to accept the CCA to proceed.")?> + </td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td> </tr> </table> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=$id?>" /> </form> <script language="javascript"> diff --git a/pages/account/43.php b/pages/account/43.php index 234e01a..a942f18 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -100,8 +100,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(intval($_REQUEST['userid']) > 0) { - $id = intval($_REQUEST['userid']); - $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0"; + $userid = intval($_REQUEST['userid']); + $query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -135,7 +135,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <td class="DataTD"><?=_("Last Name")?>:</td> <td class="DataTD"> <input type="hidden" name="oldid" value="43"> <input type="hidden" name="action" value="updatedob"> - <input type="hidden" name="userid" value="<?=intval($id)?>"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td> </tr> <tr> @@ -786,9 +786,20 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <? } ?> </tr> + <tr> + <td colspan="6" class="title"> + <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> + <input type="hidden" name="action" value="revokecert"> + <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="submit" value="<?=_('revoke certificates')?>"> + </form> + </td> + </tr> </table> <br> + <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) <br /> @@ -837,7 +848,7 @@ function showassuredto() </tr> <? } ?> <tr> - <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> <td class="DataTD"><?=$points?></td> <td class="DataTD" colspan="3"> </td> </tr> @@ -883,7 +894,7 @@ function showassuredby() </tr> <? } ?> <tr> - <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> <td class="DataTD"><?=$points?></td> <td class="DataTD" colspan="3"> </td> </tr> diff --git a/pages/account/5.php b/pages/account/5.php index 5c131ba..9607850 100644 --- a/pages/account/5.php +++ b/pages/account/5.php @@ -19,28 +19,29 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("Email Address")?></td> - <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Login")?></td> - + <td colspan="2" class="DataTD"><?=_("Comment *")?></td> <? $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`, - `emailcerts`.`expire` as `expires`, + `emailcerts`.`expire` as `expires`, `emailcerts`.`revoked` as `revoke`, - UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, + UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, `emailcerts`.`id`, `emailcerts`.`CN`, `emailcerts`.`serial`, - emailcerts.disablelogin as `disablelogin` + `emailcerts`.`disablelogin` as `disablelogin`, + `emailcerts`.`description` from `emailcerts` where `emailcerts`.`memid`='".$_SESSION['profile']['id']."' "; @@ -56,7 +57,7 @@ { ?> <tr> - <td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td> + <td colspan="10" class="DataTD"><?=_("No client certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -86,31 +87,39 @@ <td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> <? } ?> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"> <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> - <input type="hidden" name="cert_<?=$row['id']?>" value="1"/> + <input type="hidden" name="cert_<?=$row['id']?>" value="1" /> </td> + <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> </tr> -<? } ?> + <? } ?> <tr> - <td class="DataTD" colspan="8"> + <td class="DataTD" colspan="9"> <a href="account.php?id=5&viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> </td> </tr> <tr> - <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     - <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> + <td class="DataTD" colspan="9"> + <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?> + </td> + </tr> + + <tr> + <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>" />     + <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td> - <td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td> + <td class="DataTD" colspan="4"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td> </tr> <? } ?> </table> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=$id?>" /> <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" /> </form> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> diff --git a/pages/account/50.php b/pages/account/50.php index 1604156..a4c2413 100644 --- a/pages/account/50.php +++ b/pages/account/50.php @@ -19,13 +19,17 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="2" class="title"><?=_("Change Password")?></td> + <td colspan="2" class="title"><?=_("Delete Account")?></td> </tr> <tr> <td class="DataTD"><?=_("Email")?>:</td> <td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td> </tr> <tr> + <td class="DataTD"><?