summaryrefslogtreecommitdiff
path: root/pages
diff options
context:
space:
mode:
authorMarkus Warg <mw@it-sls.de>2010-03-29 09:54:06 +0200
committerMarkus Warg <mw@it-sls.de>2010-03-29 09:54:06 +0200
commit9dceece06fbdc98add6f76f0b1aec05891a394c4 (patch)
treef7227c28ca5f79f30c2ec81ba1a09a4fe3972436 /pages
parent5b68967def224a00f54eb54946ff17301bbd3cdb (diff)
downloadcacert-9dceece06fbdc98add6f76f0b1aec05891a394c4.tar.gz
cacert-9dceece06fbdc98add6f76f0b1aec05891a394c4.tar.xz
cacert-9dceece06fbdc98add6f76f0b1aec05891a394c4.zip
remove cacert/ prefix
Diffstat (limited to 'pages')
-rw-r--r--pages/CVS/Entries8
-rw-r--r--pages/CVS/Repository1
-rw-r--r--pages/CVS/Root1
-rw-r--r--pages/account/0.php33
-rw-r--r--pages/account/1.php35
-rw-r--r--pages/account/10.php41
-rw-r--r--pages/account/11.php53
-rw-r--r--pages/account/12.php90
-rw-r--r--pages/account/13.php161
-rw-r--r--pages/account/14.php46
-rw-r--r--pages/account/15.php38
-rw-r--r--pages/account/16.php65
-rw-r--r--pages/account/17.php137
-rw-r--r--pages/account/18.php94
-rw-r--r--pages/account/19.php116
-rw-r--r--pages/account/2.php61
-rw-r--r--pages/account/20.php37
-rw-r--r--pages/account/21.php54
-rw-r--r--pages/account/22.php90
-rw-r--r--pages/account/23.php38
-rw-r--r--pages/account/24.php52
-rw-r--r--pages/account/25.php50
-rw-r--r--pages/account/26.php42
-rw-r--r--pages/account/27.php57
-rw-r--r--pages/account/28.php38
-rw-r--r--pages/account/29.php44
-rw-r--r--pages/account/3.php135
-rw-r--r--pages/account/30.php45
-rw-r--r--pages/account/31.php39
-rw-r--r--pages/account/32.php52
-rw-r--r--pages/account/33.php55
-rw-r--r--pages/account/34.php45
-rw-r--r--pages/account/35.php58
-rw-r--r--pages/account/36.php35
-rwxr-xr-xpages/account/37.php31
-rwxr-xr-xpages/account/38.php40
-rwxr-xr-xpages/account/39.php90
-rw-r--r--pages/account/4.php190
-rwxr-xr-xpages/account/40.php86
-rw-r--r--pages/account/41.php87
-rw-r--r--pages/account/42.php33
-rw-r--r--pages/account/43.php417
-rw-r--r--pages/account/44.php38
-rw-r--r--pages/account/45.php23
-rw-r--r--pages/account/48.php33
-rw-r--r--pages/account/49.php101
-rw-r--r--pages/account/5.php114
-rw-r--r--pages/account/50.php37
-rw-r--r--pages/account/51.php34
-rw-r--r--pages/account/52.php102
-rw-r--r--pages/account/53.php113
-rw-r--r--pages/account/54.php209
-rw-r--r--pages/account/55.php112
-rw-r--r--pages/account/56.php41
-rw-r--r--pages/account/6.php136
-rw-r--r--pages/account/7.php36
-rw-r--r--pages/account/8.php38
-rw-r--r--pages/account/9.php57
-rw-r--r--pages/account/CVS/Entries56
-rw-r--r--pages/account/CVS/Repository1
-rw-r--r--pages/account/CVS/Root1
-rw-r--r--pages/advertise/CVS/Entries1
-rw-r--r--pages/advertise/CVS/Repository1
-rw-r--r--pages/advertise/CVS/Root1
-rw-r--r--pages/advertising/0.php100
-rw-r--r--pages/advertising/1.php38
-rw-r--r--pages/advertising/CVS/Entries3
-rw-r--r--pages/advertising/CVS/Repository1
-rw-r--r--pages/advertising/CVS/Root1
-rw-r--r--pages/disputes/0.php24
-rw-r--r--pages/disputes/1.php35
-rw-r--r--pages/disputes/2.php36
-rw-r--r--pages/disputes/4.php42
-rw-r--r--pages/disputes/5.php38
-rw-r--r--pages/disputes/6.php42
-rw-r--r--pages/disputes/CVS/Entries7
-rw-r--r--pages/disputes/CVS/Repository1
-rw-r--r--pages/disputes/CVS/Root1
-rw-r--r--pages/gpg/0.php25
-rw-r--r--pages/gpg/2.php71
-rw-r--r--pages/gpg/3.php33
-rw-r--r--pages/gpg/CVS/Entries4
-rw-r--r--pages/gpg/CVS/Repository1
-rw-r--r--pages/gpg/CVS/Root1
-rw-r--r--pages/help/0.php29
-rw-r--r--pages/help/2.php79
-rw-r--r--pages/help/3.php88
-rw-r--r--pages/help/4.php45
-rw-r--r--pages/help/5.php18
-rw-r--r--pages/help/6.php28
-rw-r--r--pages/help/7.php26
-rw-r--r--pages/help/8.php20
-rw-r--r--pages/help/9.php67
-rw-r--r--pages/help/CVS/Entries10
-rw-r--r--pages/help/CVS/Repository1
-rw-r--r--pages/help/CVS/Root1
-rw-r--r--pages/index/0.php171
-rw-r--r--pages/index/1.php142
-rw-r--r--pages/index/10.php90
-rw-r--r--pages/index/11.php86
-rw-r--r--pages/index/12.php31
-rw-r--r--pages/index/13.php40
-rwxr-xr-xpages/index/16.php78
-rw-r--r--pages/index/17.php138
-rw-r--r--pages/index/18.php25
-rw-r--r--pages/index/19.php104
-rw-r--r--pages/index/2.php20
-rw-r--r--pages/index/21.php46
-rw-r--r--pages/index/3.php78
-rw-r--r--pages/index/4.php61
-rw-r--r--pages/index/47.php58
-rw-r--r--pages/index/5.php62
-rw-r--r--pages/index/51.php37
-rw-r--r--pages/index/6.php102
-rw-r--r--pages/index/7.php30
-rw-r--r--pages/index/8.php27
-rw-r--r--pages/index/CVS/Entries21
-rw-r--r--pages/index/CVS/Repository1
-rw-r--r--pages/index/CVS/Root1
-rw-r--r--pages/wot/0.php21
-rw-r--r--pages/wot/1.php123
-rw-r--r--pages/wot/10.php124
-rw-r--r--pages/wot/11.php52
-rw-r--r--pages/wot/12.php135
-rw-r--r--pages/wot/13.php102
-rw-r--r--pages/wot/14.php47
-rw-r--r--pages/wot/2.php36
-rw-r--r--pages/wot/3.php47
-rw-r--r--pages/wot/4.php32
-rw-r--r--pages/wot/5.php83
-rw-r--r--pages/wot/6.php170
-rw-r--r--pages/wot/7-old.php183
-rw-r--r--pages/wot/8.php44
-rw-r--r--pages/wot/9.php82
-rw-r--r--pages/wot/CVS/Entries16
-rw-r--r--pages/wot/CVS/Repository1
-rw-r--r--pages/wot/CVS/Root1
137 files changed, 7869 insertions, 0 deletions
diff --git a/pages/CVS/Entries b/pages/CVS/Entries
new file mode 100644
index 0000000..61ccd9b
--- /dev/null
+++ b/pages/CVS/Entries
@@ -0,0 +1,8 @@
+D/account////
+D/disputes////
+D/gpg////
+D/help////
+D/index////
+D/wot////
+D/advertise////
+D/advertising////
diff --git a/pages/CVS/Repository b/pages/CVS/Repository
new file mode 100644
index 0000000..3334716
--- /dev/null
+++ b/pages/CVS/Repository
@@ -0,0 +1 @@
+cacert/pages
diff --git a/pages/CVS/Root b/pages/CVS/Root
new file mode 100644
index 0000000..a363882
--- /dev/null
+++ b/pages/CVS/Root
@@ -0,0 +1 @@
+/var/lib/cvs
diff --git a/pages/account/0.php b/pages/account/0.php
new file mode 100644
index 0000000..84b581e
--- /dev/null
+++ b/pages/account/0.php
@@ -0,0 +1,33 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<H3><?=_("My Account")?></H3>
+<p><?=_("Welcome to your account section of the website. Below is a description of the different sections and what they're for.")?></p>
+<H4><?=_("CAcert.org")?></H4>
+<p><?=_("If you would like to view news items or change languages you can click the logout or go home links. Go home doesn't log you out of the system, just returns you to the front of the website. Logout logs you out of the system.")?></p>
+<H4><?=_("My Details")?></H4>
+<p><?=_("In this section you will be able to edit your personal information (if you haven't been assured), update your pass phrase, and lost pass phrase questions. You will also be able to set your location for the Web of Trust, it also effects the email announcement settings which among other things can be set to notify you if you're within 200km of a planned assurance event. You'll also be able to set additional contact information when you become fully trusted, so others can contact you to meet up outside official events.")?></p>
+<h4><?=_("Email Accounts and Client Certificates")?></h4>
+<p><?=_("The email account section is for adding/updating/removing email accounts which can be used to issue client certificates against. The client certificate section steps you through generating a certificate signing request for one or more emails you've registered in the email account section.")?></p>
+<h4><?=_("Domains and Server Certificates.")?></h4>
+<p><?=_("Before you can start issuing certificates for your website, irc server, smtp server, pop3, imap etc you will need to add domains to your account under the domain menu. You can also remove domains from here as well. Once you've added a domain you are free then to go into the Server Certificate section and start pasting CSR into the website and have the website return you a valid certificate for up to 2 years if you have 50 trust points, or 6 months for no trust points.")?></p>
+<h4><?=_("Org Client and Server Certificates")?></h4>
+<p><?=_("Once you have verified your company you will see these menu options. They allow you to issue as many certificates as you like without proving individual email accounts as you like, further more you are able to get your company details on the certificate.")?></p>
+<h4><?=_("CAcert Web of Trust")?></h4>
+<p><?=_("The Web of Trust system CAcert uses is similar to that many involved with GPG/PGP use, they hold face to face meetings to verify each others photo identities match their GPG/PGP key information. CAcert differs however in that we have modified things to work within the PKI framework, for you to gain trust in the system you must first locate someone already trusted. The trust person depending how many people they've trusted or meet before will determine how many points they can issue to you (the number of points they can issue is listed in the locate assurer section). Once you've met up you can show your ID and you will need to fill out a CAP form which the person assuring your details must retain for verification reasons.")?></p>
+<p><b><?=_("The former TTP (Trusted Third Party) System has been stopped, and is currently not available.")?></b></p>
+<? // "You can also get trust points via the Trust Third Party system where you go to a lawyer, bank manager, accountant, or public notary/juctise of the peace and they via your ID and fill in the TTP form to state they have viewed your ID documents and it appears authentic and true. More information on the TTP system can be found in the TTP sub-menu</p> ?>
diff --git a/pages/account/1.php b/pages/account/1.php
new file mode 100644
index 0000000..f3cd1f2
--- /dev/null
+++ b/pages/account/1.php
@@ -0,0 +1,35 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Add Email")?></td>
+ </tr>
+
+ <tr>
+ <td class="DataTD" width="125"><?=_("Email Address")?>: </td>
+ <td class="DataTD" width="125"><input type="text" name="newemail" value="<?=array_key_exists('newemail',$_SESSION['profile'])?sanitizeHTML($_SESSION['profile']['newemail']):''?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("I own or am authorised to control this email address")?>"/></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('addemail')?>" />
+</form>
+<p><?=_("Currently we only issue certificates for Punycode domains if the person requesting them has code signing attributes attached to their account, as these have potentially slightly higher security risk.")?></p>
diff --git a/pages/account/10.php b/pages/account/10.php
new file mode 100644
index 0000000..704a05c
--- /dev/null
+++ b/pages/account/10.php
@@ -0,0 +1,41 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/shutdown.php");
+?>
+<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3>
+<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>
+
+<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>
+
+<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/policy/">http://www.cacert.org/policy/</a></p>
+
+<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
+
+<p><b>*** <?=_("Please Note. All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not. If you are a valid organisation and would like more details to appear on certificates, you will need to have at least 50 assurance points and you need to send us a copy of your document of incorporation. Then we can add those details to your certificates. Contact us for more information on our organisational services.")?> ***</b></p>
+
+<form method="post" action="account.php">
+<? if($_SESSION['profile']['points'] >= 50) { ?>
+<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
+<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
+<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
+<? } ?>
+<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p>
+<textarea name="CSR" cols="80" rows="15"></textarea><br>
+<input type="submit" name="process" value="<?=_("Submit")?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/11.php b/pages/account/11.php
new file mode 100644
index 0000000..4e070cb
--- /dev/null
+++ b/pages/account/11.php
@@ -0,0 +1,53 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p>
+<?=_("Please make sure the following details are correct before proceeding any further.")?>
+</p>
+<?// print_r($_SESSION['_config']['altrows']); ?>
+<p>
+<? if(is_array($_SESSION['_config']['rows']))
+ foreach($_SESSION['_config']['rows'] as $row) { ?>
+<?=_("CommonName")?>: <?=$row?><br>
+<? } ?>
+<? if(is_array($_SESSION['_config']['altrows']))
+ foreach($_SESSION['_config']['altrows'] as $row) { ?>
+<?=_("subjectAltName")?>: <?=$row?><br>
+<? } ?>
+<? if(1 == 0) { ?>
+<?=_("Organisation")?>: <?=$_SESSION['_config']['O']?><br>
+<?=_("Org. Unit")?>: <?=$_SESSION['_config']['OU']?><br>
+<?=_("Location")?>: <?=$_SESSION['_config']['L']?><br>
+<?=_("State/Province")?>: <?=$_SESSION['_config']['ST']?><br>
+<?=_("Country")?>: <?=$_SESSION['_config']['C']?><br>
+<?=_("Email Address")?>: <?=$_SESSION['_config']['emailAddress']?><br>
+<? } ?>
+<?=_("No additional information will be included on certificates because it can not be automatically checked by the system.")?>
+<? if(array_key_exists('rejected',$_SESSION['_config']) && is_array($_SESSION['_config']['rejected'])) { ?>
+<br><br><?=_("The following hostnames were rejected because the system couldn't link them to your account, if they are valid please verify the domains against your account.")?><br>
+<? foreach($_SESSION['_config']['rejected'] as $row) { ?>
+<?=_("Rejected")?>: <a href="account.php?id=7&amp;newdomain=<?=$row?>"><?=$row?></a><br>
+<? } } ?>
+<? if(is_array($_SESSION['_config']['rows']) || is_array($_SESSION['_config']['altrows'])) { ?>
+<form method="post" action="account.php">
+<input type="submit" name="process" value="<?=_("Submit")?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
+<? } else { ?>
+<br><br><b><?=_("Unable to continue as no valid commonNames or subjectAltNames were present on your certificate request.")?></b>
+<? } ?>
+</p>
diff --git a/pages/account/12.php b/pages/account/12.php
new file mode 100644
index 0000000..40135be
--- /dev/null
+++ b/pages/account/12.php
@@ -0,0 +1,90 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ </tr>
+<?
+ $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
+ `domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`id` as `id`
+ from `domaincerts`,`domains`
+ where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` ";
+ if($viewall != 1)
+ {
+ $query .= "AND `revoked`=0 AND `renewed`=0 ";
+ $query .= "HAVING `timeleft` > 0 ";
+ }
+ $query .= "ORDER BY `domaincerts`.`modified` desc";
+//echo $query."<br>\n";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+?>
+ <tr>
+ <td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td>
+ </tr>
+<? } else {
+ while($row = mysql_fetch_assoc($res))
+ {
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
+?>
+ <tr>
+<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+<? } else if($verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+<? } else { ?>
+ <td class="DataTD">&nbsp;</td>
+<? } ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ </tr>
+<? } ?>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" />
+</form>
+<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
diff --git a/pages/account/13.php b/pages/account/13.php
new file mode 100644
index 0000000..e8dad73
--- /dev/null
+++ b/pages/account/13.php
@@ -0,0 +1,161 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ $user = mysql_fetch_assoc($res);
+
+ $year = intval(substr($user['dob'], 0, 4));
+ $month = intval(substr($user['dob'], 5, 2));
+ $day = intval(substr($user['dob'], 8, 2));
+
+ $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
+ $body .= _("You receive this automatic mail since you yourself or")."\n";
+ $body .= _("someone else looked up your secret questions and answers")."\n";
+ $body .= _("for a forgotten password.")."\n\n";
+ $body .= _("If it was you who looked up or changed that data, or clicked")."\n";
+ $body .= _("through the menu in your account, everything is in best order and")."\n";
+ $body .= _("you can ignore this mail.")."\n\n";
+ $body .= _("But if you received this mail without a recognisable reason,")."\n";
+ $body .= _("there is a danger that an unauthorised person accessed your")."\n";
+ $body .= _("account, and you should promptly change your password and your")."\n";
+ $body .= _("secret questions and answers.")."\n\n";
+
+ $body .= _("With kind regards,")."\n\n"._("CAcert Support");
+
+ sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support");
+?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
+ <tr>
+ <td colspan="2" class="title"><?=_("My Details")?></td>
+ </tr>
+<? if($_SESSION['profile']['points'] == 0) { ?>
+ <tr>
+ <td class="DataTD" width="125"><?=_("First Name")?>: </td>
+ <td class="DataTD" width="125"><input type="text" name="fname" value="<?=$user['fname']?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
+ (<?=_("optional")?>)
+ </td>
+ <td class="DataTD"><input type="text" name="mname" value="<?=$user['mname']?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Last Name")?>: </td>
+ <td class="DataTD"><input type="text" name="lname" value="<?=$user['lname']?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Suffix")?><br>
+ (<?=_("optional")?>)</td>
+ <td class="DataTD"><input type="text" name="suffix" value="<?=$user['suffix']?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Date of Birth")?><br>
+ (<?=_("dd/mm/yyyy")?>)</td>
+ <td class="DataTD"><nobr><select name="day">
+<?
+ for($i = 1; $i <= 31; $i++)
+ {
+ echo "<option";
+ if($day == $i)
+ echo " selected='selected'";
+ echo ">$i</option>";
+ }
+?>
+ </select>
+ <select name="month">
+<?
+ for($i = 1; $i <= 12; $i++)
+ {
+ echo "<option value='$i'";
+ if($month == $i)
+ echo " selected='selected'";
+ echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>";
+ }
+?>
+ </select>
+ <input type="text" name="year" value="<?=$year?>" size="4"></nobr>
+ </td>
+ </tr>
+<? } else { ?>
+ <tr>
+ <td class="DataTD" width="125"><?=_("First Name")?>: </td>
+ <td class="DataTD" width="125"><?=$user['fname']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
+ (<?=_("optional")?>)
+ </td>
+ <td class="DataTD"><?=$user['mname']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Last Name")?>: </td>
+ <td class="DataTD"><?=$user['lname']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Suffix")?><br>
+ (<?=_("optional")?>)</td>
+ <td class="DataTD"><?=$user['suffix']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Date of Birth")?><br>
+ (<?=_("dd/mm/yyyy")?>)</td>
+ <td class="DataTD"><?=$day?> <?=ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$month,1,1))))?> <?=$year?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><?=_("OTP Hash")?><br>
+ (<?=_("Not displayed")?>)</td>
+ <td class="DataTD"><input type="text" name="otphash"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("OTP PIN")?><br>
+ (<?=_("Not displayed")?>)</td>
+ <td class="DataTD"><input type="text" name="otppin"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=sanitizeHTML($user['Q1'])?>"></td>
+ <td class="DataTD"><input type="text" name="A1" value="<?=sanitizeHTML($user['A1'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=sanitizeHTML($user['Q2'])?>"></td>
+ <td class="DataTD"><input type="text" name="A2" value="<?=sanitizeHTML($user['A2'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=sanitizeHTML($user['Q3'])?>"></td>
+ <td class="DataTD"><input type="text" name="A3" value="<?=sanitizeHTML($user['A3'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=sanitizeHTML($user['Q4'])?>"></td>
+ <td class="DataTD"><input type="text" name="A4" value="<?=sanitizeHTML($user['A4'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=sanitizeHTML($user['Q5'])?>"></td>
+ <td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="csrf" value="<?=make_csrf('perschange')?>" />
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/14.php b/pages/account/14.php
new file mode 100644
index 0000000..342ab46
--- /dev/null
+++ b/pages/account/14.php
@@ -0,0 +1,46 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
+ <tr>
+ <td colspan="2" class="title"><?=_("Change Pass Phrase")?></td>
+ </tr>
+<? if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname']) { ?>
+ <tr>
+ <td class="DataTD"><?=_("Old Pass Phrase")?>: </td>
+ <td class="DataTD"><input type="password" name="oldpassword"></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><?=_("New Pass Phrase")?><font color="red">*</font>: </td>
+ <td class="DataTD"><input type="password" name="pword1"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td>
+ <td class="DataTD"><input type="password" name="pword2"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol (all white spaces at the beginning and end are removed).")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Pass Phrase")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="csrf" value="<?=make_csrf('pwchange')?>" />
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/15.php b/pages/account/15.php
new file mode 100644
index 0000000..6cd3115
--- /dev/null
+++ b/pages/account/15.php
@@ -0,0 +1,38 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
+
+ $query = "select * from `domaincerts`,`domains` where `domaincerts`.`id`='$certid' and
+ `domains`.`memid`='".intval($_SESSION['profile']['id'])."' and
+ `domains`.`id`=`domaincerts`.`domid`";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ echo _("No such certificate attached to your account.");
+ showfooter();
+ exit;
+ }
+ $row = mysql_fetch_assoc($res);
+ $crtname=escapeshellarg($row['crt_name']);
+ $cert = `/usr/bin/openssl x509 -in $crtname`;
+?>
+<h3><?=_("Below is your Server Certificate")?></h3>
+<pre>
+<?=$cert?>
+</pre>
diff --git a/pages/account/16.php b/pages/account/16.php
new file mode 100644
index 0000000..3e582e3
--- /dev/null
+++ b/pages/account/16.php
@@ -0,0 +1,65 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/shutdown.php");
+?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("New Client Certificate")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Add")?></td>
+ <td class="DataTD"><?=_("Address")?></td>
+<? if(array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails']))
+ foreach($_SESSION['_config']['emails'] as $val) { ?>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><input type="text" name="emails[]"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Name")?>:</td>
+ <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Department")?>:</td>
+ <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
+ <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
+ <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?>
+ </td>
+ </tr>
+<? if($_SESSION['profile']['codesign'] && $_SESSION['profile']['points'] >= 100) { ?>
+ <tr>
+ <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Another Email")?>">
+ <input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/17.php b/pages/account/17.php
new file mode 100644
index 0000000..2ba5390
--- /dev/null
+++ b/pages/account/17.php
@@ -0,0 +1,137 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
+<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
+<?=_("You must enable ActiveX for this to work.")?>
+</object>
+<form method="post" action="account.php" name="CertReqForm"><p>
+<input type="hidden" name="session" value="UsedXenroll">
+<?=_("Key Strength:")?> <select name="CspProvider"></select>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<INPUT TYPE=HIDDEN NAME="CSR">
+<input type="hidden" name="keytype" value="MS">
+<?=_("'Enhanced Provider' is generally the best option, which has a key size of 1024bit. If you need a bigger key size you will need to use a different browser.")?>
+<input type="submit" name="GenReq" value="Create Certificate"><br>
+</p></form>
+<script type="text/vbscript" language="vbscript">
+<!--
+Function GetProviderList()
+ Dim CspList, cspIndex, ProviderName
+ On Error Resume Next
+
+ count = 0
+ base = 0
+ enhanced = 0
+ CspList = ""
+ ProviderName = ""
+
+ For ProvType = 0 to 13
+ cspIndex = 0
+ cec.ProviderType = ProvType
+ ProviderName = cec.enumProviders(cspIndex,0)
+
+ while ProviderName <> ""
+ Set oOption = document.createElement("OPTION")
+ oOption.text = ProviderName
+ oOption.value = ProvType
+ Document.CertReqForm.CspProvider.add(oOption)
+ if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
+ base = count
+ end if
+ if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
+ enhanced = count
+ end if
+ cspIndex = cspIndex +1
+ ProviderName = ""
+ ProviderName = cec.enumProviders(cspIndex,0)
+ count = count + 1
+ wend
+ Next
+ Document.CertReqForm.CspProvider.selectedIndex = base
+ if enhanced then
+ Document.CertReqForm.CspProvider.selectedIndex = enhanced
+ end if
+End Function
+
+Function CSR(keyflags)
+ CSR = ""
+ szName = ""
+ cec.HashAlgorithm = "MD5"
+ err.clear
+ On Error Resume Next
+ set options = document.all.CspProvider.options
+ index = options.selectedIndex
+ cec.providerName = options(index).text
+ tmpProviderType = options(index).value
+ cec.providerType = tmpProviderType
+ cec.KeySpec = 2
+ if tmpProviderType < 2 Then
+ cec.KeySpec = 1
+ end if
+ cec.GenKeyFlags = &h04000001 OR keyflags
+ CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ if len(CSR)<>0 then Exit Function
+ cec.GenKeyFlags = &h04000000 OR keyflags
+ CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ if len(CSR)<>0 then Exit Function
+ if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
+ if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
+ cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
+ else
+ Exit Function
+ end if
+ end if
+ cec.GenKeyFlags = 1 OR keyflags
+ CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ if len(CSR)<>0 then Exit Function
+ cec.GenKeyFlags = keyflags
+ CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ if len(CSR)<>0 then Exit Function
+ cec.GenKeyFlags = 0
+ CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+End Function
+
+Sub GenReq_OnClick
+ Dim TheForm
+ Set TheForm = Document.CertReqForm
+ err.clear
+ result = CSR(2)
+ if len(result)=0 Then
+ result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
+ Exit Sub
+ end if
+ TheForm.CSR.Value = result
+ TheForm.Submit
+ Exit Sub
+End Sub
+
+GetProviderList()
+-->
+</script>
+<? } else { ?>
+<p>
+<form method="post" action="account.php">
+<input type="hidden" name="keytype" value="NS">
+<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
+
+
+<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
+</p>
+<? } ?>
diff --git a/pages/account/18.php b/pages/account/18.php
new file mode 100644
index 0000000..5ee1a3b
--- /dev/null
+++ b/pages/account/18.php
@@ -0,0 +1,94 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+
+<?
+ $query = "select UNIX_TIMESTAMP(`created`) as `created`,
+ UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`expire`) as `expired`,
+ `expire` as `expires`, `revoked` as `revoke`,
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `id`
+ from `orgemailcerts`, `org`
+ where `memid`='".intval($_SESSION['profile']['id'])."' and
+ `org`.`orgid`=`orgemailcerts`.`orgid` ";
+ if($viewall != 1)
+ {
+ $query .= "AND `revoked`=0 AND `renewed`=0 ";
+ $query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
+ }
+ $query .= "ORDER BY `modified` desc";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+?>
+ <tr>
+ <td colspan="5" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+ </tr>
+<? } else {
+ while($row = mysql_fetch_assoc($res))
+ {
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
+?>
+ <tr>
+<? if($verified == _("Valid") || $verified == _("Expired")) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
+<? } else if($verified == _("Pending")) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=$row['CN']?></td>
+<? } else { ?>
+ <td class="DataTD">&nbsp;</td>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
+<? } ?>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ </tr>
+<? } ?>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
+</form>
+<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
diff --git a/pages/account/19.php b/pages/account/19.php
new file mode 100644
index 0000000..6a2749c
--- /dev/null
+++ b/pages/account/19.php
@@ -0,0 +1,116 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
+
+ $query = "select * from `orgemailcerts`,`org` where `orgemailcerts`.`id`='".intval($certid)."' and
+ `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
+ `org`.`orgid`=`orgemailcerts`.`orgid`";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("No such certificate attached to your account.");
+ showfooter();
+ exit;
+ }
+ $row = mysql_fetch_assoc($res);
+ $crtname=escapeshellarg($row['crt_name']);
+ $cert = `/usr/bin/openssl x509 -in $crtname`;
+
+ if($row['keytype'] == "NS")
+ {
+ if(array_key_exists('install',$_REQUEST) && $_REQUEST['install'] == 1)
+ {
+ header("Content-Type: application/x-x509-user-cert");
+ header("Content-Length: ".strlen($cert));
+ $fname=sanitizeFilename($row['CN']);
+ if($fname=="") $fname="certificate";
+ header('Content-Disposition: inline; filename="'.$fname.'.crt"');
+ echo $cert;
+ exit;
+ } else {
+ showheader(_("My CAcert.org Account!"));
+ echo "<h3>"._("Installing your certificate")."</h3>\n";
+ echo "<p>"._("You are about to install a certificate, if you are using mozilla/netscape based browsers you will not be informed that the certificate was installed successfully, you can go into the options dialog box, security and manage certificates to view if it was installed correctly however.")."</p>\n";
+ echo "<p><a href='account.php?id=19&amp;cert=$certid&amp;install=1'>"._("Click here")."</a> "._("to install your certificate.")."</p>\n";
+ showfooter();
+ exit;
+ }
+ } else {
+ showheader(_("My CAcert.org Account!"));
+?>
+<h3><?=_("Installing your certificate")?></h3>
+
+<p><?=_("Hit the 'Install your Certificate' button below to install the certificate into MS IE 5.x and above.")?>
+
+<OBJECT classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
+<?=_("You must enable ActiveX for this to work.")?>
+</OBJECT>
+<FORM >
+<INPUT TYPE=BUTTON NAME="CertInst" VALUE="<?=_("Install Your Certificate")?>">
+</FORM>
+
+</P>
+
+<SCRIPT LANGUAGE=VBS>
+ Sub CertInst_OnClick
+ certchain = _
+<?
+ $lines = explode("\n", $cert);
+ if(is_array($lines))
+ foreach($lines as $line)
+ {
+ $line = trim($line);
+ if($line != "-----END CERTIFICATE-----")
+ echo "\"$line\" & _\n";
+ else {
+ echo "\"$line\"\n";
+ break;
+ }
+ }
+?>
+
+ On Error Resume Next
+ cec.DeleteRequestCert = FALSE
+ err.clear
+
+ cec.WriteCertToCSP = TRUE
+ cec.acceptPKCS7(certchain)
+ if err.number <> 0 Then
+ cec.WriteCertToCSP = FALSE
+ end if
+ err.clear
+ cec.acceptPKCS7(certchain)
+ if err.number <> 0 then
+ errorMsg = "<?=_("Certificate installation failed!")?>" & chr(13) & chr(10) & _
+ "(Error code " & err.number & ")"
+ msgRes = MsgBox(errorMsg, 0, "<?=_("Certificate Installation Error")?>")
+ else
+ okMsg = "<?=_("Personal Certificate Installed.")?>" & chr(13) & chr(10) & _
+ "See Tools->Internet Options->Content->Certificates"
+ msgRes = MsgBox(okMsg, 0, "<?=_("Certificate Installation Complete!")?>")
+ end if
+ End Sub
+</SCRIPT>
+
+<?
+ showfooter();
+ exit;
+ }
+?>
diff --git a/pages/account/2.php b/pages/account/2.php
new file mode 100644
index 0000000..36421f9
--- /dev/null
+++ b/pages/account/2.php
@@ -0,0 +1,61 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="4" class="title"><?=_("Email Accounts")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Default")?></td>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Delete")?></td>
+ <td class="DataTD"><?=_("Address")?></td>
+
+<?
+ $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ if($row['hash'] == "")
+ $verified = _("Verified");
+ else
+ $verified = _("Unverified");
+?>
+ <tr>
+ <td class="DataTD"><? if($row['hash'] == "") { ?><input type="radio" name="emailid" value="<?=$row['id']?>"
+ <? if($row['email'] == $_SESSION['profile']['email']) echo " checked"; ?>><? } else { echo "&nbsp;"; } ?></td>
+ <td class="DataTD"><?=$verified?></td>
+<? if($row['email'] == $_SESSION['profile']['email']) { ?>
+ <td class="DataTD"><?=_("N/A")?></td>
+<? } else { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+<? } ?>
+ <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="makedefault" value="<?=_("Make Default")?>"></td>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Delete")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('chgdef')?>" />
+</form>
+<p>
+<?=_("Please Note: You can not set an unverified account as a default account, and you can not remove a default account. To remove the default account you must set another verified account as the default.")?>
+</p>
diff --git a/pages/account/20.php b/pages/account/20.php
new file mode 100644
index 0000000..510b708
--- /dev/null
+++ b/pages/account/20.php
@@ -0,0 +1,37 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/shutdown.php");
+?>
+<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3>
+<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>
+
+<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>
+
+<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/policy/">http://www.cacert.org/policy/</a></p>
+
+<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
+
+<form method="post" action="account.php">
+<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
+<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
+<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
+<p><?=_("Paste your CSR below...")?></p>
+<textarea name="CSR" cols="80" rows="15"></textarea><br>
+<input type="submit" name="process" value="<?=_("Submit")?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/21.php b/pages/account/21.php
new file mode 100644
index 0000000..6c3786b
--- /dev/null
+++ b/pages/account/21.php
@@ -0,0 +1,54 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $org = $_SESSION['_config']['row'];
+ if($org['id'] <= 0)
+ $org = $_SESSION['_config']['altrow'];
+?>
+<p>
+<?=_("Please make sure the following details are correct before proceeding any further.")?>
+</p>
+
+<p>
+<? if(is_array($_SESSION['_config']['rows']))
+ foreach($_SESSION['_config']['rows'] as $row) { ?>
+<?=_("CommonName")?>: <?=$row?><br>
+<? } ?>
+<? if(is_array($_SESSION['_config']['altrows']))
+ foreach($_SESSION['_config']['altrows'] as $row) { ?>
+<?=_("subjectAltName")?>: <?=$row?><br>
+<? } ?>
+<?=_("Organisation")?>: <?=$org['O']?><br>
+<?=_("Org. Unit")?>: <?=($_SESSION['_config']['OU'])?><br>
+<?=_("Location")?>: <?=$org['L']?><br>
+<?=_("State/Province")?>: <?=$org['ST']?><br>
+<?=_("Country")?>: <?=$org['C']?><br>
+
+
+<form method="post" action="account.php">
+<input type="submit" name="process" value="<?=_("Submit")?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+
+
+<? if($_SESSION['profile']['admin'] == 1) { ?>
+<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
+<input type="checkbox" name="ocspcert" value="OCSPCert"/> <?=_("OCSP certificate")?>
+<? } ?>
+
+</form>
+</p>
diff --git a/pages/account/22.php b/pages/account/22.php
new file mode 100644
index 0000000..565cb5f
--- /dev/null
+++ b/pages/account/22.php
@@ -0,0 +1,90 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+
+<?
+ $query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`,
+ `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`id` as `id`
+ from `orgdomaincerts`,`org`
+ where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
+ if($viewall != 1)
+ {
+ $query .= "AND `revoked`=0 AND `renewed`=0 ";
+ $query .= "HAVING `timeleft` > 0 ";
+ }
+ $query .= "ORDER BY `orgdomaincerts`.`modified` desc";
+//echo $query."<br>\n";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+?>
+ <tr>
+ <td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td>
+ </tr>
+<? } else {
+ while($row = mysql_fetch_assoc($res))
+ {
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
+?>
+ <tr>
+<? if($verified == _("Valid") || $verified == _("Expired")) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+<? } else if($verified == _("Pending")) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+<? } else { ?>
+ <td class="DataTD">&nbsp;</td>
+<? } ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+ </tr>
+<? } ?>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" />
+</form>
+<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
diff --git a/pages/account/23.php b/pages/account/23.php
new file mode 100644
index 0000000..4ec56c3
--- /dev/null
+++ b/pages/account/23.php
@@ -0,0 +1,38 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
+
+ $query = "select * from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$certid' and
+ `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
+ `org`.`orgid`=`orgdomaincerts`.`orgid`";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ echo _("No such certificate attached to your account.");
+ showfooter();
+ exit;
+ }
+ $row = mysql_fetch_assoc($res);
+ $crtname=escapeshellarg($row['crt_name']);
+ $cert = `/usr/bin/openssl x509 -in $crtname`;
+?>
+<h3><?=_("Below is your Server Certificate")?></h3>
+<pre>
+<?=$cert?>
+</pre>
diff --git a/pages/account/24.php b/pages/account/24.php
new file mode 100644
index 0000000..19faa9f
--- /dev/null
+++ b/pages/account/24.php
@@ -0,0 +1,52 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("New Organisation")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Organisation Name")?>:</td>
+ <td class="DataTD"><input type="text" name="O" value="<?=array_key_exists('O',$_SESSION['_config'])?$_SESSION['_config']['O']:""?>" maxlength="50"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Contact Email")?>:</td>
+ <td class="DataTD"><input type="text" name="contact" value="<?=array_key_exists('contact',$_SESSION['_config'])?$_SESSION['_config']['contact']:""?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Town/Suburb")?>:</td>
+ <td class="DataTD"><input type="text" name="L" value="<?=array_key_exists('L',$_SESSION['_config'])?$_SESSION['_config']['L']:""?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("State/Province")?>:</td>
+ <td class="DataTD"><input type="text" name="ST" value="<?=array_key_exists('ST',$_SESSION['_config'])?$_SESSION['_config']['ST']:""?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country")?>:</td>
+ <td class="DataTD"><input type="text" name="C" value="<?=array_key_exists('C',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['C']):""?>" size="5">(2 letter <a href="http://www.iso.org/iso/english_country_names_and_code_elements">ISO code</a>)</td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Comments")?>:</td>
+ <td class="DataTD"><textarea name="comments" cols="35" rows="5"><?=array_key_exists('comments',$_SESSION['_config'])?$_SESSION['_config']['comments']:""?></textarea></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/25.php b/pages/account/25.php
new file mode 100644
index 0000000..ab0e6b2
--- /dev/null
+++ b/pages/account/25.php
@@ -0,0 +1,50 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="700">
+ <tr>
+ <td colspan="5" class="title"><?=_("Organisations")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" width="350"><?=_("Organisation")?></td>
+ <td class="DataTD"><?=_("Domains")?></td>
+ <td class="DataTD"><?=_("Admins")?></td>
+ <td class="DataTD"><?=_("Edit")?></td>
+ <td class="DataTD"><?=_("Delete")?></td>
+ </tr>
+<?
+ $query = "select * from `orginfo` ORDER BY `id`";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'");
+ $admincount = mysql_num_rows($r2);
+ $r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
+ $domcount = mysql_num_rows($r2);
+?>
+ <tr>
+ <td class="DataTD"><?=htmlspecialchars($row['O'])?>, <?=htmlspecialchars($row['ST'])?> <?=htmlspecialchars($row['C'])?></td>
+ <td class="DataTD"><a href="account.php?id=26&amp;orgid=<?=intval($row['id'])?>"><?=_("Domains")?> (<?=$domcount?>)</a></td>
+ <td class="DataTD"><a href="account.php?id=32&amp;orgid=<?=$row['id']?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
+ <td class="DataTD"><a href="account.php?id=27&amp;orgid=<?=$row['id']?>"><?=_("Edit")?></a></td>
+ <td class="DataTD"><a href="account.php?id=31&amp;orgid=<?=$row['id']?>"><?=_("Delete")?></a></td>
+ <? if(array_key_exists('viewcomment',$_REQUEST) && $_REQUEST['viewcomment']!='') { ?>
+ <td class="DataTD"><?=sanitizeHTML($row['comments'])?></td>
+ <? } ?>
+ </tr>
+<? } ?>
+</table>
diff --git a/pages/account/26.php b/pages/account/26.php
new file mode 100644
index 0000000..f8b195d
--- /dev/null
+++ b/pages/account/26.php
@@ -0,0 +1,42 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
+ <tr>
+ <td colspan="3" class="title"><? printf(_("%s's Domains"), $row['O']); ?> (<a href="account.php?id=28&amp;orgid=<?=intval($row['id'])?>"><?=_("Add")?></a>)</td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?></td>
+ <td class="DataTD"><?=_("Edit")?></td>
+ <td class="DataTD"><?=_("Delete")?></td>
+ </tr>
+<?