=_("New Username from arbitration number + sequence number a20xxyyzz.a.b")?>:</td> + <td class="DataTD"><input type="text" name="arbitrationno"></td> + </tr> + <tr> <td class="DataTD" colspan="2"><?=_("Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.")?></td> </tr> <tr> diff --git a/pages/account/6.php b/pages/account/6.php index 38af8e8..0054b7a 100644 --- a/pages/account/6.php +++ b/pages/account/6.php @@ -14,123 +14,173 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? - $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']); - - $query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - { - showheader(_("My CAcert.org Account!")); - echo _("No such certificate attached to your account."); - showfooter(); - exit; +*/ + +// Get certificate information +$certid = 0; +if(array_key_exists('cert',$_REQUEST)) { + $certid = intval($_REQUEST['cert']); +} + +$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, + UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, + UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`, + `emailcerts`.`expire` as `expires`, + `emailcerts`.`revoked` as `revoke`, + UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, + `emailcerts`.`id`, + `emailcerts`.`CN`, + `emailcerts`.`serial`, + `emailcerts`.`disablelogin` as `disablelogin`, + `emailcerts`.`crt_name`, + `emailcerts`.`keytype`, + `emailcerts`.`description` + from `emailcerts` + where `emailcerts`.`id`='$certid' and + `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'"; + +$res = mysql_query($query); +if(mysql_num_rows($res) <= 0) { + showheader(_("My CAcert.org Account!")); + echo _("No such certificate attached to your account."); + showfooter(); + exit; +} +$row = mysql_fetch_assoc($res); + + +if (array_key_exists('format', $_REQUEST)) { + // Which output format? + if ($_REQUEST['format'] === 'der') { + $outform = '-outform DER'; + $extension = 'cer'; + } else { + $outform = '-outform PEM'; + $extension = 'crt'; } - $row = mysql_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname`; - - if($row['keytype'] == "NS") - { - if(array_key_exists('install',$_REQUEST) && $_REQUEST['install'] == 1) - { - header("Content-Type: application/x-x509-user-cert"); - header("Content-Length: ".strlen($cert)); - $fname=sanitizeFilename($row['CN']); - if($fname=="") $fname="certificate"; - header('Content-Disposition: inline; filename="'.$fname.'.crt"'); - echo $cert; - exit; - } else { - showheader(_("My CAcert.org Account!")); - echo "<h3>"._("Installing your certificate")."</h3>\n"; - echo "<p>"._("You are about to install a certificate, if you are using mozilla/netscape based browsers you will not be informed that the certificate was installed successfully, you can go into the options dialog box, security and manage certificates to view if it was installed correctly however.")."</p>\n"; - echo "<p><a href='account.php?id=6&cert=$certid&install=1'>"._("Click here")."</a> "._("to install your certificate.")."</p>\n"; - showfooter(); - exit; - } - } else { - showheader(_("My CAcert.org Account!")); -?> -<h3><?=_("Installing your certificate")?></h3> + $cert = `/usr/bin/openssl x509 -in $crtname $outform`; -<p><?=_("Hit the 'Install your Certificate' button below to install the certificate into MS IE 5.x and above.")?> + header("Content-Type: application/pkix-cert"); + header("Content-Length: ".strlen($cert)); -<OBJECT classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec"> -<?=_("You must enable ActiveX for this to work.")?> -</OBJECT> -<FORM > -<INPUT TYPE=BUTTON NAME="CertInst" VALUE="<?=_("Install Your Certificate")?>"> -</FORM> + $fname = sanitizeFilename($row['CN']); + if ($fname=="") $fname="certificate"; + header("Content-Disposition: attachment; filename=\"${fname}.${extension}\""); -</P> + echo $cert; + exit; -<SCRIPT LANGUAGE=VBS> - Sub CertInst_OnClick - certchain = _ -<? - $lines = explode("\n", $cert); - if(is_array($lines)) - foreach($lines as $line) - { - $line = trim($line); - if($line != "-----END CERTIFICATE-----") - echo "\"$line\" & _\n"; - else { - echo "\"$line\"\n"; - break; - } - } -?> +} elseif (array_key_exists('install', $_REQUEST)) { + if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && + strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { - On Error Resume Next - - Dim obj - Set obj=CreateObject("X509Enrollment.CX509Enrollment") - If IsObject(obj) Then - obj.Initialize(1) - obj.InstallResponse 0,certchain,0,"" - if err.number<>0 then - msgbox err.Description - else - msgbox "<?=_("Certificate installed successfully. Please don't forget to backup now")?>" - end if - else - - - - - cec.DeleteRequestCert = FALSE - err.clear - - cec.WriteCertToCSP = TRUE - cec.acceptPKCS7(certchain) - if err.number <> 0 Then - cec.WriteCertToCSP = FALSE - end if - err.clear - cec.acceptPKCS7(certchain) - if err.number <> 0 then - errorMsg = "<?