+ $query = "select * from `orgdomains` where `orgid`='".intval($_REQUEST['orgid'])."'";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ { ?>
+ <tr>
+ <td class="DataTD"><?=sanitizeHTML($row['domain'])?></a></td>
+ <td class="DataTD"><a href="account.php?id=29&amp;orgid=<?=intval($row['orgid'])?>&amp;domid=<?=intval($row['id'])?>"><?=_("Edit")?></a></td>
+ <td class="DataTD"><a href="account.php?id=30&amp;orgid=<?=intval($row['orgid'])?>&amp;domid=<?=intval($row['id'])?>"><?=_("Delete")?></a></td>
+ </tr>
+<? } ?>
+</table>
diff --git a/pages/account/27.php b/pages/account/27.php
new file mode 100644
index 0000000..2cd52a8
--- /dev/null
+++ b/pages/account/27.php
@@ -0,0 +1,57 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
+?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Edit Organisation")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Organisation Name")?>:</td>
+ <td class="DataTD"><input type="text" name="O" value="<?=$row['O']?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Contact Email")?>:</td>
+ <td class="DataTD"><input type="text" name="contact" value="<?=($row['contact'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Town/Suburb")?>:</td>
+ <td class="DataTD"><input type="text" name="L" value="<?=($row['L'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("State/Province")?>:</td>
+ <td class="DataTD"><input type="text" name="ST" value="<?=($row['ST'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country")?>:</td>
+ <td class="DataTD"><input type="text" name="C" value="<?=($row['C'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Comments")?>:</td>
+ <td class="DataTD"><textarea name="comments" cols=15 rows=5><?=($row['comments'])?></textarea></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
+<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('orgdetchange')?>" />
+</form>
diff --git a/pages/account/28.php b/pages/account/28.php
new file mode 100644
index 0000000..1212f9c
--- /dev/null
+++ b/pages/account/28.php
@@ -0,0 +1,38 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><? printf(_("New Domain for %s"), sanitizeHTML($row['O'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?>:</td>
+ <td class="DataTD"><input type="text" name="domainname" value="<?=array_key_exists('domain',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['domain']):""?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
+<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+
+</form>
diff --git a/pages/account/29.php b/pages/account/29.php
new file mode 100644
index 0000000..c1a3def
--- /dev/null
+++ b/pages/account/29.php
@@ -0,0 +1,44 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
+ $org = mysql_fetch_assoc(mysql_query($query));
+
+ $_SESSION['_config']['domain'] = $row['domain'];
+?>
+<h3><?=_("Warning!")?></h3>
+<p><?=_("Hitting update will also revoke all existing certificates issued under this domain")?></p>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><? printf(_("Update Domain for %s"), ($org['O'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?>:</td>
+ <td class="DataTD"><input type="text" name="domainname" value="<?=sanitizeHTML($_SESSION['_config']['domain'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
+<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+
+</form>
diff --git a/pages/account/3.php b/pages/account/3.php
new file mode 100644
index 0000000..cad89a1
--- /dev/null
+++ b/pages/account/3.php
@@ -0,0 +1,135 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/shutdown.php");
+?>
+<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3>
+<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>
+
+<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>
+
+<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/cps.php">http://www.cacert.org/cps.php</a></p>
+
+<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed andwill not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
+
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("New Client Certificate")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Add")?></td>
+ <td class="DataTD"><?=_("Address")?></td>
+
+<?
+ $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ { ?>
+ <tr>
+ <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td>
+ <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
+ </tr>
+<? }
+if($_SESSION['profile']['points'] >= 50)
+{
+ $fname = $_SESSION['profile']['fname'];
+ $mname = $_SESSION['profile']['mname'];
+ $lname = $_SESSION['profile']['lname'];
+ $suffix = $_SESSION['profile']['suffix'];
+?>
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
+ <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
+ <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br>
+<? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?>
+<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?>
+<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?>
+<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?>
+ </td>
+ </tr>
+<? } ?>
+<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
+ <tr>
+ <td class="DataTD" align="left">
+ <input type="checkbox" name="codesign" value="1"> <?=_("Code Signing")?></td>
+ <td class="DataTD" align="left">
+ <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
+ </td>
+ </tr>
+<? } ?>
+
+ <tr>
+ <td class="DataTD" colspan="2" align="left">
+ <input type="checkbox" name="login" value="1" checked="checked"> <?=_("Enable certificate login with this certificate")?><br>
+ <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/>
+ </td>
+ </tr>
+
+
+ <tr name="expertoff" style="display:none">
+ <td class="DataTD" colspan="2" align="left">
+ <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)"/><?=_("Show advanced options")?>
+ </td>
+ </tr>
+
+ <tr name="expert">
+ <td class="DataTD" colspan="2" align="left">
+ <input type="radio" name="SSO" value="0" checked> <?=_("No Single Sign On ID")?><br>
+ <input type="radio" name="SSO" value="1"> <?=_("Add Single Sign On ID Information")?><br>
+ <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
+ <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a>
+ </td>
+ </tr>
+ <tr name="expert">
+ <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td>
+ </tr>
+ <tr name="expert">
+ <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
+
+<script language="javascript">
+function showExpert(a)
+{
+ b=document.getElementsByName("expert");
+ for(i=0;b.length>i;i++)
+ {
+ if(!a) {b[i].setAttribute("style","display:none"); }
+ else {b[i].removeAttribute("style");}
+ }
+ b=document.getElementsByName("expertoff");
+ for(i=0;b.length>i;i++)
+ {
+ b[i].removeAttribute("style");
+ }
+
+}
+showExpert(false);
+</script>
+
diff --git a/pages/account/30.php b/pages/account/30.php
new file mode 100644
index 0000000..30c86f3
--- /dev/null
+++ b/pages/account/30.php
@@ -0,0 +1,45 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
+ $org = mysql_fetch_assoc(mysql_query($query));
+
+ $_SESSION['_config']['domain'] = $row['domain'];
+?>
+<h3><?=_("Warning!")?></h3>
+<p><?=_("Hitting delete will also revoke all existing certificates issued under this domain")?></p>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><? printf(_("Delete Domain for %s"), ($org['O'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this domain?"), sanitizeHTML($row['domain'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">
+ <input type="submit" name="process" value="<?=_("Delete")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
+<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+<input type="hidden" name="domain" value="<?=sanitizeHTML($row['domain'])?>">
+
+</form>
diff --git a/pages/account/31.php b/pages/account/31.php
new file mode 100644
index 0000000..d91a77a
--- /dev/null
+++ b/pages/account/31.php
@@ -0,0 +1,39 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
+ $org = mysql_fetch_assoc(mysql_query($query));
+
+?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><? printf(_("Delete Organisation"), ($org['O'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this organisation?"), sanitizeHTML($org['O'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">
+ <input type="submit" name="process" value="<?=_("Delete")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
+<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+
+</form>
diff --git a/pages/account/32.php b/pages/account/32.php
new file mode 100644
index 0000000..00dc1ea
--- /dev/null
+++ b/pages/account/32.php
@@ -0,0 +1,52 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="500">
+ <tr>
+ <td colspan="5" class="title"><? printf(_("%s's Administrators"), $row['O']); ?> (<a href="account.php?id=33&amp;orgid=<?=$row['id']?>"><?=_("Add")?></a>)</td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Administrator")?></td>
+ <td class="DataTD"><?=_("Master Account")?></td>
+ <td class="DataTD"><?=_("Department")?></td>
+ <td class="DataTD"><?=_("Comments")?></td>
+ <td class="DataTD"><?=_("Delete")?></td>
+ </tr>
+<?
+ $query = "select * from `org` where `orgid`='".intval($_REQUEST['orgid'])."'";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['memid'])."'"));
+?>
+ <tr>
+ <td class="DataTD"><a href='mailto:<?=$user['email']?>'><?=($user['fname'])?> <?=($user['lname'])?></a></td>
+ <td class="DataTD"><?=($row['masteracc'])?></a></td>
+ <td class="DataTD"><?=($row['OU'])?></a></td>
+ <td class="DataTD"><?=($row['comments'])?></a></td>
+<? if($row['masteracc'] == 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+ <td class="DataTD"><a href="account.php?id=34&amp;orgid=<?=$row['orgid']?>&amp;memid=<?=$row['memid']?>"><?=_("Delete")?></a></td>
+<? } else { ?>
+ <td class="DataTD">N/A</td>
+<? } ?>
+ </tr>
+<? } ?>
+</table>
diff --git a/pages/account/33.php b/pages/account/33.php
new file mode 100644
index 0000000..4da8bed
--- /dev/null
+++ b/pages/account/33.php
@@ -0,0 +1,55 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+?>
+<form method="post" action="account.php">
+<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><? printf(_("New Admin for %s"), ($row['O'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['email']):""?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Department")?>:</td>
+ <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?$_SESSION['_config']['OU']:""?>"></td>
+ </tr>
+<? if($_SESSION['profile']['orgadmin'] == 1) { ?>
+ <tr>
+ <td class="DataTD"><?=_("Master Account")?>:</td>
+ <td class="DataTD"><select name="masteracc">
+ <option value="0">No</option>
+ <option value="1"<? if(array_key_exists('masteracc',$_SESSION['_config']) && $_SESSION['_config']['masteracc'] == 1) echo " selected='selected'"; ?>>Yes</option>
+ </select></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><?=_("Comments")?>:</td>
+ <td class="DataTD"><input type="text" name="comments" value="<?=array_key_exists('comments',$_SESSION['_config'])?$_SESSION['_config']['comments']:""?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('orgadmadd')?>" />
+</form>
diff --git a/pages/account/34.php b/pages/account/34.php
new file mode 100644
index 0000000..25ad1db
--- /dev/null
+++ b/pages/account/34.php
@@ -0,0 +1,45 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['orgid'])."'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
+ $org = mysql_fetch_assoc(mysql_query($query));
+ $query = "select * from `users` where `id`='".intval($_REQUEST['memid'])."'";
+ $user = mysql_fetch_assoc(mysql_query($query));
+
+ $_SESSION['_config']['domain'] = $row['domain'];
+?>
+<form method="post" action="account.php">
+<input type="hidden" name="memid" value="<?=intval($_REQUEST['memid'])?>">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><? printf(_("Delete Admin for %s"), ($org['O'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s from administering this organisation?"), sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">
+ <input type="submit" name="process" value="<?=_("Delete")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
+<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+
+</form>
diff --git a/pages/account/35.php b/pages/account/35.php
new file mode 100644
index 0000000..3a4714f
--- /dev/null
+++ b/pages/account/35.php
@@ -0,0 +1,58 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
+ <tr>
+ <td colspan="3" class="title"><?=_("Organisations")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD">#</td>
+ <td class="DataTD"><?=_("Organisation")?></td>
+ <td class="DataTD"><?=_("Admins")?></td>
+ </tr>
+<?
+ $query = "select * from `orginfo`,`org` where `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ //number of admins for the org
+ $r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'");
+ $admincount = mysql_num_rows($r2);
+
+ // number of domains for the org
+ $r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
+ $domcount = mysql_num_rows($r2);
+?>
+ <tr>
+ <td class="DataTD"><?=intval($row['id'])?></td>
+ <td class="DataTD"><?=($row['O'])?>, <?=($row['ST'])?> <?=sanitizeHTML($row['C'])?></td>
+ <td class="DataTD"><a href="account.php?id=32&amp;orgid=<?=$row['id']?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
+ </tr>
+<?
+ // display the domains of each organisation
+ $query3 = "select * from `orgdomains` where `orgid`='".intval($row['id'])."'";
+ $res3 = mysql_query($query3);
+ while($detailorg = mysql_fetch_assoc($res3))
+ {
+?>
+ <tr>
+ <td class="DataTD"><?=intval($detailorg['id'])?></td>
+ <td class="DataTD"><?=_("Domain available")?></td>
+ <td class="DataTD"><?=sanitizeHTML($detailorg['domain'])?></td>
+ </tr>
+<? } } ?>
+</table>
diff --git a/pages/account/36.php b/pages/account/36.php
new file mode 100644
index 0000000..be0f590
--- /dev/null
+++ b/pages/account/36.php
@@ -0,0 +1,35 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
+ <tr>
+ <td colspan="2" class="title"><?=_("My Alert Settings")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" valign="top"><b><?=_("Alert me if")?></b>: </td>
+ <td class="DataTD" align="left"><input type="checkbox" name="general" value="1"<? if(array_key_exists('general',$_REQUEST) && $_REQUEST['general']) echo " checked='checked'"; ?>><?=_("General Announcements")?><br>
+ <input type="checkbox" name="country" value="1"<? if(array_key_exists('country',$_REQUEST) && $_REQUEST['country']) echo " checked='checked'"; ?>><?=_("Country Announcements")?><br>
+ <input type="checkbox" name="regional" value="1"<? if(array_key_exists('regional',$_REQUEST) && $_REQUEST['regional']) echo " checked='checked'"; ?>><?=_("Regional Announcements")?><br>
+ <input type="checkbox" name="radius" value="1"<? if(array_key_exists('radius',$_REQUEST) && $_REQUEST['radius']) echo " checked='checked'"; ?>><?=_("Within 200km Announcements")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update My Settings")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/37.php b/pages/account/37.php
new file mode 100755
index 0000000..4b021e0
--- /dev/null
+++ b/pages/account/37.php
@@ -0,0 +1,31 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<H3><?=_("About CAcert.org")?></H3>
+
+<p><?=_("CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free.")?></p>
+
+<p><? printf(_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically with the X.509 family of standards. We have compiled a %sdocument base%s that has helpful hints and tips on setting up encryption with common software, and general information about Public Key Infrastructures (PKI)."), "<a href='http://wiki.cacert.org/'>", "</a>"); ?></p>
+
+<p><?=_("For the enthusiast looking to dip their toe in the water, we have an easy way of obtaining certificates you can use with your email program. You can use these not only to encrypt, but to prove to your friends and family that your email really does come from you.")?></p>
+
+<p><?=_("For administrators looking to protect the services they offer, we provide host and wild card certificates which you can issue almost immediately. Not only can you use these to protect websites, but also POP3, SMTP and IMAP connections, to list but a few. Unlike other certificate authorities, we don't limit the strength of the certificates, or the use of wild card certificates. Everyone should have the right to security and to protect their privacy, not just those looking to run ecommerce sites.")?></p>
+
+<p><?=_("If you're extremely serious about encryption, you can join CAcert's Assurance Programme and Web of Trust. This allows you to have your identity verified to obtain added benefits, including longer length certificates and the ability to include your name on email certificates."); ?></p>
+
+<p><?=_("CAcert Inc. is a non-profit association, incorporated in New South Wales Australia.")?></p>
+<p><?=_("More information about CAcert Incorporated:")?><a href="http://wiki.cacert.org/wiki/CAcertIncorporated">http://wiki.cacert.org/wiki/CAcertIncorporated</a></p>
diff --git a/pages/account/38.php b/pages/account/38.php
new file mode 100755
index 0000000..34cbea4
--- /dev/null
+++ b/pages/account/38.php
@@ -0,0 +1,40 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<H3><?=_("Donations")?></H3><br>
+
+<h4><?=_("If I'd like to donate to CAcert Inc., how can I do it?")?></h4>
+
+<p><?=_("CAcert Inc. is a non-profit association which is legally able to accept donations. CAcert adheres to strict guidelines about how this money can to be used. If you'd like to make a donation, you can do so via")?>
+
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_s-xclick">
+<input type="image" src="/images/payment2.png" border="0" name="submit" alt="<?=_("CAcert Donation through PayPal")?>">
+<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHRwYJKoZIhvcNAQcEoIIHODCCBzQCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYCA1pOad7SD8OtSdvHxI3CItmi2sb2eq/1UZbQboNkJTwlaTbTZfoWzBuFmimBR/Qz21Z+L7wFa7XxfhwRLC4V/X4uTJVAIDaKsdTXFNx51EMu+LyiP1O+7GxcdNR7njwvndIaHN0HZIdidpG8jFPP/8ZsLaPe2/Dh2S7344wSuUDELMAkGBSsOAwIaBQAwgcQGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIYn0dsk7tIRmAgaBNejWqE2RRr+Tsb3fVlcbuG98Bq+zaMO5g8n8i3DnBjIoSJNb+ZuSj53oWrh/+HCY4EY1Rg3qHiUSMOS/o9k75UR7C+ez0R9tmZ2eQrdxlqTVuvENRA0W5z6iTJYog5XhMoKScOFUBaIr9zxjETUY2Y1V3X8qRFIe0YWlYRYbePs2p/IDatirUFhOJSff0ancU2GZULRy0PiZHtzbm8Gy/oIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcxMTAzMDcxMDI1WjAjBgkqhkiG9w0BCQQxFgQU8tPwGUvNb8eYe8Pfhe9YutgXm/YwDQYJKoZIhvcNAQEBBQAEgYBpwhhgz5ED5qxBosfMaifzIr2anV5ScQqqQbC1hphWBQ4e2PT5+TQWCcQkrTh2UTp3vC81Y8vYZ+fussa+zPBE8DmeFDfzpLJo+TQHZUiKxWUDu6drv3o3mV3VjAkaqIhAdubhEOxj2bbKND3IRT1lfIVVSUipndKzRjukZJK39A==-----END PKCS7-----">
+</form>
+
+<p><?=_("If you are located in Australia, please use bank transfer instead:")?></p>
+
+<pre>
+Account Name: CAcert Inc
+BSB: 032073
+Account No.: 180264
+</pre>
+
+<p><?=_("ANY amount will be appreciated - the more funding CAcert receives, the sooner it can achieve the goals of the community.")?></p>
+
+<p><?=_("Thank you very much for your support, your donations help CAcert to continue to operate.")?></p>
diff --git a/pages/account/39.php b/pages/account/39.php
new file mode 100755
index 0000000..f89187d
--- /dev/null
+++ b/pages/account/39.php
@@ -0,0 +1,90 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<h3><?=_("Privacy Policy")?></h3>
+
+<p>
+<?=_("This policy discloses what information we gather about you when you visit any of our Web site, and when you issue or use our certificates. It describes how we use that information and how you can control it.")?>
+</p>
+
+<h4>1. <?=_("Website information")?></h4>
+<p>
+<?=_("We collect two kinds of information about website users: 1) data that users volunteer by signing up to our website or when you send us an email via our contact form; and 2) aggregated tracking data we collect when users interact with our site.")?>
+</p>
+
+<h4>2. <?=_("Personal information")?></h4>
+<p>
+<?=_("When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address, date of birth and some lost pass phrase question and answers.")?>
+</p>
+<p>
+<?=_("We only share your information with any other organisation when so instructed by a CAcert arbitrator.")?>
+</p>
+
+<h4>3. <?=_("Aggregated tracking information")?></h4>
+<p>
+<?=_("We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user.")?>
+</p>
+
+<h4>4. <?=_("Cookies")?></h4>
+<p>
+<?=_("Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them.")?>
+</p>
+<p>
+<?=_("We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer.")?>
+</p>
+
+<h4>5. <?=_("Notification of changes")?></h4>
+<p>
+<?=_("If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information.")?>
+</p>
+
+<h4>6. <?=_("How to update, correct, or delete your information")?></h4>
+<p>
+<?=_("You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link")?>
+</p>
+
+<h4>7. <?=_("Privacy of certificates")?></h4>
+<p>
+<?=_("CAcert does not automatically publish the certificates through a directory service or the website to other people than the user who requested the certificate. In the future, the user might be able to opt-in for publication of the certificates through a directory server by CAcert.")?>
+</p>
+
+<h4>8. <?=_("Privacy of user data")?></h4>
+<p>
+<?=_("CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address. No other person related data is published by CAcert.")?>
+</p>
+
+<h4>9. <?=_("Exceptions")?></h4>
+<p>
+<?=_("A CAcert arbitrator may override this policy in a dispute.")?>
+<?=_("To obtain access to confidential data, a dispute has to be filed.")?>
+</p>
+
+<h4>10. <?=_("Legal mandates")?></h4>
+<p>
+<?=_("CAcert adopts the Australian privacy regulations.")?>
+<?=_("Please see <a href='http://www.privacy.gov.au/'>http://www.privacy.gov.au/</a> for further details.")?>
+<?=_("Governmental warrants and civil supoenas will be processed through the dispute resolution system, which ensures that valid authority is given to whoever complies with the supoena or the warrant.")?>
+</p>
+
+
+<p><?=_("If you need to contact us in writing, address your mail to:")?></p>
+<p>
+CAcert Inc.<br>
+P.O. Box 4107<br>
+Denistone East NSW 2112<br>
+Australia
+</p>
diff --git a/pages/account/4.php b/pages/account/4.php
new file mode 100644
index 0000000..a4d6597
--- /dev/null
+++ b/pages/account/4.php
@@ -0,0 +1,190 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
+<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
+<?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?><?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?>
+</object>
+<form method="post" action="account.php" name="CertReqForm"><p>
+<input type="hidden" name="session" value="UsedXenroll">
+<?=_("Key Strength:")?> <select name="CspProvider"></select>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<INPUT TYPE=HIDDEN NAME="CSR">
+<input type="hidden" name="keytype" value="MS">
+<input type="submit" name="GenReq" value="Create Certificate"><br>
+</p></form>
+<script type="text/vbscript" language="vbscript">
+<!--
+Function GetProviderList()
+ Dim CspList, cspIndex, ProviderName
+ On Error Resume Next
+
+ count = 0
+ base = 0
+ enhanced = 0
+ CspList = ""
+ ProviderName = ""
+
+ // Vista:
+ Set csps = CreateObject("X509Enrollment.CCspInformations")
+ If IsObject(csps) Then
+ csps.AddAvailableCsps()
+ Document.CertReqForm.keytype.value="VI"
+ For j = 0 to csps.Count-1
+ Set oOption = document.createElement("OPTION")
+ oOption.text = csps.ItemByIndex(j).Name
+ oOption.value = j
+ Document.CertReqForm.CspProvider.add(oOption)
+ Next
+
+ Else
+
+ // 2000,XP:
+
+ For ProvType = 0 to 13
+ cspIndex = 0
+ cec.ProviderType = ProvType
+ ProviderName = cec.enumProviders(cspIndex,0)
+
+ while ProviderName <> ""
+ Set oOption = document.createElement("OPTION")
+ oOption.text = ProviderName
+ oOption.value = ProvType
+ Document.CertReqForm.CspProvider.add(oOption)
+ if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
+ base = count
+ end if
+ if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
+ enhanced = count
+ end if
+ cspIndex = cspIndex +1
+ ProviderName = ""
+ ProviderName = cec.enumProviders(cspIndex,0)
+ count = count + 1
+ wend
+ Next
+ Document.CertReqForm.CspProvider.selectedIndex = base
+ if enhanced then
+ Document.CertReqForm.CspProvider.selectedIndex = enhanced
+ end if
+ End If
+End Function
+
+Function CSR(keyflags)
+ CSR = ""
+ szName = ""
+
+
+ // Vista
+ if Document.CertReqForm.keytype.value="VI" Then
+
+ Dim g_objClassFactory
+ Dim obj
+ Dim objPrivateKey
+ Dim g_objRequest
+ Dim g_objRequestCMC
+
+ Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
+ Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
+ Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
+ Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
+ //Msgbox exit function
+ objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text
+ // "Microsoft Enhanced RSA and AES Cryptographic Provider"
+ objPrivateKey.ProviderType = "24"
+ objPrivateKey.KeySpec = "1"
+ objPrivateKey.ExportPolicy = 1
+ objRequest.InitializeFromPrivateKey 1, objPrivateKey, ""
+ Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
+ objDN.Encode("CN=CAcertRequest")
+ objRequest.Subject = objDN
+
+ // obj.Initialize(1)
+ obj.InitializeFromRequest(objRequest)
+ obj.CertificateDescription="Description"
+ obj.CertificateFriendlyName="FriendlyName"
+ CSR=obj.CreateRequest(1)
+ If len(CSR)<>0 Then Exit Function
+ Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>"
+
+ else
+ // XP
+
+ cec.HashAlgorithm = "MD5"
+ err.clear
+ On Error Resume Next
+ set options = document.all.CspProvider.options
+ index = options.selectedIndex
+ cec.providerName = options(index).text
+ tmpProviderType = options(index).value
+ cec.providerType = tmpProviderType
+ cec.KeySpec = 2
+ if tmpProviderType < 2 Then
+ cec.KeySpec = 1
+ end if
+ cec.GenKeyFlags = &h04000001 OR keyflags
+ CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ if len(CSR)<>0 then Exit Function
+ cec.GenKeyFlags = &h04000000 OR keyflags
+ CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ if len(CSR)<>0 then Exit Function
+ if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
+ if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
+ cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
+ else
+ Exit Function
+ end if
+ end if
+ cec.GenKeyFlags = 1 OR keyflags
+ CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ if len(CSR)<>0 then Exit Function
+ cec.GenKeyFlags = keyflags
+ CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ if len(CSR)<>0 then Exit Function
+ cec.GenKeyFlags = 0
+ CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ End if
+End Function
+
+Sub GenReq_OnClick
+ Dim TheForm
+ Set TheForm = Document.CertReqForm
+ err.clear
+ result = CSR(2)
+ if len(result)=0 Then
+ result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
+ Exit Sub
+ end if
+ TheForm.CSR.Value = result
+ TheForm.Submit
+ Exit Sub
+End Sub
+
+GetProviderList()
+-->
+</script>
+<? } else { ?>
+<p>
+<form method="post" action="account.php">
+<input type="hidden" name="keytype" value="NS">
+<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
+
+<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
+</p>
+<? } ?>
diff --git a/pages/account/40.php b/pages/account/40.php
new file mode 100755
index 0000000..1b76f9c
--- /dev/null
+++ b/pages/account/40.php
@@ -0,0 +1,86 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['secrethash'] = md5(date("YmdHis").rand(0, intval(date("u"))));
+?>
+<H3><?=_("Contact Us")?></H3>
+
+<p><b><?=_("General Questions")?></b></p>
+<p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be over looked, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a reply quicker.")?></b></p>
+<p><b><?=_("If you are contacting us about advertising, please use the form at the bottom of the website, the first contact form is not the correct place.")?></b></p>
+<p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p>
+<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="http://www.CAcert.org/help.php"><?=_("Go here for more details.")?></a></p>
+<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
+<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
+<p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
+<form method="post" name="form1">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ <input type="hidden" name="support" value="yes">
+ <input type="hidden" name="secrethash2" value="">
+ <table border="0">
+ <tr><td width="90"><?=_("Your Name")?>:</td><td><input type="text" name="who"></td><td>&#160;</td></tr>
+ <tr><td><?=_("Your Email")?>:</td><td><input type="text" name="email"></td></tr>
+ <tr><td><?=_("Subject")?>:</td><td><input type="text" name="subject"></td></tr>
+ <tr><td colspan="2"><textarea name="message" cols="40" rows="10"></textarea></td></tr>
+ <tr><td colspan="3"><font color="#ff0000"><?=_("Warning: Please do not enter confidential data into this form, it is being sent to a public mailinglist. Use the form further below instead.")?></font></td></tr>
+ <tr><td colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td></tr>
+ </table>
+</form>
+
+<p><b>IRC</b></p>
+<p><a href="irc://irc.CAcert.org/CAcert">irc://irc.CAcert.org/CAcert</a></p>
+<p><b>Secure IRC</b></p>
+<p><a href="ircs://irc.CAcert.org:7000/CAcert">ircs://irc.CAcert.org:7000/CAcert</a></p>
+
+<p><b><?=_("Other Mailing Lists")?></b></p>
+<p><?=_("There are a number of other mailing lists CAcert runs, some are general discussion, others are technical (such as the development list) or platform specific help (such as the list for Apple Mac users)")?></p>
+<p><a href="http://lists.cacert.org/"><?=_("Click here to view all lists available")?></a></p>
+
+<p><b><?=_("Sensitive Information")?></b></p>
+<p><?=_("If you have questions, comments or otherwise and information you're sending to us contains sensitive details, you should use the contact form below. Due to the large amounts of support emails we receive, sending general questions via this contact form will generally take longer then using the support mailing list. Also sending queries in anything but english could cause delays in supporting you as we'd need to find a translator to help.")?></p>
+<form method="post" action="https://www.cacert.org/index.php" name="form2">
+ <input type="hidden" name="secrethash2" value="">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ <table border="0">
+ <tr><td><?=_("Your Name")?>:</td><td><input type="text" name="who"></td></tr>
+ <tr><td><?=_("Your Email")?>:</td><td><input type="text" name="email"></td></tr>
+ <tr><td><?=_("Subject")?>:</td><td><input type="text" name="subject"></td></tr>
+ <tr><td colspan="2"><textarea name="message" cols="40" rows="10"></textarea></td></tr>
+ <tr><td colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td></tr>
+ </table>
+</form>
+
+<p><b><?=_("Security Issues")?></b></p>
+<p><?=_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on <a href='https://bugs.cacert.org/'>bugs.cacert.org</a> and mark it as private.")?></p>
+
+<p><b><?=_("Snail Mail")?></b></p>
+<p><?=_("Alternatively you can get in contact with us via the following methods:")?></p>
+
+<p><?=_("Postal Address:")?><br>
+CAcert Inc.<br>
+P.O. Box 4107<br>
+Denistone East NSW 2112<br>
+Australia</p>
+
+<script type="text/javascript">
+<!--
+ var pagehash = '<?=$_SESSION['_config']['secrethash']?>';
+
+ document.form1.secrethash2.value = pagehash;
+ document.form2.secrethash2.value = pagehash;
+-->
+</script>
diff --git a/pages/account/41.php b/pages/account/41.php
new file mode 100644
index 0000000..e44eec9
--- /dev/null
+++ b/pages/account/41.php
@@ -0,0 +1,87 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
+ <tr>
+ <td colspan="2" class="title"><?=_("My Language Settings")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("My prefered language")?>:</td>
+ <td class="DataTD"><select name="lang">
+<?
+echo $_SESSION['_config']['language'];
+ foreach($_SESSION['_config']['translations'] as $key => $val)
+ {
+ echo "<option value='$key'";
+ if($key == $_SESSION['_config']['language'])
+ echo " selected";
+ echo ">$val</option>\n";
+ }
+?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="action" value="default">
+<input type="hidden" name="csrf" value="<?=make_csrf('mainlang')?>" />
+</form>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
+ <tr>
+ <td colspan="2" class="title"><?=_("Additional Language Preferences")?></td>
+ </tr>
+<?
+ $query = "select * from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."'";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'"));
+?>
+ <tr>
+ <td class="DataTD"><?=_("Additional Language")?>:</td>
+ <td class="DataTD" align="left"><? echo "${lang['lang']} - ${lang['country']}"; ?>
+ <a href="account.php?oldid=41&amp;action=dellang&amp;remove=<?=$row['lang']?>&amp;csrf=<?=make_csrf('seclang')?>"><?=_("Delete")?></a></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><?=_("Secondary languages")?>:</td>
+ <td class="DataTD"><select name="addlang">
+<?
+ $query = "select * from `languages` order by `locale`";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ echo "<option value='".sanitizeHTML($row['locale'])."'";
+ echo ">".$row['country']." - ".$row['lang']."</option>\n";
+ }
+?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="action" value="addsec">
+<input type="hidden" name="csrf" value="<?=make_csrf('seclang')?>" />
+</form>
diff --git a/pages/account/42.php b/pages/account/42.php
new file mode 100644
index 0000000..8decae4
--- /dev/null
+++ b/pages/account/42.php
@@ -0,0 +1,33 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Find User")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):''?>" size="30" title="<?=_("use % as wildcard")?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/43.php b/pages/account/43.php
new file mode 100644
index 0000000..a286ec6
--- /dev/null
+++ b/pages/account/43.php
@@ -0,0 +1,417 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
+ {
+ $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
+ $row = 0;
+ $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
+ if ($res) {
+ $row = mysql_fetch_assoc($res);
+ }
+ mysql_query("delete from `notary` where `id`='$assurance'");
+ if ($row) {
+ fix_assurer_flag($row['to']);
+ }
+ }
+
+ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
+ {
+ $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
+
+ //Disabled to speed up the queries
+ //if(!strstr($email, "%"))
+ // $emailsearch = "%$email%";
+
+ if(intval($email) > 0)
+ $emailsearch = "";
+
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
+ where `users`.`id`=`email`.`memid` and
+ (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
+ `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 1) { ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("User ID")?></td>
+ <td class="DataTD"><?=_("Email")?></td>
+ </tr>
+<?
+ while($row = mysql_fetch_assoc($res))
+ { ?>
+ <tr>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
+ </tr>
+<? } if(mysql_num_rows($res) >= 100) { ?>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
+ </tr>
+<? } else { ?>
+ <tr>
+ <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ </tr>
+<? } ?>
+</table><br><br>
+<? } elseif(mysql_num_rows($res) == 1) {
+ $row = mysql_fetch_assoc($res);
+ $_REQUEST['userid'] = $row['id'];
+ } else {
+ printf(_("No users found matching %s"), sanitizeHTML($email));
+ }
+ }
+
+ if(intval($_REQUEST['userid']) > 0)
+ {
+ $id = intval($_REQUEST['userid']);
+ $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ } else {
+ $row = mysql_fetch_assoc($res);
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("First Name")?>:</td>
+ <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
+ <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
+ <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Middle Name")?>:</td>
+ <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Last Name")?>:</td>
+ <td class="DataTD"> <input type="hidden" name="oldid" value="43">
+ <input type="hidden" name="action" value="updatedob">
+ <input type="hidden" name="userid" value="<?=intval($id)?>">
+ <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Suffix")?>:</td>
+ <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Date of Birth")?>:</td>
+ <td class="DataTD">
+<?
+ $year = intval(substr($row['dob'], 0, 4));
+ $month = intval(substr($row['dob'], 5, 2));
+ $day = intval(substr($row['dob'], 8, 2));
+ ?><nobr><select name="day">
+<?
+ for($i = 1; $i <= 31; $i++)
+ {
+ echo "<option";
+ if($day == $i)
+ echo " selected='selected'";
+ echo ">$i</option>";
+ }
+?>
+ </select>
+ <select name="month">
+<?
+ for($i = 1; $i <= 12; $i++)
+ {
+ echo "<option value='$i'";
+ if($month == $i)
+ echo " selected='selected'";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
+ }
+?>
+ </select>
+ <input type="text" name="year" value="<?=$year?>" size="4">
+ <input type="submit" value="Go"></form></nobr></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Trainings")?>:</td>
+ <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Is Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Account Locking")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Code Signing")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Org Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("TTP Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Ad Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Tverify Account")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("General Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Regional Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Change Password")?>:</td>
+ <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Delete Account")?>:</td>
+ <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
+ </tr>
+<?
+ // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
+ if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") {
+?>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
+ </tr>
+<? } else { ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><?=_("Assurance Points")?>:</td>
+ <td class="DataTD"><?=intval($drow['points'])?></td>
+ </tr>
+</table>
+<br><?
+ $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
+ and `email`!='".mysql_escape_string($row['email'])."'";
+ $dres = mysql_query($query);
+ if(mysql_num_rows($dres) > 0) { ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
+ </tr><?
+ $rc = mysql_num_rows($dres);
+ while($drow = mysql_fetch_assoc($dres))
+ { ?>
+ <tr>
+ <td class="DataTD"><?=_("Secondary Emails")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
+ </tr>
+<? } ?>
+</table>
+<br><? } ?>
+<?
+ $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
+ $dres = mysql_query($query);
+ if(mysql_num_rows($dres) > 0) { ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Verified Domains")?></td>
+ </tr><?
+ $rc = mysql_num_rows($dres);
+ while($drow = mysql_fetch_assoc($dres))
+ { ?>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
+ </tr>
+<? } ?>
+</table>
+<br>
+<? } ?>
+
+<?
+ if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
+?>
+
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="7" class="title"><?=_("Assurance Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Email")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ <td class="DataTD"><b><?=_("Revoke")?></b></td>
+ </tr>
+<?
+ $query = "select * from `notary` where `to`='".intval($row['id'])."'";
+ $dres = mysql_query($query);
+ $points = 0;
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
+ $points += $drow['points'];
+?>
+ <tr>
+ <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
+ <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
+ <td class="DataTD"><?=intval($drow['points'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD" colspan="3">&nbsp;</td>
+ </tr>
+</table>
+<? } else { ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;assuredto=yes"><?=_("Show Assurances the user got")?></a></td>
+ </tr>
+<? } ?>
+<br>
+<?
+ if(array_key_exists('assuredby',$_GET) && $_GET['assuredby'] == "yes") {
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="7" class="title"><?=_("Assurance Points The User Issued")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Email")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ <td class="DataTD"><b><?=_("Revoke")?></b></td>
+ </tr>
+<?
+ $query = "select * from `notary` where `from`='".$row['id']."' and `to`!='".$row['id']."'";
+ $dres = mysql_query($query);
+ $points = 0;
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
+ $points += $drow['points'];
+?>
+ <tr>
+ <td class="DataTD"><?=$drow['date']?></td>
+ <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
+ <td class="DataTD"><?=$drow['points']?></td>
+ <td class="DataTD"><?=$drow['location']?></td>
+ <td class="DataTD"><?=$drow['method']?></td>
+ <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD" colspan="3">&nbsp;</td>
+ </tr>
+</table>
+<? } else { ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;assuredby=yes"><?=_("Show Assurances the user gave")?></a></td>
+ </tr>
+<? } ?>
+<br><br>
+<? } } ?>
+
diff --git a/pages/account/44.php b/pages/account/44.php
new file mode 100644
index 0000000..fd34612
--- /dev/null
+++ b/pages/account/44.php
@@ -0,0 +1,38 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Change Password")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("New Password")?>:</td>
+ <td class="DataTD"><input type="text" name="newpass" value="<?=array_key_exists('newpass',$_REQUEST)?sanitizeHTML($_REQUEST['newpass']):""?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/45.php b/pages/account/45.php
new file mode 100644
index 0000000..23bce9d
--- /dev/null
+++ b/pages/account/45.php
@@ -0,0 +1,23 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p><?=_("Paste your CSR below...")?></p>
+<form method="post" action="account.php">
+<textarea name="CSR" cols="80" rows="15"></textarea><br>
+<input type="submit" name="process" value="<?=_("Submit")?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/48.php b/pages/account/48.php
new file mode 100644
index 0000000..8cdd7ac
--- /dev/null
+++ b/pages/account/48.php
@@ -0,0 +1,33 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Find User by Domain")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?>:</td>
+ <td class="DataTD"><input type="text" name="domain" value="<?=array_key_exists('domain',$_POST)?sanitizeHTML($_POST['domain']):''?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/49.php b/pages/account/49.php
new file mode 100644
index 0000000..8b22399
--- /dev/null
+++ b/pages/account/49.php
@@ -0,0 +1,101 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']);
+ if($userid <= 0)
+ {
+ $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain']));
+ if(!strstr($domain, "%"))
+ $domainsearch = "%$domain%";
+ if(preg_match("/^\d+$/",$domain))
+ $domainsearch = "";
+ $query = "select `users`.`id` as `id`, `domains`.`domain` as `domain` from `users`,`domains`
+ where `users`.`id`=`domains`.`memid` and
+ (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domain') and
+ `domains`.`deleted`=0 and `users`.`deleted`=0 and
+ `users`.`verified`=1
+ group by `users`.`id` limit 100";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) >= 1) { ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
+ </tr>
+<?
+ while($row = mysql_fetch_assoc($res))
+ { ?>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=$row['id']?>"><?=sanitizeHTML($row['domain'])?></a></td>
+ </tr>
+<? } if(mysql_num_rows($res) >= 100) { ?>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
+ </tr>
+<? } else { ?>
+ <tr>
+ <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ </tr>
+<? } ?>
+</table><br><br>
+<? } elseif(mysql_num_rows($res) == 1) {
+ $row = mysql_fetch_assoc($res);
+ $_GET['userid'] = intval($row['id']);
+ } else {
+ printf(_("No personal domains found matching %s"), sanitizeHTML($domain));
+ }
+
+ $query = "select `orgid`,`domain` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) >= 1) { ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
+ </tr>
+<?
+ while($row = mysql_fetch_assoc($res))
+ { ?>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?>:</td>
+ <td class="DataTD"><a href="account.php?id=26&amp;orgid=<?=intval($row['orgid'])?>"><?=sanitizeHTML($row['domain'])?></a></td>
+ </tr>
+<? } if(mysql_num_rows($res) >= 100) { ?>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
+ </tr>
+<? } else { ?>
+ <tr>
+ <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ </tr>
+<? } ?>
+</table><br><br>
+<? } elseif(mysql_num_rows($res) == 1) {
+ $row = mysql_fetch_assoc($res);
+ $_GET['userid'] = intval($row['id']);
+ } else {
+ printf(_("No organisational domains found matching %s"), sanitizeHTML($domain));
+ }
+ }
+
+ if($userid > 0)
+ {
+ header("location: account.php?id=43&userid=".intval($_GET['userid']));
+ exit;
+ }
+?>
+
diff --git a/pages/account/5.php b/pages/account/5.php
new file mode 100644
index 0000000..ee500c0
--- /dev/null
+++ b/pages/account/5.php
@@ -0,0 +1,114 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=_("Login")?></td>
+
+<?
+ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
+ `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ `emailcerts`.`id`,
+ `emailcerts`.`CN`,
+ emailcerts.disablelogin as `disablelogin`
+ from `emailcerts`
+ where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
+ ";
+ if($viewall != 1)
+ $query .= " AND `revoked`=0 AND `renewed`=0 ";
+ $query .= " GROUP BY `emailcerts`.`id` ";
+ if($viewall != 1)
+ $query .= " HAVING `timeleft` > 0 ";
+ $query .= " ORDER BY `emailcerts`.`modified` desc";
+// echo $query."<br>\n";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+?>
+ <tr>
+ <td colspan="5" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+ </tr>
+<? } else {
+ while($row = mysql_fetch_assoc($res))
+ {
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
+?>
+ <tr>
+<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
+<? } else if($verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+<? } else { ?>
+ <td class="DataTD">&nbsp;</td>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+<? } ?>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+ <input type="hidden" name="cert_<?=$row['id']?>" value="1"/>
+ </td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="8">
+ <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
+ </td>
+ </tr>
+
+ <tr>
+ <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
+ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+
+ <td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+
+ </tr>
+<? } ?>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
+</form>
+<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
+<p><?=_("Login").": "._("By allowing certificate login, this certificate can be used to login into your account at https://secure.cacert.org/ .")?></p>
diff --git a/pages/account/50.php b/pages/account/50.php
new file mode 100644
index 0000000..1604156
--- /dev/null
+++ b/pages/account/50.php
@@ -0,0 +1,37 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? if($_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Change Password")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="cancel" value="<?=_("No")?>"> <input type="submit" name="process" value="<?=_("Yes")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/51.php b/pages/account/51.php
new file mode 100644
index 0000000..7273840
--- /dev/null
+++ b/pages/account/51.php
@@ -0,0 +1,34 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
+<?
+ $uid = intval($_GET['photoid']);
+ $query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0) { ?>
+<img src="account.php?id=51&amp;photoid=<?=$uid ?>&amp;img=show" border="0" width="800">
+<? } else {
+ $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ echo _("This UID has already been voted on.");
+ } else {
+ echo _("Unable to locate a valid request for that UID.");
+ }
+ } } ?>
diff --git a/pages/account/52.php b/pages/account/52.php
new file mode 100644
index 0000000..77a3bae
--- /dev/null
+++ b/pages/account/52.php
@@ -0,0 +1,102 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
+<?
+ $uid = intval($_GET['uid']);
+ $query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ $row = mysql_fetch_assoc($res);
+ $memid = intval($row['memid']);
+
+ $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $rc2 = mysql_num_rows(mysql_query($query2));
+ if($rc2 > 0)
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You have already voted on this request.");
+ showfooter();
+ exit;
+ }
+
+ $query = "select sum(`points`) as `points` from `notary` where `to`='$memid'";
+ $notary = mysql_fetch_assoc(mysql_query($query));
+ $query = "select * from `users` where `id`='$memid'";
+ $user = mysql_fetch_assoc(mysql_query($query));
+ $tobe = 50 - $notary['points'];
+ if($row['URL'] != '' && $row['photoid'] != '')
+ $tobe = 150 - $notary['points'];
+ else if($row['URL'] != '')
+ $tobe = 90 - $notary['points'];
+ if(intval($tobe) <= 0)
+ $tobe = 0;
+?>
+<?=_("Request Details")?>:<br>
+<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br>
+<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br>
+<?=_("Certificate Subject")?>: <?=$row['CN']?><br>
+<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?>
+<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?>
+<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
+<?=_("Potential Points")?>: <?=intval($tobe)?><br>
+<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
+
+<br>
+<form method="post" action="account.php">
+<?=_("Comment")?>: <input type="text" name="comment"><br>
+<input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
+<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
+<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
+<input type="hidden" name="uid" value="<?=$uid?>">
+</form>
+<? } else {
+ $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ echo _("This UID has already been voted on.")."<br/>";
+ } else {
+ if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
+ }
+
+ // Search for open requests:
+ $query = "select * from `tverify` where `modified`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ echo "<br/>"._("The following requests are still open:")."<br/><ul>";
+ while($row = mysql_fetch_assoc($res))
+ {
+ $uid=intval($row['id']);
+ $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $rc3 = mysql_num_rows(mysql_query($query3));
+ if($rc3 <= 0)
+ {
+ echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
+ }
+ }
+ echo "</ul>\n<br>\n";
+ }
+ else
+ {
+ echo "<br/>"._("There are no pending requests where you haven't voted yet.");
+ }
+
+
+ } } ?>
diff --git a/pages/account/53.php b/pages/account/53.php
new file mode 100644
index 0000000..cc9e2d6
--- /dev/null
+++ b/pages/account/53.php
@@ -0,0 +1,113 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):"";
+ $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
+ $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
+ $start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0;
+ $limit = 25;
+
+ echo "<div id='listshow'><ul class='top'>\n<li>";
+ echo "<a href='account.php?id=53'>"._("Home")."</a>\n";
+
+ $display = "";
+
+ if($regid > 0)
+ {
+ $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
+ $display = "<ul class='top'>\n<li>\n".
+ "<a href='account.php?id=53&amp;regid=$regid'>".sanitizeHTML($reg['name'])."</a> - <a href='account.php?action=add&amp;id=54&amp;regid=$regid'>"._("Add")."</a>\n".
+ $display;
+ $ccid = $_REQUEST['ccid'] = intval($reg['ccid']);
+ }
+
+ if($ccid > 0)
+ {
+ $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='$ccid'"));
+ $display = "<ul class='top'>\n<li>\n".
+ "<a href='account.php?id=53&amp;ccid=$ccid'>".sanitizeHTML($cnt['name'])."</a> - <a href='account.php?action=add&amp;id=54&amp;ccid=$ccid'>"._("Add")."</a>\n".
+ $display;
+ }
+
+ if($display)
+ echo $display;
+
+ if($ccid <= 0)
+ {
+ echo "<ul>\n";
+ $query = "select * from `countries` order by `name`";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ echo "<li><a href='account.php?id=53&amp;ccid=".intval($row['id'])."'>".sanitizeHTML($row['name'])."</a></li>\n";
+
+ echo "</ul>\n</li>\n</ul></div>\n<br>\n";
+ } elseif($regid <= 0) {
+ echo "<ul>\n";
+ $query = "select * from `regions` where `ccid`='$ccid' order by `name`";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ echo "<li>( <a href='account.php?action=edit&amp;id=54&regid=".intval($row['id'])."'>"._("edit")."</a> |";
+ echo " <a href='account.php?action=delete&amp;id=53&regid=".intval($row['id'])."'";
+ echo " onclick=\"return confirm('"._("Are you sure you want to delete this region and all connected locations?")."');\">"._("delete")."</a> )";
+ echo " <a href='account.php?id=53&amp;regid=".intval($row['id'])."'>".sanitizeHTML($row['name'])."</a></li>\n";
+ }
+
+ echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
+ } elseif(intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0) <= 0) {
+ echo "<ul>\n";
+ if($town != "")
+ {
+ $query = "select * from `locations` where `regid`='$regid' and `name` < '$town'";
+ $start = mysql_num_rows(mysql_query($query));
+ }
+ $query = "select * from `locations` where `regid`='$regid' order by `name` limit $start, $limit";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ echo "<li>( <a href='account.php?action=move&amp;id=54&amp;locid=".intval($row['id'])."'>"._("move")."</a> |";
+ echo " <a href='account.php?action=aliases&amp;id=54&amp;locid=".intval($row['id'])."'>"._("aliases")."</a> |";
+ echo " <a href='account.php?action=edit&amp;id=54&amp;locid=".intval($row['id'])."'>"._("edit")."</a> |";
+ echo " <a href='account.php?action=delete&amp;id=53&amp;locid=".intval($row['id'])."'";
+ echo " onclick=\"return confirm('Are you sure you want to delete this location?');\">"._("delete")."</a> ) ".sanitizeHTML($row['name'])." (".sanitizeHTML($row['lat']).",".sanitizeHTML($row['long']).")</li>\n";
+ }
+
+ echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
+ $st="";$prev="";$end="";$next="";
+ $rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='$regid'"));
+ if($start > 0)
+ {
+ $prev = $start - $limit;
+ if($prev < 0)
+ $prev = 0;
+
+ $st = "[ <a href='account.php?id=53&amp;regid=$regid'><< "._("Start")."</a> ] ";
+ $prev = "[ <a href='account.php?id=53&amp;regid=$regid&amp;start=$prev'>< "._("Previous")." $limit</a> ] ";
+ }
+ if($start < $rc - $limit)
+ {
+ $next = $start + $limit;
+ $last = $rc - $limit;
+
+ $next = "[ <a href='account.php?id=53&amp;regid=$regid&amp;start=$next'>"._("Next")." $limit ></a> ] ";
+ $end = "[ <a href='account.php?id=53&amp;regid=$regid&amp;start=$last'>"._("End")." >></a> ]";
+ }
+ echo "<div id='search1'>$st</div><div id='search3'>$end</div>\n";
+ echo "<div id='search2'>$prev</div><div id='search4'>$next</div>\n";
+ }
+?>
diff --git a/pages/account/54.php b/pages/account/54.php
new file mode 100644
index 0000000..753b4af
--- /dev/null
+++ b/pages/account/54.php
@@ -0,0 +1,209 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
+ $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
+ $locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
+ $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";
+
+ if($ccid > 0 && $_REQUEST['action'] == "add") { ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Add Region")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Region")?>:</td>
+ <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="action" value="add">
+<input type="hidden" name="ccid" value="<?=$ccid?>">
+<input type="hidden" name="oldid" value="54">
+</form>
+<? } if($regid > 0 && $_REQUEST['action'] == "edit") {
+ $query = "select * from `regions` where `id`='$regid' order by `name`";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $name = $row['name'];
+?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Edit Region")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Region")?>:</td>
+ <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="action" value="edit">
+<input type="hidden" name="regid" value="<?=$regid?>">
+<input type="hidden" name="oldid" value="54">
+</form>
+<? } if($regid > 0 && $_REQUEST['action'] == "add") { ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Add Location")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location")?>:</td>
+ <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Longitude")?>:</td>
+ <td class="DataTD"><input type="text" name="longitude" value="<?=array_key_exists('longitude',$_REQUEST)?sanitizeHTML($_REQUEST['longitude']):""?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Latitude")?>:</td>
+ <td class="DataTD"><input type="text" name="latitude" value="<?=array_key_exists('latitude',$_REQUEST)?sanitizeHTML($_REQUEST['latitude']):""?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="action" value="add">
+<input type="hidden" name="regid" value="<?=$regid?>">
+<input type="hidden" name="oldid" value="54">
+</form>
+<? } if($locid > 0 && $_REQUEST['action'] == "edit") {
+ $query = "select * from `locations` where `id`='$locid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+
+ if($name == "")
+ $name = $row['name'];
+ if(!array_key_exists('longitude',$_REQUEST) || $_REQUEST['longitude'] == "")
+ $_REQUEST['longitude'] = $row['long'];
+ if(!array_key_exists('latitude',$_REQUEST) || $_REQUEST['latitude'] == "")
+ $_REQUEST['latitude'] = $row['lat'];
+?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Edit Location")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location")?>:</td>
+ <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Longitude")?>:</td>
+ <td class="DataTD"><input type="text" name="longitude" value="<?=sanitizeHTML($_REQUEST['longitude'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Latitude")?>:</td>
+ <td class="DataTD"><input type="text" name="latitude" value="<?=sanitizeHTML($_REQUEST['latitude'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="action" value="edit">
+<input type="hidden" name="locid" value="<?=$locid?>">
+<input type="hidden" name="oldid" value="54">
+</form>
+<? } if($locid > 0 && $_REQUEST['action'] == "aliases") {
+ $query = "select * from `localias` where `locid`='".intval($locid)."'";
+ $res = mysql_query($query);
+ $rc = mysql_num_rows($res);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Location Aliases")?> - <a href="javascript:Show_Stuff()"><?=_("Add")?></a></td>
+ </tr>
+ <tr ID="display1">
+ <td colspan="2" class="DataTD">
+ <form method="post" action="account.php" ACCEPTCHARSET="utf-8">
+ <?=_("Location Alias")?>: <input type="text" name="name"> <input type="submit" value="Add">
+ <input type="hidden" name="action" value="alias">
+ <input type="hidden" name="locid" value="<?=intval($locid)?>">
+ <input type="hidden" name="oldid" value="54">
+ </form>
+ </td>
+ </tr>
+<?
+ while($row = mysql_fetch_assoc($res))
+ {
+?>
+ <tr>
+ <td class="DataTD"><?=$row['name']?></td>
+ <td class="DataTD"><a href="account.php?id=54&amp;locid=<?=$locid?>&amp;name=<?=($row['name'])?>&amp;action=delalias" onclick="return confirm('Are you sure you want to delete this location alias?');"><?=_("Delete")?></td>
+ </tr>
+<? } ?>
+</table>
+<script language="JavaScript" type="text/javascript">
+<!--
+function Show_Stuff()
+{
+ if (document.getElementById("display1").style.display == "none")
+ {
+ document.getElementById("display1").style.display = "";
+ } else {
+ document.getElementById("display1").style.display = "none";
+ }
+}
+
+document.getElementById("display1").style.display = "none";
+-->
+</script>
+<? } if($locid > 0 && $_REQUEST['action'] == "move") {
+ $query = "select * from `locations` where `id`='$locid'";
+ $row = mysql_fetch_assoc(mysql_query($query));
+ $newreg = $_REQUEST['newreg'] = $row['regid'];
+?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Move Location")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location")?>:</td>
+ <td class="DataTD"><?=$row['name']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Set Region")?>:</td>
+ <td class="DataTD"><select name="newreg">
+<?
+ $query = "select * from `regions` where `ccid`='".intval($row['ccid'])."' order by `name`";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ echo "<option value='".intval($row['id'])."'";
+ if($_REQUEST['newreg'] == $row['id'])
+ echo " selected='selected'";
+ echo ">$row[name]</option>\n";
+ }
+?>
+ </select></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="action" value="move">
+<input type="hidden" name="locid" value="<?=$locid?>">
+<input type="hidden" name="oldid" value="54">
+</form>
+<? } ?>
+
diff --git a/pages/account/55.php b/pages/account/55.php
new file mode 100644
index 0000000..ec401a0
--- /dev/null
+++ b/pages/account/55.php
@@ -0,0 +1,112 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
+ $user_id = intval($_SESSION['profile']['id']);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
+ </tr>
+</table>
+<?
+ } else {
+ $user_id = intval($_REQUEST['userid']);
+ $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ } else {
+ $row = mysql_fetch_assoc($res);
+ }
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
+ </tr>
+</table>
+
+<?
+ }
+?>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Test")?></b></td>
+ <td class="DataTD"><b><?=_("Variant")?></b></td>
+ </tr>
+<?
+ $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
+ " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
+ " ORDER BY `CP`.`pass_date`";
+
+ $res = mysql_query($query);
+
+ $HaveTest=0;
+ while($row = mysql_fetch_array($res, MYSQL_NUM))
+ {
+ if ($row[1] == "Assurer Challenge") {
+ $HaveTest=1;
+ }
+?>
+ <tr>
+ <td class="DataTD"><?=$row[0]?></td>
+ <td class="DataTD"><?=$row[1]?></td>
+ <td class="DataTD"><?=$row[2]?></td>
+ </tr>
+<? }
+?>
+</table>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+<?
+ if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
+?>
+ <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
+<? } else {
+ $query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
+ ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '.
+ ' GROUP BY `u`.id, `u`.`assurer`';
+ $res = mysql_query($query);
+ if (!$res) {
+ print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
+ } else {
+ $row = mysql_fetch_array($res, MYSQL_NUM);
+ if ($HaveTest && ($row[2]>=100)) {
+ if (!$row[1]) {
+ // This should not happen...
+ fix_assurer_flag($_SESSION['profile']['id']);
+ }
+?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td>
+<? } elseif (($row[2]>=100) && !$HaveTest) {
+?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td>
+<? } elseif ($HaveTest && ($row[2]<100)) {
+?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td>
+<? }
+ }
+ }
+?> </tr>
+</table>
+
diff --git a/pages/account/56.php b/pages/account/56.php
new file mode 100644
index 0000000..348cc49
--- /dev/null
+++ b/pages/account/56.php
@@ -0,0 +1,41 @@
+<? /*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2008 CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?=_("List of Organisation Assurers:")?>
+
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="1" class="title"><?=_("Name")?></td>
+ <td colspan="1" class="title"><?=_("Email")?></td>
+ <td colspan="1" class="title"><?=_("Country")?></td>
+ </tr>
+ <?
+ $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ ?>
+ <tr>
+ <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td>
+ <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td>
+ <td><?=sanitizeHTML($row['name'])?></td>
+ </tr>
+ <?
+ }
+?>
+</table>
+
diff --git a/pages/account/6.php b/pages/account/6.php
new file mode 100644
index 0000000..38af8e8
--- /dev/null
+++ b/pages/account/6.php
@@ -0,0 +1,136 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
+
+ $query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("No such certificate attached to your account.");
+ showfooter();
+ exit;
+ }
+ $row = mysql_fetch_assoc($res);
+
+ $crtname=escapeshellarg($row['crt_name']);
+ $cert = `/usr/bin/openssl x509 -in $crtname`;
+
+ if($row['keytype'] == "NS")
+ {
+ if(array_key_exists('install',$_REQUEST) && $_REQUEST['install'] == 1)
+ {
+ header("Content-Type: application/x-x509-user-cert");
+ header("Content-Length: ".strlen($cert));
+ $fname=sanitizeFilename($row['CN']);
+ if($fname=="") $fname="certificate";
+ header('Content-Disposition: inline; filename="'.$fname.'.crt"');
+ echo $cert;
+ exit;
+ } else {
+ showheader(_("My CAcert.org Account!"));
+ echo "<h3>"._("Installing your certificate")."</h3>\n";
+ echo "<p>"._("You are about to install a certificate, if you are using mozilla/netscape based browsers you will not be informed that the certificate was installed successfully, you can go into the options dialog box, security and manage certificates to view if it was installed correctly however.")."</p>\n";
+ echo "<p><a href='account.php?id=6&amp;cert=$certid&amp;install=1'>"._("Click here")."</a> "._("to install your certificate.")."</p>\n";
+ showfooter();
+ exit;
+ }
+ } else {
+ showheader(_("My CAcert.org Account!"));
+?>
+<h3><?=_("Installing your certificate")?></h3>
+
+<p><?=_("Hit the 'Install your Certificate' button below to install the certificate into MS IE 5.x and above.")?>
+
+<OBJECT classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
+<?=_("You must enable ActiveX for this to work.")?>
+</OBJECT>
+<FORM >
+<INPUT TYPE=BUTTON NAME="CertInst" VALUE="<?=_("Install Your Certificate")?>">
+</FORM>
+
+</P>
+
+<SCRIPT LANGUAGE=VBS>
+ Sub CertInst_OnClick
+ certchain = _
+<?
+ $lines = explode("\n", $cert);
+ if(is_array($lines))
+ foreach($lines as $line)
+ {
+ $line = trim($line);
+ if($line != "-----END CERTIFICATE-----")
+ echo "\"$line\" & _\n";
+ else {
+ echo "\"$line\"\n";
+ break;
+ }
+ }
+?>
+
+ On Error Resume Next
+
+ Dim obj
+ Set obj=CreateObject("X509Enrollment.CX509Enrollment")
+ If IsObject(obj) Then
+ obj.Initialize(1)
+ obj.InstallResponse 0,certchain,0,""
+ if err.number<>0 then
+ msgbox err.Description
+ else
+ msgbox "<?=_("Certificate installed successfully. Please don't forget to backup now")?>"
+ end if
+ else
+
+
+
+
+ cec.DeleteRequestCert = FALSE
+ err.clear
+
+ cec.WriteCertToCSP = TRUE
+ cec.acceptPKCS7(certchain)
+ if err.number <> 0 Then
+ cec.WriteCertToCSP = FALSE
+ end if
+ err.clear
+ cec.acceptPKCS7(certchain)
+ if err.number <> 0 then
+ errorMsg = "<?=_("Certificate installation failed!")?>" & chr(13) & chr(10) & _
+ "(Error code " & err.number & ")"
+ msgRes = MsgBox(errorMsg, 0, "<?=_("Certificate Installation Error")?>")
+ else
+ okMsg = "<?=_("Personal Certificate Installed.")?>" & chr(13) & chr(10) & _
+ "See Tools->Internet Options->Content->Certificates"
+ msgRes = MsgBox(okMsg, 0, "<?=_("Certificate Installation Complete!")?>")
+ end if
+ End If
+ End Sub
+</SCRIPT>
+
+<p><?=_("Your certificate:")?></p>
+<pre><?=$cert?></pre>
+<?