=_("Certificate installation failed!")?>" & chr(13) & chr(10) & _ - "(Error code " & err.number & ")" - msgRes = MsgBox(errorMsg, 0, "<?=_("Certificate Installation Error")?>") - else - okMsg = "<?=_("Personal Certificate Installed.")?>" & chr(13) & chr(10) & _ - "See Tools->Internet Options->Content->Certificates" - msgRes = MsgBox(okMsg, 0, "<?=_("Certificate Installation Complete!")?>") - end if - End If - End Sub -</SCRIPT> - -<p><?=_("Your certificate:")?></p> -<pre><?=$cert?></pre> -<? - - showfooter(); + // Handle IE + //TODO + + } else { + // All other browsers + $crtname=escapeshellarg($row['crt_name']); + $cert = `/usr/bin/openssl x509 -in $crtname -outform DER`; + + header("Content-Type: application/x-x509-user-cert"); + header("Content-Length: ".strlen($cert)); + + $fname = sanitizeFilename($row['CN']); + if ($fname=="") $fname="certificate"; + header("Content-Disposition: inline; filename=\"${fname}.cer\""); + + echo $cert; exit; } + +} else { + showheader(_("My CAcert.org Account!"), _("Install your certificate")); + echo '<ul class="no_indent">'; + echo "<li><a href='account.php?id=$id&cert=$certid&install'>". + _("Install the certificate into your browser"). + "</a></li>\n"; + + echo "<li><a href='account.php?id=$id&cert=$certid&format=pem'>". + _("Download the certificate in PEM format")."</a></li>\n"; + + echo "<li><a href='account.php?id=$id&cert=$certid&format=der'>". + _("Download the certificate in DER format")."</a></li>\n"; + echo '</ul>'; + + // Allow to directly copy and paste the cert in PEM format + $crtname=escapeshellarg($row['crt_name']); + $cert = `/usr/bin/openssl x509 -in $crtname -outform PEM`; + echo "<pre>$cert</pre>"; + + ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Information about the certificate")?></td> + </tr> +<? + if($row['timeleft'] > 0) + $verified = _("Valid"); + if($row['timeleft'] < 0) + $verified = _("Expired"); + if($row['expired'] == 0) + $verified = _("Pending"); + if($row['revoked'] > 0) + $verified = _("Revoked"); + if($row['revoked'] == 0) + $row['revoke'] = _("Not Revoked"); ?> + <tr> + <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> +<? if($verified != _("Pending") && $verified != _("Revoked")) { ?> + <td class="DataTD"><input type="checkbox" name="revokeid[<?=$row['id']?>]" ></td> +<? } else if($verified != _("Revoked")) { ?> + <td class="DataTD"><input type="checkbox" name="delid[<?=$row['id']?>]"></td> +<? } else { ?> + <td class="DataTD"> </td> +<? } ?> + </tr> + <tr> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=$verified?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email Address")?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("SerialNumber")?></td> + <td class="DataTD"><?=$row['serial']?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=$row['revoke']?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Expires")?></td> + <td class="DataTD"><?=$row['expires']?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Login")?></td> + <td class="DataTD"> + <input type="checkbox" name="disablelogin" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Comment")?></td> + <td class="DataTD"><input type="text" name="description" maxlength="100" size=100 value="<?=htmlspecialchars($row['description'])?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td> + </tr> +</table> +<input type="hidden" name="oldid" value="6"> +<input type="hidden" name="certid" value="<?=$certid?>"> +</form> +<? + showfooter(); + exit; +} diff --git a/pages/account/8.php b/pages/account/8.php index 6b3de01..79448d1 100644 --- a/pages/account/8.php +++ b/pages/account/8.php @@ -25,7 +25,7 @@ if(is_array($_SESSION['_config']['addy'])) foreach($_SESSION['_config']['addy'] as $add) { ?> <tr> - <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?>></td> + <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?> /></td> <td class="DataTD" width="175"><?=$add?></td> </tr> <? } ?> @@ -34,5 +34,5 @@ </tr> </table> <input type="hidden" name="csrf" value="<?=make_csrf('ctcinfo')?>" /> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=$id?>" /> </form> diff --git a/pages/gpg/0.php b/pages/gpg/0.php index ce3b72a..f490511 100644 --- a/pages/gpg/0.php +++ b/pages/gpg/0.php @@ -19,7 +19,11 @@ ?> <p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p> <form method="post" action="gpg.php"> -<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br> -<input type="submit" name="process" value="<?=_("Submit")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> +<p><?=_("Optional comment, only used in the certifictate overview")?