+
+ showfooter();
+ exit;
+ }
+?>
+
diff --git a/pages/account/7.php b/pages/account/7.php
new file mode 100644
index 0000000..564fd6d
--- /dev/null
+++ b/pages/account/7.php
@@ -0,0 +1,36 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p><?=_("Please Note: You only need to enter the main part of your domain, eg. mydomain.com rather then www.mydomain.com. Once you have verified your domain you are able to enter any sub-domain, such as www.mydomain.com or www.this.is.mydomain.com as the system checks from right to left, rather then specific hostnames when you upload a CSR to the system.")?></p>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+
+ <tr>
+ <td colspan="2" class="title"><?=_("Add Domain")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" width="125"><?=_("Domain")?>: </td>
+ <td class="DataTD" width="125"><input type="text" name="newdomain" value="<?=array_key_exists('newdomain',$_GET)?sanitizeHTML($_GET['newdomain']):''?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("I own or am authorised to control this domain")?>"/></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('adddomain')?>" />
+</form>
+<p><?=_("Currently we only issue certificates for Punycode domains if the person requesting them has code signing attributes attached to their account, as these have potentially slightly higher security risk.")?></p>
diff --git a/pages/account/8.php b/pages/account/8.php
new file mode 100644
index 0000000..6b3de01
--- /dev/null
+++ b/pages/account/8.php
@@ -0,0 +1,38 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+
+ <tr>
+ <td colspan="2" class="title"><?=_("Please choose an authority email address")?></td>
+ </tr>
+<? $tagged=0;
+ if(is_array($_SESSION['_config']['addy']))
+ foreach($_SESSION['_config']['addy'] as $add) { ?>
+ <tr>
+ <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?>></td>
+ <td class="DataTD" width="175"><?=$add?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Probe")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="csrf" value="<?=make_csrf('ctcinfo')?>" />
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/9.php b/pages/account/9.php
new file mode 100644
index 0000000..1be45f5
--- /dev/null
+++ b/pages/account/9.php
@@ -0,0 +1,57 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_("Domains")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Delete")?></td>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Address")?></td>
+
+<?
+ $query = "select * from `domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+?>
+ <tr>
+ <td colspan="3" class="DataTD"><?=_("No domains are currently listed.")?></td>
+ </tr>
+<? } else {
+ while($row = mysql_fetch_assoc($res))
+ {
+ if($row['hash'] == "")
+ $verified = _("Verified");
+ else
+ $verified = _("Unverified");
+?>
+ <tr>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"></td>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['domain'])?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=_("Delete")?>"></td>
+ </tr>
+<? } ?>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/account/CVS/Entries b/pages/account/CVS/Entries
new file mode 100644
index 0000000..9ebbf4d
--- /dev/null
+++ b/pages/account/CVS/Entries
@@ -0,0 +1,56 @@
+/0.php/1.3/Sun Apr 6 19:45:25 2008//
+/37.php/1.6/Sun Apr 6 19:45:25 2008//
+/38.php/1.5/Sun Apr 6 19:45:25 2008//
+/39.php/1.5/Sun Apr 6 19:45:25 2008//
+/45.php/1.2/Sun Apr 6 19:45:25 2008//
+/48.php/1.4/Mon Sep 1 22:28:13 2008//
+/11.php/1.4/Wed Sep 3 18:06:26 2008//
+/15.php/1.4/Wed Sep 3 18:06:26 2008//
+/23.php/1.4/Wed Sep 3 18:06:26 2008//
+/32.php/1.9/Wed Sep 3 18:06:26 2008//
+/51.php/1.5/Wed Sep 3 18:06:26 2008//
+/52.php/1.7/Wed Sep 3 18:06:26 2008//
+/9.php/1.5/Wed Sep 3 18:06:26 2008//
+/16.php/1.8/Wed Sep 3 18:44:17 2008//
+/29.php/1.5/Wed Sep 3 18:44:17 2008//
+/30.php/1.6/Wed Sep 3 18:44:17 2008//
+/34.php/1.8/Wed Sep 3 18:44:17 2008//
+/35.php/1.5/Wed Sep 3 18:44:17 2008//
+/26.php/1.6/Thu Sep 4 13:54:37 2008//
+/31.php/1.6/Thu Sep 4 13:54:37 2008//
+/44.php/1.5/Fri Sep 5 15:50:04 2008//
+/13.php/1.12/Sun Sep 7 22:20:30 2008//
+/2.php/1.7/Sun Sep 7 22:20:30 2008//
+/27.php/1.7/Sun Sep 7 22:20:30 2008//
+/33.php/1.12/Sun Sep 7 22:20:30 2008//
+/8.php/1.5/Sun Sep 7 22:20:30 2008//
+/22.php/1.12/Fri Sep 19 19:10:01 2008//
+/36.php/1.6/Sun Sep 21 04:01:52 2008//
+/41.php/1.8/Sun Sep 21 04:01:52 2008//
+/25.php/1.8/Mon Oct 6 21:29:19 2008//
+/19.php/1.5/Sun Nov 23 05:09:09 2008//
+/28.php/1.8/Sun Nov 23 05:09:09 2008//
+/54.php/1.10/Sun Nov 23 05:09:09 2008//
+/6.php/1.10/Sun Nov 23 05:09:09 2008//
+/49.php/1.10/Mon Nov 24 10:42:42 2008//
+/1.php/1.7/Mon Jan 5 10:34:38 2009//
+/12.php/1.14/Mon Jan 5 10:34:38 2009//
+/7.php/1.9/Mon Jan 5 10:34:38 2009//
+/42.php/1.5/Tue Mar 10 01:50:31 2009//
+/10.php/1.10/Sun Mar 22 00:39:31 2009//
+/20.php/1.6/Sun Mar 22 00:39:31 2009//
+/53.php/1.16/Sun Apr 5 00:44:03 2009//
+/40.php/1.25/Fri Apr 10 23:09:07 2009//
+/17.php/1.7/Fri May 22 05:12:13 2009//
+/4.php/1.11/Fri May 22 05:12:13 2009//
+/24.php/1.7/Sun May 31 00:41:14 2009//
+/18.php/1.14/Sun May 31 16:50:59 2009//
+/21.php/1.7/Sun May 31 16:50:59 2009//
+/43.php/1.42/Sun May 31 16:50:59 2009//
+/5.php/1.21/Sun May 31 16:50:59 2009//
+/50.php/1.5/Sun May 31 16:50:59 2009//
+/3.php/1.16/Thu Jun 25 20:09:31 2009//
+/55.php/1.8/Thu Jun 25 20:09:31 2009//
+/14.php/1.5/Mon Sep 7 22:36:31 2009//
+/56.php/1.2/Sun Sep 6 18:46:20 2009//
+D
diff --git a/pages/account/CVS/Repository b/pages/account/CVS/Repository
new file mode 100644
index 0000000..caa1c7e
--- /dev/null
+++ b/pages/account/CVS/Repository
@@ -0,0 +1 @@
+cacert/pages/account
diff --git a/pages/account/CVS/Root b/pages/account/CVS/Root
new file mode 100644
index 0000000..a363882
--- /dev/null
+++ b/pages/account/CVS/Root
@@ -0,0 +1 @@
+/var/lib/cvs
diff --git a/pages/advertise/CVS/Entries b/pages/advertise/CVS/Entries
new file mode 100644
index 0000000..1784810
--- /dev/null
+++ b/pages/advertise/CVS/Entries
@@ -0,0 +1 @@
+D
diff --git a/pages/advertise/CVS/Repository b/pages/advertise/CVS/Repository
new file mode 100644
index 0000000..806bb2a
--- /dev/null
+++ b/pages/advertise/CVS/Repository
@@ -0,0 +1 @@
+cacert/pages/advertise
diff --git a/pages/advertise/CVS/Root b/pages/advertise/CVS/Root
new file mode 100644
index 0000000..a363882
--- /dev/null
+++ b/pages/advertise/CVS/Root
@@ -0,0 +1 @@
+/var/lib/cvs
diff --git a/pages/advertising/0.php b/pages/advertising/0.php
new file mode 100644
index 0000000..0404a5e
--- /dev/null
+++ b/pages/advertising/0.php
@@ -0,0 +1,100 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $tdcols = 6;
+ if($_SESSION['profile']['adadmin'] == 2)
+ $tdcols++;
+
+ if(array_key_exists('approve',$_REQUEST) && intval($_REQUEST['approve']) > 0 && $_SESSION['profile']['adadmin'] >= 2)
+ {
+ $approve = intval($_REQUEST['approve']);
+ $query = "select * from `advertising` where `id`='$approve' and `expires`='0000-00-00 00:00:00'";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ $row = mysql_fetch_assoc($res);
+ $end = date("Y-m-d H:i:s", mktime(date("H"), date("i"), date("s"), date("m")+$row['months'], date("d"), date("Y")));
+ $query = "update `advertising` set `expires`='$end', `active`=1, `approvedby`='".$_SESSION['profile']['id']."' where `id`='$approve'";
+ mysql_query($query);
+ echo "<p>The ad was approved and is now active.</p>\n";
+ }
+ }
+ if(array_key_exists('deactive',$_REQUEST) && intval($_REQUEST['deactive']) > 0 && $_SESSION['profile']['adadmin'] >= 2)
+ {
+ $deactive = intval($_REQUEST['deactive']);
+ $query = "select * from `advertising` where `id`='$deactive'";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ $row = mysql_fetch_assoc($res);
+ $end = date("Y-m-d H:i:s", mktime(date("H"), date("i"), date("s"), date("m")+$row['months'], date("d"), date("Y")));
+ $query = "update `advertising` set `active`=0 where `id`='$deactive'";
+ mysql_query($query);
+ echo "<p>The ad was deactivated and is now inactive.</p>\n";
+ }
+ }
+
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="500">
+ <tr>
+ <td colspan="<?=$tdcols?>" class="title"><?=_("View Advertising")?> <a href="advertising.php?id=<?=$id?>&showall=1"><?=_("Show All")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD">ID</td>
+ <td class="DataTD">Link</td>
+ <td class="DataTD">Status</td>
+ <td class="DataTD">Expires</td>
+ <td class="DataTD">Edit</td>
+ <td class="DataTD">Disable</td>
+<? if($_SESSION['profile']['adadmin'] == 2) { echo "\t<td class='DataTD'>Approve</td>\n"; }
+?> </tr>
+<?
+ $query = "select *,UNIX_TIMESTAMP(`expires`)-UNIX_TIMESTAMP(NOW()) as `timeleft` from `advertising` where `replaced`=0 ";
+ if(!array_key_exists('showall',$_REQUEST) || $_REQUEST['showall'] != 1)
+ $query .= "and `active`=1 having `timeleft` > 0 ";
+ $query .= "order by `id` desc";
+
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ if($row['expires'] == "0000-00-00 00:00:00")
+ $status = "Pending";
+ else if($row['active'] == 1 && $row['timeleft'] > 0)
+ $status = "Active";
+ else if($row['timeleft'] <= 0)
+ $status = "Expired";
+ else if($row['active'] != 1)
+ $status = "Disabled";
+ else
+ $status = "Unknown";
+ echo "<tr><td class='DataTD'>".$row['id']."</td><td class='DataTD'><a href='".$row['link']."' target='_new'>".$row['title']."</a></td>";
+ echo "<td class='DataTD'>$status</td><td class='DataTD'>".$row['expires']."</td><td class='DataTD'>Edit</td>";
+ echo "<td class='DataTD'>Disable</td>";
+ if($_SESSION['profile']['adadmin'] == 2)
+ {
+ if($status == "Pending" && $row['expires'] == "0000-00-00 00:00:00")
+ echo "<td class='DataTD'><a href='advertising.php?id=0&amp;approve=".$row['id']."'>Approve</a></td>";
+ else if($status == "Active")
+ echo "<td class='DataTD'><a href='advertising.php?id=0&amp;deactive=".$row['id']."'>De-Activate</a></td>";
+ else
+ echo "<td class='DataTD'>N/A</td>";
+ }
+ echo "</tr>\n";
+ }
+?>
+</table>
diff --git a/pages/advertising/1.php b/pages/advertising/1.php
new file mode 100644
index 0000000..5de2ad3
--- /dev/null
+++ b/pages/advertising/1.php
@@ -0,0 +1,38 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? global $errmsg, $link, $title, $months; if($errmsg != "") { ?><p style="color:red"><?=$errmsg?></p><? } ?>
+<form method="post" action="advertising.php" ACCEPTCHARSET="utf-8">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="6" class="title"><?=_("New Advertisement")?></td>
+ </tr>
+ <tr><td class='DataTD'>Link Title:</td><td class='DataTD'><input type="text" name="title" value="<?=$title?>"></td></tr>
+ <tr><td class='DataTD'>URL:</td><td class='DataTD'><input type="text" name="link" value="<?=$link?>"></td></tr>
+ <tr><td class='DataTD'>Months:</td><td class='DataTD'><select name="months"><?
+ for($i = 1; $i <= 12; $i++)
+ {
+ echo "<option value='$i'";
+ if($months == $i)
+ echo " selected";
+ echo ">$i Months</option>";
+ }
+ ?></td></tr>
+ <tr><td class='DataTD' colspan='2'><input type="submit" name="process" value="Submit New Advertisment"></tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/advertising/CVS/Entries b/pages/advertising/CVS/Entries
new file mode 100644
index 0000000..723e316
--- /dev/null
+++ b/pages/advertising/CVS/Entries
@@ -0,0 +1,3 @@
+/1.php/1.2/Sun Apr 6 19:45:25 2008//
+/0.php/1.5/Sun Sep 28 20:13:12 2008//
+D
diff --git a/pages/advertising/CVS/Repository b/pages/advertising/CVS/Repository
new file mode 100644
index 0000000..44c1913
--- /dev/null
+++ b/pages/advertising/CVS/Repository
@@ -0,0 +1 @@
+cacert/pages/advertising
diff --git a/pages/advertising/CVS/Root b/pages/advertising/CVS/Root
new file mode 100644
index 0000000..a363882
--- /dev/null
+++ b/pages/advertising/CVS/Root
@@ -0,0 +1 @@
+/var/lib/cvs
diff --git a/pages/disputes/0.php b/pages/disputes/0.php
new file mode 100644
index 0000000..89da7cf
--- /dev/null
+++ b/pages/disputes/0.php
@@ -0,0 +1,24 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<H3><?=_("Disputes and Abuse Reporting")?></H3>
+<p><?=_("Please select the most appropriate section to report your problem.")?></p>
+<H4><?=_("Disputes")?></H4>
+<p><?=_("If you want to dispute who has control of your email address or domain, select 'Dispute Email' or 'Dispute Domain' on the right hand side.")?></p>
+<H4><?=_("Abuses")?></H4>
+<p><?=_("If you would like to report an abuse of our certificates that breaches our policies please select the Abuse menu on the right.")?></p>
+
diff --git a/pages/disputes/1.php b/pages/disputes/1.php
new file mode 100644
index 0000000..7395b34
--- /dev/null
+++ b/pages/disputes/1.php
@@ -0,0 +1,35 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<H3><?=_("Email Dispute")?></H3>
+<p><?=_("If your dispute is successful you will have the email address removed from the system, you will need add the email address as per usual afterwards. The email will be removed from the current account and any certificates will be revoked.")?></p>
+<form method="post" action="disputes.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Which Email?")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" width="125"><?=_("Email Address")?>: </td>
+ <td class="DataTD" width="125"><input type="text" name="dispute" value=""></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("File Dispute")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('emaildispute')?>" />
+</form>
diff --git a/pages/disputes/2.php b/pages/disputes/2.php
new file mode 100644
index 0000000..717823e
--- /dev/null
+++ b/pages/disputes/2.php
@@ -0,0 +1,36 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<H3><?=_("Domain Dispute")?></H3>
+<p><?=_("If your dispute is successful the domain will be removed from the current account and any certificates will be revoked.")?></p>
+<form method="post" action="disputes.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Dispute Domain")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" width="125"><?=_("Domain")?>: </td>
+ <td class="DataTD" width="125"><input type="text" name="dispute"></td>
+ </tr>
+
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("File Dispute")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('domaindispute')?>" />
+</form>
diff --git a/pages/disputes/4.php b/pages/disputes/4.php
new file mode 100644
index 0000000..7016a66
--- /dev/null
+++ b/pages/disputes/4.php
@@ -0,0 +1,42 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<H3><?=_("Email Dispute")?></H3>
+<p><? printf(_("Currently the email '%s' is in dispute, you have been sent an email to resolve the issue, below you have the option to accept, reject or report the request as fraudulent."), sanitizeHTML($_SESSION['_config']['email'])); ?></p>
+<form method="post" action="disputes.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Email Dispute")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="radio" name="action" value="reject" checked> <?=_("Reject Dispute")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="radio" name="action" value="accept"> <?=_("Accept Dispute")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="radio" name="action" value="abuse"> <?=_("Report Dispute as Abuse")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Dispute")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="type" value="reallyemail">
+<input type="hidden" name="emailid" value="<?=intval($_REQUEST['emailid'])?>">
+<input type="hidden" name="hash" value="<?=sanitizeHTML($_REQUEST['hash'])?>">
+
+</form>
diff --git a/pages/disputes/5.php b/pages/disputes/5.php
new file mode 100644
index 0000000..7212bae
--- /dev/null
+++ b/pages/disputes/5.php
@@ -0,0 +1,38 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<form method="post" action="disputes.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+
+ <tr>
+ <td colspan="2" class="title"><?=_("Please choose an authority email address")?></td>
+ </tr>
+<? $tagged=0;
+ if(is_array($_SESSION['_config']['addy']))
+ foreach($_SESSION['_config']['addy'] as $add) { ?>
+ <tr>
+ <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked='checked'"; $tagged = 1; } ?>></td>
+ <td class="DataTD" width="175"><?=$add?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Dispute")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
+
diff --git a/pages/disputes/6.php b/pages/disputes/6.php
new file mode 100644
index 0000000..159ff6f
--- /dev/null
+++ b/pages/disputes/6.php
@@ -0,0 +1,42 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<H3><?=_("Domain Dispute")?></H3>
+<p><? printf(_("Currently the domain '%s' is in dispute, you have been sent an email to resolve the issue, below you have the option to accept, reject or report the request as fraudulent."), sanitizeHTML($_SESSION['_config']['domain'])); ?></p>
+<form method="post" action="disputes.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Domain Dispute")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="radio" name="action" value="reject" checked> <?=_("Reject Dispute")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="radio" name="action" value="accept"> <?=_("Accept Dispute")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="radio" name="action" value="abuse"> <?=_("Report Dispute as Abuse")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Dispute")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="type" value="reallydomain">
+<input type="hidden" name="domainid" value="<?=intval($_REQUEST['domainid'])?>">
+<input type="hidden" name="hash" value="<?=sanitizeHTML($_REQUEST['hash'])?>">
+
+</form>
diff --git a/pages/disputes/CVS/Entries b/pages/disputes/CVS/Entries
new file mode 100644
index 0000000..e551482
--- /dev/null
+++ b/pages/disputes/CVS/Entries
@@ -0,0 +1,7 @@
+/0.php/1.2/Sun Apr 6 19:45:25 2008//
+/1.php/1.4/Sun Sep 7 22:20:30 2008//
+/2.php/1.4/Sun Sep 7 22:20:30 2008//
+/5.php/1.4/Fri Nov 14 23:40:25 2008//
+/4.php/1.4/Thu Jan 22 20:43:20 2009//
+/6.php/1.4/Thu Jan 22 20:43:20 2009//
+D
diff --git a/pages/disputes/CVS/Repository b/pages/disputes/CVS/Repository
new file mode 100644
index 0000000..af44230
--- /dev/null
+++ b/pages/disputes/CVS/Repository
@@ -0,0 +1 @@
+cacert/pages/disputes
diff --git a/pages/disputes/CVS/Root b/pages/disputes/CVS/Root
new file mode 100644
index 0000000..a363882
--- /dev/null
+++ b/pages/disputes/CVS/Root
@@ -0,0 +1 @@
+/var/lib/cvs
diff --git a/pages/gpg/0.php b/pages/gpg/0.php
new file mode 100644
index 0000000..ce3b72a
--- /dev/null
+++ b/pages/gpg/0.php
@@ -0,0 +1,25 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/shutdown.php");
+?>
+<p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p>
+<form method="post" action="gpg.php">
+<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br>
+<input type="submit" name="process" value="<?=_("Submit")?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/gpg/2.php b/pages/gpg/2.php
new file mode 100644
index 0000000..e10935e
--- /dev/null
+++ b/pages/gpg/2.php
@@ -0,0 +1,71 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("OpenPGP Keys")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=_("Key ID")?></td>
+
+<?
+ $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
+ UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`expire`) as `expired`,
+ `expire` as `expires`, `id`, `level`,
+ `email`,`keyid` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
+ ORDER BY `issued` desc";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+?>
+ <tr>
+ <td colspan="5" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
+ </tr>
+<? } else {
+ while($row = mysql_fetch_assoc($res))
+ {
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+?>
+ <tr>
+<? if($verified == _("Valid")) { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+<? } else if($verified == _("Pending")) { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=$row['email']?></td>
+<? } else { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+<? } ?>
+ <td class="DataTD"><?=$row['expires']?></td>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
+
+ </tr>
+<? } ?>
+<? } ?>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/gpg/3.php b/pages/gpg/3.php
new file mode 100644
index 0000000..d9f54fb
--- /dev/null
+++ b/pages/gpg/3.php
@@ -0,0 +1,33 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $certid = intval($_REQUEST['cert']);
+ $query = "select * from `gpg` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ echo _("No such OpenPGP key attached to your account.");
+ showfooter();
+ exit;
+ }
+ $row = mysql_fetch_assoc($res);
+?>
+<h3><?=_("Below is your OpenPGP key")?></h3>
+<pre>
+<? readfile($row['crt']); ?>
+</pre>
diff --git a/pages/gpg/CVS/Entries b/pages/gpg/CVS/Entries
new file mode 100644
index 0000000..5031102
--- /dev/null
+++ b/pages/gpg/CVS/Entries
@@ -0,0 +1,4 @@
+/2.php/1.9/Wed Sep 3 18:06:26 2008//
+/3.php/1.6/Wed Sep 3 18:06:26 2008//
+/0.php/1.10/Fri May 22 05:12:13 2009//
+D
diff --git a/pages/gpg/CVS/Repository b/pages/gpg/CVS/Repository
new file mode 100644
index 0000000..2c1adbc
--- /dev/null
+++ b/pages/gpg/CVS/Repository
@@ -0,0 +1 @@
+cacert/pages/gpg
diff --git a/pages/gpg/CVS/Root b/pages/gpg/CVS/Root
new file mode 100644
index 0000000..a363882
--- /dev/null
+++ b/pages/gpg/CVS/Root
@@ -0,0 +1 @@
+/var/lib/cvs
diff --git a/pages/help/0.php b/pages/help/0.php
new file mode 100644
index 0000000..83f97bd
--- /dev/null
+++ b/pages/help/0.php
@@ -0,0 +1,29 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<h3><?=_("Help!")?></h3>
+<p><?=_("Following are several tips you may find useful.")?></p>
+
+<ul>
+<li><a href='help.php?id=3'><?=_("Generating a new key pair and CSR for IIS 5.0")?></a></li>
+<li><a href='help.php?id=4'><?=_("How do I generate a private key and CSR using OpenSSL?")?></a></li>
+<li><a href='logos.php'><?=_("How do I get a secured by CAcert emblem on my site?")?></a></li>
+<li><a href='help.php?id=6'><?=_("How do I get a server certificate from CAcert?")?></a></li>
+<li><a href='help.php?id=7'><?=_("How does CAcert protect its root private key?")?></a></li>
+<li><a href='help.php?id=9'><?=_("How can I do a single sign on similar to CAcert using client certificates?")?></a></li>
+<li><a href='http://wiki.cacert.org/'><?=_("Unofficial FAQ/Wiki")?></a></li>
+</ul>
diff --git a/pages/help/2.php b/pages/help/2.php
new file mode 100644
index 0000000..5dd86c4
--- /dev/null
+++ b/pages/help/2.php
@@ -0,0 +1,79 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<ul>
+ <li><a href="#whatFor"><?=_("What is it for?")?></a></li>
+ <li><a href="#whyEmails"><?=_("Why digitally sign your own emails?! (weirdo..)")?></a></li>
+ <li><a href="#freedom"><?=_("How it prepares us to protect our freedom")?></a></li>
+ <li><a href="#whyAdopt"><?=_("Why isn't it being adopted by everyone?")?></a></li>
+ <li><a href="#whyAccept"><?=_("Why is the digital signature described as 'not valid/not trusted'?")?></a></li>
+ <li><a href="#proof"><?=_("But, er, is this really proof of your email identity?")?></a></li>
+ <li><a href="#gimme"><?=_("How do I create my own digital signature?!")?></a><br></li>
+ <li><a href="#encrypt"><?=_("I can't wait to start sending encrypted emails!")?></a></li>
+ <li><a href="#notes"><?=_("Notes for the strangely curious")?></a></li>
+ <li><a href="#refs"><?=_("References")?></a></li>
+</ul>
+<br>
+<h3><a name="whatFor"></a><?=_("What is it for?")?></h3>
+<p><?=_("The purpose of digital signing is to prove, electronically, one's identity")?>. <?=_("You see this all the time on the Internet - every time you go to a secure page on a web site, for example to enter personal details, or to make a purchase, every day you browse web sites that have been digitally signed by a Certificate Authority that is accepted as having the authority to sign it. This is all invisible to the user, except that you may be aware that you are entering a secure zone (e.g. SSL and HTTPS).")?></p>
+<p><?=_("Your browser includes special digital (root) certificates from a number of these 'Certificate Authorities' by default, and all web sites use certificates that are validated by one of these companies, which you as a user implicitly trust every time you go to the secure part of a web site. (You might ask, who validates the security of the Certificate Authorities, and why should you trust them?!")?>.... <a href="#notes"><?=_("Good question")?></a>.)</p>
+<p><?=_("Digital signing thus provides security on the Internet.")?></p>
+
+<h3><a name="whyEmails"></a><?=_("Why digitally sign your own emails?! (weirdo..)")?></h3>
+<p><?=_("Emails are not secure. In fact emails are VERY not secure!")?></p>
+<p><?=_("To get from computer Internet User A to Internet User B an email may pass through tens of anonymous computers on the Internet. These 'Internet infrastructure' computers are all free to inspect and change the contents of your email as they see fit. Governments systematically browse the contents of all emails going in/out/within their country, e.g. the")?> <a href="http://www.cnn.com/2000/TECH/computing/07/28/uk.surveillance.idg/"><?=_("UK Government has done this since the year 2000")?></a>. (<a href="#freedom"><?=_("How it prepares us to protect our freedom")?></a>). <?=_("Ever requested a password that you lost to be emailed to you? That password was wide open to inspection by potential crackers.")?></p>
+<p><?=_("As anyone who has received an email containing a virus from a strange address knows, emails can be easily spoofed. The identity of the sender is very easy to forge via email. Thus a great advantage is that digital signing provides a means of ensuring that an email is really from the person you think it is. If everyone digitally signed their emails, it would be much easier to know whether an email is legitimate and unchanged and to the great relief of many, spamming would be much easier to control, and viruses that forge the sender's address would be obvious and therefore easier to control.")?></p>
+
+<h3><a name="freedom"></a><?=_("How it prepares us to protect our freedom")?></h3>
+<p><?=_("But perhaps, fundamentally, the most important reason for digital signing is awareness and privacy. It creates awareness of the (lack of) security of the Internet, and the tools that we can arm ourselves with to ensure our personal security. And in sensitising people to digital signatures, we become aware of the possibility of privacy and encryption.")?></p>
+<p><?=_("Most people would object if they found that all their postal letters are being opened, read and possibly recorded by the Government before being passed on to the intended recipient, resealed as if nothing had happened. And yet this is what happens every day with your emails (in the UK). There are some who have objected to this intrusion of privacy, but their voices are small and fall on deaf ears. However the most effective way to combat this intrusion is to seal the envelope shut in a miniature bank vault, i.e. encrypt your email. If all emails were encrypted, it would be very hard for Government, or other organisations/individual crackers, to monitor the general public. They would only realistically have enough resources to monitor those they had reason to suspect. Why? Because encryption can be broken, but it takes a lot of computing power and there wouldn't be enough to monitor the whole population of any given country.")?></p>
+<p><?=_("The reason digital signatures prepare us for encryption is that if everyone were setup to be able to generate their own digital signatures, it would be technically very easy to make the next step from digital signatures to encryption. And that would be great for privacy, the fight against spamming, and a safer Internet.")?></p>
+
+<h3><a name="whyAdopt"></a><?=_("Why isn't it being adopted by everyone?")?></h3>
+<p><?=_("Of the biggest reasons why most people haven't started doing this, apart from being slightly technical, the reason is financial. You need your own certificate to digitally sign your emails. And the Certificate Authorities charge money to provide you with your own certificate. Need I say more. Dosh = no thanks I'd rather walk home. But organisations are emerging to provide the common fool in the street with a free alternative. However, given the obvious lack of funding and the emphasis on money to get enrolled, these organisations do not yet have the money to get themselves established as trusted Certificate Authorities. Thus it is currently down to trust. The decision of the individual to trust an unknown Certificate Authority. However once you have put your trust in a Certificate Authority you can implicitly trust the digital signatures generated using their certificates. In other words, if you trust (and accept the certificate of) the Certificate Authority that I use, you can automatically trust my digital signature. Trust me!")?></p>
+
+<h3><a name="whyAccept"></a><?=_("Why is the digital signature described as 'not valid/not trusted'?")?></h3>
+<p><?=_("To fully understand, read the section directly above. I am using a free Certificate Authority to provide me with the ability to digitally sign my emails. As a result, this Certificate Authority is not (yet) recognised by your email software as it is a new organisation that is not yet fully established, although it is probably being included in the Mozilla browser. If you choose to, you can go the their site at CAcert.org to install the root certificate. You may be told that the certificate is untrusted - that is normal and I suggest that you continue installation regardless. Be aware that this implies your acceptance that you trust their secure distribution and storing of digital signatures, such as mine. (You already do this all the time). The CAcert.org root certificate will then automatically provide the safe validation of my digital signature, which I have entrusted to them. Or you can simply decide that you've wasted your time reading this and do nothing (humbug!). Shame on you! :-)")?></p>
+
+<h3><a name="proof"></a><?=_("But, er, is this really proof of your email identity?")?></h3>
+<p><?=_("Security is a serious matter. For a digital certificate with full rights to be issued to an individual by a Certificate Authority, stringent tests must be conducted, including meeting the physical person to verify their identity. At the current moment in time, my physical identity has not been verified by CAcert.org, but they have verified my email address. Installing their root certificate (see above) will thus automatically allow you to validate my digital signature. You can then be confident of the authenticity of my email address - only I have the ability to digitally sign my emails using my CAcert.org certificate, so if you get an email that I digitally signed and which is validated by your email software using the CAcert.org root certificate that you installed, you know it's from me. (Visually you get a simple indication that my email is signed and trusted). Technically, they haven't verified that I really am me! But you have the guarantee that emails from my address are sent by the person who physically administers that address, i.e. me! The only way that someone could forge my digital signature would be if they logged on to my home computer (using the password) and ran my email software (using the password) to send you a digitally signed email from my address. Although I have noticed the cats watching me logon...")?></p>
+
+<h3><a name="gimme"></a><?=_("Cool man! How do I create my own digital signature?!")?></h3>
+<p><?=_("Easy. Ish. Go to CAcert.org, install their root certificate and then follow their joining instructions. Once you have joined, request a certificate from the menu. You will receive an email with a link to the certificate. Click on the link from your email software, and hopefully it will be seamlessly installed. Next find the security section of the settings in your email software and configure digital signatures using the certificate you just downloaded. Hmm. Call me if you want, I'll guide you through it.")?></p>
+
+<h3><a name="encrypt"></a><?=_("I can't wait to start sending encrypted emails!")?></h3>
+<p><?=_("There's nothing to it. I mean literally, you can already start sending your emails encrypted. Assuming of course you have your own digital signature certificate (e.g. as per above), and the person you want to send an encrypted email to also has a digital signature certificate, and has recently sent you a digitally signed email with it. If all these conditions hold, you just have to change the settings in your email software to send the email encrypted and hey presto! Your email software (probably Outlook I guess) should suss out the rest.")?></p>
+
+<h3><a name="notes"></a><?=_("Notes for the strangely curious")?></h3>
+<p><?=_("You are putting your trust in people you don't know!")?><br><?=_("One assumes that if a site has an SSL certificate (that's what enables secure communication, for exchanging personal details, credit card numbers, etc. and gives the 'lock' icon in the browser) that they have obtained that certificate from a reliable source (a Certificate Authority), which has the appropriate stringent credentials for issuing something so vital to the security of the Internet, and the security of your communications. You have probably never even asked yourself the question of who decided to trust these Certificate Authorities, because your browser comes with their (root) certificates pre-installed, so any web site that you come across that has an SSL certificate signed by one of them, is automatically accepted (by your browser) as trustworthy.")?></p>
+<p><?=_("Thus, having now asked the question, you suppose that it's the people who make the browser software that have carefully decided who is a trustworthy Certificate Authority. Funnily enough, the mainstream browsers have not, historically, had public policies on how they decide whether a Certificate Authority gets added to their browser. All of the Certificate Authorities that have found themselves in the browser software, are big names, probably with big profits (so they must be doing a good job!).")?></p>
+<p><?=_("That situation has changed, and Internet Explorer, being the most obvious example, now insists that any Certificate Authorities are 'audited' by an 'independent' organisation, the American Institute for Certified Public Accountant's (AICPA). So now, if you have the money needed (from US$75000 up to US$250000 and beyond) you can get these accountants, who clearly know a lot about money, to approve you as having the required technical infrastructure and business processes to be a Certificate Authority. And they get a nice wad of money for the pleasure. And the Certificate Authorities, having a kind of monopoly as a result, charge a lot for certificates and also get a nice wad of money. And everyone's happy.")?></p>
+<p><?=_("But, with all this money, and all this responsibility, they must be taking a lot of care to ensure the Certificate Authorities do their jobs well, and keep doing their jobs well, right? Well right?!")?></p>
+<p><?=_("And they are making mistakes")?></p>
+<p><?=_("So if you don't pass the audit, you don't get to be a Certificate Authority. And to pass the audit, well, you've got to show that you can do a good job issuing certificates. That they're secure, you only give them to the right people, etc. So what happens when you make a mistake and you erroneously issue a certificate that risks the entire Internet browsing population, like Verisign did? Well, er, nothing actually. They already paid for their audit, and damn it, they're so big now, we couldn't possibly revoke their Certificate Authority status. (There's too much money at stake!)")?></p>
+
+<h3><?=_("So, dammit, what's the point of all this then?")?></h3>
+<p><?=_("The point is, as the current situation holds, you should be wary of anyone making decisions for you (i.e. pre-installed certificates in your browser), and you should be weary of anyone else's certificates that you install. But at the end of the day, it all boils down to trust. If an independent Certificate Authority seems to be reputable to you, and you can find evidence to support this claim, there's no reason why you shouldn't trust it any less than you implicitly trust the people who have already made mistakes.")?></p>
+<h3><a name="refs"></a><?=_("References")?></h3>
+<p><a href="http://www.schneier.com/paper-pki.pdf"><?=_("Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure")?></a> - http://www.counterpane.com/pki-risks.pdf</p>
+<p><a href="http://www.webtrust.org/certauth.htm"><?=_("WebTrust for Certification Authorities")?></a> - http://www.webtrust.org/certauth.htm</p>
+<p><a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-017.asp"><?=_("Erroneous Verisign Issued Digital Certificates Pose Spoofing Hazard")?></a> - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-017.asp</p>
+<p><a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/rootcert.asp"><?=_("Microsoft Root Certificate Program")?></a> - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/rootcert.asp</p>
+<p><a href="http://www.homeoffice.gov.uk/crimpol/crimreduc/regulation/index.html"><?=_("The Regulation of Investigational Powers Act (RIPA)</a> ('Snooping Bill' official gov site, UK)")?> - http://www.homeoffice.gov.uk/crimpol/crimreduc/regulation/index.html</p>
+<p><a href="http://www.cnn.com/2000/TECH/computing/07/28/uk.surveillance.idg/"><?=_("U.K. e-mail snooping bill passed")?></a> (UK) - http://www.cnn.com/2000/TECH/computing/07/28/uk.surveillance.idg/</p>
+<p><?=_("Disclaimer : These are the author's opinions, but they should not be considered 'truth' without personal verification. The author may have made mistakes and any mistakes will be willingly rectified by contacting the administrator of elucido.net, contact details available from the normal domain registration information services (e.g. whois.net).&nbsp; No recommendation to install a Certificate Authority's root certificate is either intended nor implied.")?></p>
+<p><? printf(_("The page has been reproduced on %s with explicit permission from %sthe author%s with the information being copyrighted to the author (name with held by request)"), "<a href='http://www.CAcert.org'>CAcert.org</a>", "<a href='http://elucido.net/'>", "</a>")?></p>
diff --git a/pages/help/3.php b/pages/help/3.php
new file mode 100644
index 0000000..b56823e
--- /dev/null
+++ b/pages/help/3.php
@@ -0,0 +1,88 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<h3><?=_("Generating a Key Pair and Certificate Signing Request (CSR) for a Microsoft Internet Information Server (IIS) 5.0.")?></h3>
+<p><?=_("To generate a public and private key pair and CSR for a Microsoft IIS 5 Server:")?></p>
+ <ol class="tutorial">
+ <li><b><?=_("Key generation process")?></b><br />
+ <?=_("Under 'Administrative Tools', open the 'Internet Services Manager'. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on the particular website will open up its properties.")?><br />
+ <img src="iistutorial/image001.jpg" height="453" width="642" alt="<?=_("Screenshot of IIS 5.0")?>" /><br />
+ <img src="iistutorial/image002.jpg" height="453" width="463" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Open Directory Security folder")?></b><br />
+ <?=_("In the 'Directory Security' folder click on the 'Server Certificate' button in the 'Secure communications' section. If you have not used this option before the 'Edit' button will not be active.")?><br />
+ <img src="iistutorial/image003.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Select 'Create a new certificate'")?></b><br />
+ <?=_("Now 'Create a new certificate'.")?><br />
+ <img src="iistutorial/image004.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Prepare the request")?></b><br />