><br /> + <input type="text" name="description" maxlength="80" size=80 /></p> +<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br /> +<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please Note: You need to accept the CCA to proceed.")?></p> +<input type="submit" name="process" value="<?=_("Submit")?>" /> +<input type="hidden" name="oldid" value="<?=$id?>" /> </form> diff --git a/pages/gpg/2.php b/pages/gpg/2.php index e10935e..cc8a872 100644 --- a/pages/gpg/2.php +++ b/pages/gpg/2.php @@ -15,29 +15,30 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> +<form method="post" action="gpg.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="5" class="title"><?=_("OpenPGP Keys")?></td> + <td colspan="6" class="title"><?=_("OpenPGP Keys")?></td> </tr> <tr> <td class="DataTD"><?=_("Status")?></td> <td class="DataTD"><?=_("Email Address")?></td> <td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Key ID")?></td> - + <td colspan="2" class="DataTD"><?=_("Comment *")?></td> <? $query = "select UNIX_TIMESTAMP(`issued`) as `issued`, UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`expire`) as `expired`, - `expire` as `expires`, `id`, `level`, - `email`,`keyid` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."' + `expire` as `expires`, `id`, `level`, + `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."' ORDER BY `issued` desc"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { ?> <tr> - <td colspan="5" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td> + <td colspan="6" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -62,10 +63,19 @@ <? } ?> <td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['keyid']?></a></td> - + <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> </tr> <? } ?> <? } ?> + <tr> + <td class="DataTD" colspan="6"> + <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?> + </td> + </tr> + <tr> + <td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td> + </tr> </table> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=$id?>" /> </form> diff --git a/pages/index/21.php b/pages/index/21.php index 0521f67..f07bbb8 100644 --- a/pages/index/21.php +++ b/pages/index/21.php @@ -14,34 +14,36 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? /* -page called from the following pages +*/ + +/* +page called from the following pages a. https://wiki.cacert.org/Price [^] b. https://wiki.cacert.org/CacertMembership/DE [^] c. https://wiki.cacert.org/CacertMembership [^] d. https://wiki.cacert.org/CAcertInc [^] - e. https://wiki.cacert.org/Brain/CAcertInc [^] - */ ?> + e. https://wiki.cacert.org/Brain/CAcertInc [^] +*/ ?> + <h3><?=_("For CAcert Association Members")?></h3> -<b><?=_("Have you paid your CAcert Association membership fees for the year?")?></b> -<p><?=_("If not then select this PayPal button to establish annual payment of your US$10 membership fee.")?></p> -<form action="https://www.paypal.com/cgi-bin/webscr" method="post"> +<p><b><?=_("Have you paid your CAcert Association membership fees for the year?")?></b></p> + +<p><?=_("If not then select this PayPal button to establish annual payment of your 10 EUR membership fee.")?></p> +<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top"> <input type="hidden" name="cmd" value="_s-xclick"> -<input type="image" src="/images/payment2.png" border="0" name="submit" alt="Make payments with PayPal"> -<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHiAYJKoZIhvcNAQcEoIIHeTCCB3UCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAVW/F7PUYp3SMSCdOj1L4lNmZk8TPLmyFBXiYe/dP6bdcsvvx0A58mLC/3j961TCs95gXWqYx5vDD9znDEii5An7weRqtaxFa9B+UplKT2kcQJpi45zsGKzhwtHF/g0aJQdLmzrDYNnWd16UvhuasUIV501LaZB3ykq5j2eDJV/DELMAkGBSsOAwIaBQAwggEEBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECJHKnDgLaYrEgIHgjYPDm0r2cH9hexIMEuCuiO9eOIsYxpzC50y9+ZWltUA9Eqp8avPT3ExC4qaw6FS8eo4+UWweESWXpAk3QrNTXgeV+Zf/4RjUEurpkRECinPUCtTgJvs6XLaPU50hAAaV9QmknT4DICcmB7djry0tB1FbLOmnqMyOTpT2pKDuL7r6hgEIAnCyASBtO5E8YJWFgSneQ53PbtT+YuAcVwIOD83wFRDAjlwYhs50VD6ugK07SXxC5I8RFV65PZS/qIiEEBCv7yiXi/U9DK4QG+3ojuxkP6ZjwshGb/99uK1NZCqgggOHMIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wHhcNMDQwMjEzMTAxMzE1WhcNMzUwMjEzMTAxMzE1WjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFHTt38RMxLXJyO2SmS+Ndl72T7oKJ4u4uw+6awntALWh03PewmIJuzbALScsTS4sZoS1fKciBGoh11gIfHzylvkdNe/hJl66/RGqrj5rFb08sAABNTzDTiqqNpJeBsYs/c2aiGozptX2RlnBktH+SUNpAajW724Nv2Wvhif6sFAgMBAAGjge4wgeswHQYDVR0OBBYEFJaffLvGbxe9WT9S1wob7BDWZJRrMIG7BgNVHSMEgbMwgbCAFJaffLvGbxe9WT9S1wob7BDWZJRroYGUpIGRMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIFfOlaagFrl71+jq6OKidbWFSE+Q4FqROvdgIONth+8kSK//Y/4ihuE4Ymvzn5ceE3S/iBSQQMjyvb+s2TWbQYDwcp129OPIbD9epdr4tJOUNiSojw7BHwYRiPh58S1xGlFgHFXwrEBb3dgNbMUa+u4qectsMAXpVHnD9wIyfmHMYIBmjCCAZYCAQEwgZQwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMDMwNzA2NDdaMCMGCSqGSIb3DQEJBDEWBBQQVDeJMeMteu3fuP5xIdpSiYrfLDANBgkqhkiG9w0BAQEFAASBgHIt5M/R6uPXFU0bVQJWcoO++ETE4nPbp+Nz+o7bclXsxIQL+yG5C5vQdpgNeCLuq42sPv+QUuVoMxio6hecCgHewwqAxkrUUr+teGOFSEqpfXBhjWfkUvZLvOy1ix6pSpjLnUu4bbJxaA5eM0gZQDZCJ8nh0HxPScdi5BhVuPSk-----END PKCS7----- -"> +<input type="hidden" name="hosted_button_id" value="AMCDNMBBDXGA2"> +<input type="image" src="/images/btn_subscribeCC_LG.gif" border="0" name="submit" alt="Subscription payment for membership fee"> </form> -<p><?=_("To do a single US$10 Membership-Fee Payment, please use this button:")?></p> -<form action="https://www.paypal.com/cgi-bin/webscr" method="post"> +<p><?=_("To do a single 10 EUR membership fee payment, please use this button:")?></p> +<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top"> <input type="hidden" name="cmd" value="_s-xclick"> -<input type="hidden" name="hosted_button_id" value="586280"> -<input type="image" src="/images/btn_paynowCC_LG.gif" border="0" name="submit" alt=""> -</form> +<input type="hidden" name="hosted_button_id" value="8F4WL72WX857J"> +<input type="image" src="/images/btn_paynowCC_LG.gif" border="0" name="submit" alt="Single payment for membership fee"> +</form> -<p><?=_("If you are located in Australia, you can use bank transfer instead and pay the equivalent of US$10 in AU$.")?></p> +<p><?=_("If you are located in Australia, you can use bank transfer instead and pay the equivalent of 10 EUR in AUD.")?></p> <p><?=_("Please also include your name in the transaction so we know who it came from and send an email to secretary at cacert dot org with the details:")?></p> @@ -49,6 +51,5 @@ page called from the following pages <li>Account Name: CAcert Inc</li> <li>SWIFT: WPACAU2S</li> <li>BSB: 032073</li> -<li>Account No.: 180264</li> +<li>Account No: 180264</li> </ul> -<br/><br/> diff --git a/pages/wot/15.php b/pages/wot/15.php index 8579588..cca2702 100644 --- a/pages/wot/15.php +++ b/pages/wot/15.php @@ -16,7 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ - include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); + require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $userid = intval($_SESSION['profile']['id']); diff --git a/pages/wot/4.php b/pages/wot/4.php index befdfe4..628e6a5 100644 --- a/pages/wot/4.php +++ b/pages/wot/4.php @@ -15,7 +15,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -require_once(dirname(__FILE__).'/../../includes/wot.inc.php'); +require_once(dirname(__FILE__).'/../../includes/notary.inc.php'); ?> <h3><?=_("Trusted Third Parties")?></h3> diff --git a/pages/wot/6.php b/pages/wot/6.php index 28c1875..1031090 100644 --- a/pages/wot/6.php +++ b/pages/wot/6.php @@ -40,20 +40,20 @@ $name = $fname." ".$mname." ".$lname." ".$suffix; $_SESSION['_config']['wothash'] = md5($name."-".$dob); - include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php"); + require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); AssureHead(_("Assurance Confirmation"),sprintf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $fname)); AssureTextLine(_("Name"),$name); AssureTextLine(_("Date of Birth"),$dob." ("._("YYYY-MM-DD").")"); - AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person"), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); + AssureMethodLine(_("Method"),$methods,''); + AssureBoxLine("certify",sprintf(_("I certify that %s %s %s has appeared in person."), $fname, $mname, $lname),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); + AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1); AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"",""); - AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("Please adjust the date if you assured the person on a different day")); - AssureMethodLine(_("Method"),$methods,_("Only tick the next box if the Assurance was face to face.")); + AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); + AssureTextLine("",_("Only tick the next box if the Assurance was face to face.")); AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); - AssureBoxLine("rules",_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); - AssureTextLine(_("Policy"),"<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); + AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); + AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>"); AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")"); - AssureCCABoxLine("CCAAgreed",sprintf(_("Check this box only if %s agreed to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"),$fname)); - AssureCCABoxLine("CCAAgree",_("Check this box only if YOU agree to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>")); AssureFoot($id,_("I confirm this Assurance")); ?> |