+ <?=_("You'll prepare the request now, but you can only submit the request via the online request forms. We do not accept CSRs via email.")?><br />
+ <img src="iistutorial/image005.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Enter a certificate name and select Certificate strength")?></b><br />
+ <?=_("Select 'Bit length'. We advise a key length of 1024 bits.")?><br />
+ <img src="iistutorial/image006.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /><br />
+ <br />
+ <?=_("You have now created a public/private key pair. The private key is stored locally on your machine. The public portion is sent to CAcert in the form of a CSR.")?><br />
+ <br />
+ <?=_("You will now create a CSR. This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. The following characters must be excluded from your CSR fields, or your certificate may not work:")?> <p style="color: red;">! @ # $ % ^ * ( ) ~ ? &gt; &lt; &amp; / \</p>
+ </li>
+ <li><b><?=_("Enter your Organisation Information")?></b><br />
+ <?=_("Enter the Organisation name: this must be the full legal name of the Organisation that is applying for the certificate.")?><br />
+ <br />
+ <?=_("The Organisational Unit field is the 'free' field. It is often the department or Server name for reference.")?><br />
+ <img src="iistutorial/image007.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Enter your Common Name")?></b><br />
+ <?=_("The Common Name is the fully qualified host and Domain Name or website address that you will be securing. Both 'www.CAcert.org' and 'secure.CAcert.com' are valid Common Names. IP addresses are usually not used.")?><br />
+ <img src="iistutorial/image008.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Enter the geographical details")?></b><br />
+ <?=_("Your country, state and city.")?><br />
+ <img src="iistutorial/image009.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Choose a filename to save the request to")?></b><br />
+ <?=_("Select an easy to locate folder. You'll have to open this file up with Notepad. The CSR must be copied and pasted into our online form. Once the CSR has been submitted, you won't need this CSR any more as IIS won't reuse old CSR to generate new certificates.")?><br />
+ <img src="iistutorial/image010.gif" height="386" width="503" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Confirm your request details")?></b></li>
+ </ol>
+<p><?=_("Finish up and exit IIS Certificate Wizard")?></p>
+
+<h3><?=_("Certificate Installation process for IIS 5.0")?></h3>
+<p><?=_("After your certificate has been emailed to you, follow this process to install the certificate.")?></p>
+ <ol class="tutorial">
+ <li><b><?=_("Saving the certificate")?></b><br />
+ <?=_("Copy the contents of the email including the")?>
+ <code>-----BEGIN CERTIFICATE-----</code> <?=_("and")?>
+ <code>-----END CERTIFICATE-----</code> <?=_("lines. Do not copy any extra line feeds or carriage returns at the beginning or end of the certificate. Save the certificate into a text editor like Notepad. Save the certificate with an extension of .cer and a meaningful name like certificate.cer")?><br /><br />
+ <img src="iistutorial/image011b.png" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Installation steps")?></b><br />
+ <?=_("Return to the 'Internet Information Services' screen in 'Administrative Tools' under 'Control Panel'. Right click on 'Default Web Site' and select 'Properties'.")?><br />
+ <img src="iistutorial/image001.jpg" height="453" width="642" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Select the Directory Security tab")?></b><br />
+ <?=_("Select 'Server Certificate' at the bottom of the tab in the 'Secure communications' section.")?><br />
+ <img src="iistutorial/image002.jpg" height="453" width="463" alt="<?=_("Screenshot of IIS 5.0")?>" /><br /></li>
+ <li><b><?=_("In the 'IIS Certificate Wizard' you should find a 'Pending Certificate Request'.")?></b><br />
+ <?=_("Ensure 'Process the pending request and install the certificate' is selected and click on 'Next'.")?><br />
+ <img src="iistutorial/image012.gif" height="388" width="506" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Browse to the location you saved the .cer file to in step 1")?></b><br />
+ <?=_("Select the .cer file and click 'Next'.")?><br />
+ <img src="iistutorial/image013.gif" height="388" width="505" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("Ensure that you are processing the correct certificate")?></b><br />
+ <?=_("...then click 'Next'.")?><br />
+ <img src="iistutorial/image014.jpg" height="390" width="506" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ <li><b><?=_("You will see a confirmation screen.")?></b><br />
+ <?=_("When you have read this information, click 'Finish'.")?><br />
+ <img src="iistutorial/image015.gif" height="390" width="507" alt="<?=_("Screenshot of IIS 5.0")?>" /></li>
+ </ol>
+ <p><b><?=_("And you're done!")?></b></p>
+ <p><?=_("For more information, refer to your server documentation or visit")?> <a href="http://support.microsoft.com/support/"><?=_("Microsoft Support Online")?></a>.</p>
diff --git a/pages/help/4.php b/pages/help/4.php
new file mode 100644
index 0000000..428c934
--- /dev/null
+++ b/pages/help/4.php
@@ -0,0 +1,45 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p><?=_("Firstly you will need to run the following command, preferably in secured directory no one else can access, however protecting your private keys is beyond the scope of this document.")?></p>
+<p># openssl req -nodes -new -keyout private.key -out server.csr</p>
+<p><?=_("Then the system will try to generate some very random numbers to get a secure key.")?></p>
+<p><?=_("Generating a 1024 bit RSA private key")?><br>
+ ...++++++<br>
+ ....++++++<br>
+<?=_("writing new private key to 'private.key'")?></p>
+<p><?=_("You will then be asked to enter information about your company into the certificate. Below is a valid example:")?></p>
+<p><?=_("Country Name (2 letter code) [AU]:")?>AU<br>
+ <?=_("State or Province Name (full name) [NSW]:")?>NSW<br>
+ <?=_("Locality Name (eg, city) [Sydney]:")?>Sydney<br>
+ <?=_("Organization Name (eg, company) [XYZ Corp]:")?>CAcert Inc.<br>
+ <?=_("Organizational Unit Name (eg, section) [Server Administration]:.")?><br>
+ <?=_("Common Name (eg, YOUR name) []:")?>www.cacert.org<br>
+ <?=_("Email Address")?> []:no-returns@cacert.org</p>
+<p><?=_("Finally you will be asked information about 'extra' attribute, you simply hit enter to both these questions.")?></p>
+<p><?=_("Next step is that you submit the contents of server.csr to the CAcert website, it should look *EXACTLY* like the following example otherwise the server may reject your request because it appears to be invalid.")?></p>
+<p>-----BEGIN CERTIFICATE REQUEST-----<br>
+ MIIBezCB5QIBADA8MRcwFQYDVQQDEw53d3cuY2FjZXJ0Lm9yZzEhMB8GCSqGSIb3<br>
+ DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB<br>
+ iQKBgQDQd1+ut4TJLWZf5A9r3D17Kob+CNwz/jfCOYrH0P6q1uw4jfSyrWUeSaVc<br>
+ 59Xjpov8gRctlAuWM9KavkLSF6vcNdDEbvUYnL/+ixdmVE9tlXuSFEGz0GAF5faf<br>
+ QZe30wk+2hnC6P+rwclypOhkTXtWgvSHPZg9Cos8xqDyv589QwIDAQABoAAwDQYJ<br>
+ KoZIhvcNAQEEBQADgYEAJruzBZr4inqaeidn1m2q47lXZUWjgsrp3k3bFJ/HCb3S<br>
+ 2SgVqHFrOisItrr7H0Dw2EcPhIrRokRdjIAwwlxG9v21eFaksZUiaP5Yrmf89Njk<br>
+ HV+MZXxbC71NIKrnZsDhHibZslICh/XjdPP7zfKMlHuaaz1oVAmu9BlsS6ZXkVA=<br>
+-----END CERTIFICATE REQUEST----- </p>
+<p><?=_("Once you've submitted it the system will process your request and send an email back to you containing your server certificate.")?></p>
diff --git a/pages/help/5.php b/pages/help/5.php
new file mode 100644
index 0000000..d59e3dc
--- /dev/null
+++ b/pages/help/5.php
@@ -0,0 +1,18 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?=_("To be completed")?>
diff --git a/pages/help/6.php b/pages/help/6.php
new file mode 100644
index 0000000..adbd656
--- /dev/null
+++ b/pages/help/6.php
@@ -0,0 +1,28 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p><?=_("Firstly you need to join CAcert to do that go:")?> <a href='https://www.cacert.org/index.php?id=1'><?=("here")?></a></p>
+
+<p><?=_("Then you need to generate a Certificate Signing Request, for more details go:")?> <a href=http://www.cacert.org/help.php><?=_("here")?></a></p>
+
+<p><?=_("You then need to add the domain you have control of to your account, which you can do:")?> <a href='https://www.cacert.org/account.php?id=7'><?=_("here")?></a></p>
+
+<p><?=_("System will send you an email with a link in it, you just open the link in a webbrowser.")?></p>
+
+<p><?=_("Then you need to submit the contents from the CSR file to CAcert, you need to go:")?> <a href='https://www.cacert.org/account.php?id=10'><?=_("here")?></a></p>
+
+<p><?=_("CAcert then sends you an email with a signed copy of your certificate. Hopefully the rest should be pretty straight forward.")?></p>
diff --git a/pages/help/7.php b/pages/help/7.php
new file mode 100644
index 0000000..842a4cf
--- /dev/null
+++ b/pages/help/7.php
@@ -0,0 +1,26 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p><?=_("In light of a request on the bugzilla list for more information about how our root certificate is protected I've decided to do a write up here and see if there is anything more people suggest could be done, or a better way of handling things altogether.")?></p>
+<p><?=_("Currently there is 2 main servers, one for webserver, one for root store, with the root store only connected to the webserver via serial cable, with a daemon running as non-root processes on each end of the serial listening/sending requests/info.")?></p>
+<p><?=_("If the root store detects a bad request it assumes the webserver is compromised and shuts itself down.")?></p>
+<p><?=_("If the root store doesn't receive a 'ping' reply over the serial link within a determined amount of time it assumes the webserver is compromised or the root store itself has been stolen and shuts itself down.")?></p>
+<p><?=_("Apart from the boot stuff, all data resides on an encrypted partition on the root store server and only manual intervention in the boot up process by entering the password will start it again.")?></p>
+<p><?=_("The requests sent to the root store, are stored in a file for another process triggered by cron to parse and sign them, then stored in a reply file to be sent back to the webserver. Causing things to be separated into different users, basic privilege separation stuff. So being actually able to hack the serial daemons will only at the VERY worst cause fraudulent certificates, not the root to be revealed.")?></p>
+<p><?=_("Why use serial you ask? Well certificate requests are low bandwidth for starters, then of course simpler systems in security are less prone to exploits, and finally serial code is pretty mature and well tested and hopefully all exploits were found and fixed a long time ago.")?></p>
+<p><?=_("With the proposed root certificate changes, there would be a new root, this would sign at least 1 sub-root, then the private key stored offline in a bank vault, with the sub-root doing all the signing, or alternatively 2 sub-roots, 1 for client certificates, one for server, the thinking behind this, if any of the sub-roots are compromised they can be revoked and reissued.")?></p>
+<p><?=_("Alternatively as things progress we can add more layers of security with say 4 webservers talking to 2 intermediate servers, talking to the root store, and acting in a token ring fashion, anything happening out of sequence, and the server directly upstream shuts itself down, which if that were in place and there were multiple paths, any down time in this fashion would fall over to the servers not compromised, anyways just some food for thought.")?></p>
diff --git a/pages/help/8.php b/pages/help/8.php
new file mode 100644
index 0000000..8ee4974
--- /dev/null
+++ b/pages/help/8.php
@@ -0,0 +1,20 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p><i><?=_("Question: I'm a software developer for linux and I want to use CAcert/openssl to distribute my packages with detached signatures, is this possible and why would I do this over PGP/GPG detached signatures?")?></i></p>
+<p><?=_("I'll anwser the why part first, as that's reasonably easy. The short answer is it takes most of the key handling responsibilty away from you and/or your group. If you need to revoke your key for any reason (such as a developer leaving the project) it won't effect your ability to revoke the existing key or keys, and issue new ones.")?></p>
+
diff --git a/pages/help/9.php b/pages/help/9.php
new file mode 100644
index 0000000..8a538fe
--- /dev/null
+++ b/pages/help/9.php
@@ -0,0 +1,67 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ function dotab($num)
+ {
+ $string="";
+ for($i = 0; $i < $num; $i++)
+ {
+ for($j = 0; $j < 8; $j++)
+ $string .= "&nbsp;";
+ }
+ return($string);
+ }
+?>
+<h3><?=_("How can I do a single sign on similar to CAcert using client certificates?")?></h3>
+
+<p><?=_("Firstly you need mod-ssl and apache setup (this is beyond the scope of this FAQ item and you will need to search on google etc for LAMP setup information). I recommend mod-ssl over apache-ssl because it means you need less resources to achieve the same result.")?></p>
+
+<p><?=_("Once you have everything setup and working you will need to add lines similar to below to your apache.conf")?></p>
+
+<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"><br>
+&lt;VirtualHost 127.0.0.1:443&gt;<br>
+SSLEngine on<br>
+SSLVerifyClient require<br>
+SSLVerifyDepth 2<br>
+SSLCACertificateFile /etc/ssl/cacert.crt<br>
+SSLCertificateFile /etc/ssl/certs/cacert.crt<br>
+SSLCertificateKeyFile /etc/ssl/private/cacert.pem<br>
+SSLOptions +StdEnvVars<br>
+<br>
+ServerName secure.cacert.org<br>
+DocumentRoot /www<br>
+&lt;/VirtualHost&gt;<br><br>
+</p>
+
+<p><?=_("Please note, you will need to alter the paths, hostname and IP of the above example, which is just that an example! The SSLCACertificateFile directive is supposed to point to a file with the root certificate you wish to verify your client certificates against, for the CAcert website we obviously only accept certificates issued by our own website and use our root certificate to initially verify this.")?></p>
+
+<p><?=_("Once you have everything working and you've tested sending a client certificate to your site and you're happy all is well you can start adding code to PHP (or any other language you like that can pull server environment information). At present I only have PHP code available and the example is in PHP")?></p>
+
+<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"><br>
+<?=dotab(1)?>if($_SERVER['HTTP_HOST'] == "secure.cacert.org")<br>
+<?=dotab(1)?>{<br>
+<?=dotab(2)?>$query = "select * from `users` where `email`='$_SERVER[SSL_CLIENT_S_DN_Email]'";<br>
+<?=dotab(2)?>$res = mysql_query($query);<br>
+<?=dotab(2)?>if(mysql_num_rows($res) > 0)<br>
+<?=dotab(2)?>{<br>
+<?=dotab(3)?>$_SESSION['profile']['loggedin'] = 1;<br>
+<?=dotab(3)?>header("location: https://secure.cacert.org/account.php");<br>
+<?=dotab(3)?>exit;<br>
+<?=dotab(2)?>}<br>
+<?=dotab(1)?>}<br><br>
+</p>
diff --git a/pages/help/CVS/Entries b/pages/help/CVS/Entries
new file mode 100644
index 0000000..4cc5700
--- /dev/null
+++ b/pages/help/CVS/Entries
@@ -0,0 +1,10 @@
+/2.php/1.5/Sun Apr 6 19:45:25 2008//
+/4.php/1.4/Sun Apr 6 19:45:25 2008//
+/5.php/1.3/Sun Apr 6 19:45:25 2008//
+/6.php/1.3/Sun Apr 6 19:45:25 2008//
+/7.php/1.3/Sun Apr 6 19:45:25 2008//
+/8.php/1.3/Sun Apr 6 19:45:25 2008//
+/0.php/1.9/Wed Sep 3 18:44:17 2008//
+/9.php/1.4/Sun Sep 28 20:13:12 2008//
+/3.php/1.5/Thu Jun 25 20:09:32 2009//
+D
diff --git a/pages/help/CVS/Repository b/pages/help/CVS/Repository
new file mode 100644
index 0000000..c7c6c24
--- /dev/null
+++ b/pages/help/CVS/Repository
@@ -0,0 +1 @@
+cacert/pages/help
diff --git a/pages/help/CVS/Root b/pages/help/CVS/Root
new file mode 100644
index 0000000..a363882
--- /dev/null
+++ b/pages/help/CVS/Root
@@ -0,0 +1 @@
+/var/lib/cvs
diff --git a/pages/index/0.php b/pages/index/0.php
new file mode 100644
index 0000000..0a1d11e
--- /dev/null
+++ b/pages/index/0.php
@@ -0,0 +1,171 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<h3><?=_("Are you new to CAcert?")?></h3>
+
+<p><?=sprintf(_("If you want to have free certificates issued to you, join the %s CAcert Community %s."),"<a href=\"https://www.cacert.org/index.php?id=1\">","</a>")?></p>
+
+<p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Disclaimer and Licence %s."),'<a href="/policy/NRPDisclaimerAndLicence.php">',"</a>")?>
+<?=sprintf(_("This license applies to using the CAcert %s root keys %s."),'<a href="/index.php?id=3">','</a>')?></p>
+
+
+<? if(!array_key_exists('mconn',$_SESSION) || !$_SESSION['mconn']) echo "<font size='+1'>"._("Most CAcert functions are currently unavailable. Please come back later.")."</font>";?>
+
+
+
+<div class="newsbox">
+<?
+/*
+ $query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 5";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n";
+ if($row['story'] != "")
+ echo "<p>[ <a href='news.php?id=".$row['id']."'>"._("Full Story")."</a> ]</p>\n";
+ }
+ if(mysql_num_rows(mysql_query("select * from `news`")) > 2)
+ echo "<p>[ <a href='news.php'>"._("More News Items")."</a> ]</p>";
+*/
+ $rss = "";
+ $open = $items = 0;
+ $fp = @fopen("/www/pages/index/feed.rss", "r");
+ if($fp)
+ {
+ echo '<p id="lnews">'._('Latest News').'</p>';
+
+
+ while(!feof($fp))
+ $rss .= trim(fgets($fp, 4096));
+ fclose($fp);
+ $rss = str_replace("><", ">\n<", $rss);
+ $lines = explode("\n", $rss);
+ foreach($lines as $line)
+ {
+ $line = trim($line);
+
+ if($line != "<item>" && $open == 0)
+ continue;
+
+ if($line == "<item>" && $open == 0)
+ {
+ $open = 1;
+ continue;
+ }
+
+ if($line == "</item>" && $open == 1)
+ {
+ $items++;
+ if($items >= 3)
+ break;
+ $open == 0;
+ continue;
+ }
+ if(substr($line, 0, 7) == "<title>")
+ echo "<h3>".str_replace("&amp;#", "&#", recode_string("UTF8..html", str_replace("&amp;", "", trim(substr($line, 7, -8)))))."</h3>\n";
+ if(substr($line, 0, 13) == "<description>")
+ echo "<p>".str_replace("&amp;#", "&#", recode_string("UTF8..html", str_replace("&amp;", "", trim(substr($line, 13, -14)))))."</p>\n";
+ if(substr($line, 0, 6) == "<link>")
+ echo "<p>[ <a href='".trim(substr($line, 6, -7))."'>"._("Full Story")."</a> ]</p>\n";
+ }
+ }
+?>
+[ <a href="http://blog.CAcert.org/"><?=_('More News Items')?></a> ]
+</div>
+<hr/>
+
+<h3><?=_("For CAcert Community Members")?></h3>
+
+<p><?=sprintf(_("Have you passed the CAcert %s Assurer Challenge %s yet?"),'<a href="http://wiki.cacert.org/wiki/AssurerChallenge">','</a>')?></p>
+
+<p><?=sprintf(_("Have you read the CAcert %sCommunity Agreement%s yet?"),'<a href="/policy/CAcertCommunityAgreement.php">','</a>')?></p>
+
+<p><?=sprintf(_("For general documentation and help, please visit the CAcert %sWiki Documentation site %s."),'<a href="http://wiki.CAcert.org">','</a>')?>
+<?=sprintf(_("For specific policies, see the CAcert %sApproved Policies page%s."),'<a href="/policy/">',"</a>")?></p>
+
+<h3><?=_("Do you want to help CAcert?")?></h3>
+<b><?=_("We are facing an uphill battle to fund this service and could do with your help?")?></b><br/>
+
+<?=_("If you can, please donate.")?><br />
+<?=_("AU$50 per year for this button")?><br />
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_s-xclick">
+<input type="image" src="/images/payment2a.png" border="0" name="submit" alt="PayPal">
+<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHsQYJKoZIhvcNAQcEoIIHojCCB54CAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYBxGkBs/mmEZRh6K8mwoFJtMp+osc6AkkbKTcC9vaFbZNIDEYXCuhGWEoAZDXXZDO+AhMezeG0ug87wjDMKFkI5g5ma8uGlhQvZ6Qu1Ra8zeL9iUUk6uPpiq1h2kjD0C9CgoZmrHpKB+T8+EXFG5PISbwqqoE8OOavsxMNGhTzxJzELMAkGBSsOAwIaBQAwggEtBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECPQ/Y13nrcTCgIIBCOLwLR4pRGnq0o5O9jGmhbF2+u56cBWCoRbZGcgoQqHXgdPKTS4EkXmu1wvLa5Y4XTgL6HUVavYViJAONgLkVyktAHlkl5XPycaAuTL4NyXCJf1VjscXS7tPv0CZ8w2JU5MlzsQ8w0UTQF0+4WDpcsj+klTlO5KyyWMaScZBsziGndfeyfO6Navv3Z5SiHb92D/i9Xf4wZaex6pX3u14WPsczTkUpne6qXmgwPS7jG+oPjWPrPRCHpe/wn3P/AC1WyHzr4X8YxR9+2gbjmyE+2RwS5vqFKcApNxuoAAtLoS2IKGg872PJUctAZEoPt2FCwisFwf170tc9gb1dtRe6KymAMRr6TDM6aCCA4cwggODMIIC7KADAgECAgEAMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTAeFw0wNDAyMTMxMDEzMTVaFw0zNTAyMTMxMDEzMTVaMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwUdO3fxEzEtcnI7ZKZL412XvZPugoni7i7D7prCe0AtaHTc97CYgm7NsAtJyxNLixmhLV8pyIEaiHXWAh8fPKW+R017+EmXrr9EaquPmsVvTywAAE1PMNOKqo2kl4Gxiz9zZqIajOm1fZGWcGS0f5JQ2kBqNbvbg2/Za+GJ/qwUCAwEAAaOB7jCB6zAdBgNVHQ4EFgQUlp98u8ZvF71ZP1LXChvsENZklGswgbsGA1UdIwSBszCBsIAUlp98u8ZvF71ZP1LXChvsENZklGuhgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAgV86VpqAWuXvX6Oro4qJ1tYVIT5DgWpE692Ag422H7yRIr/9j/iKG4Thia/Oflx4TdL+IFJBAyPK9v6zZNZtBgPBynXb048hsP16l2vi0k5Q2JKiPDsEfBhGI+HnxLXEaUWAcVfCsQFvd2A1sxRr67ip5y2wwBelUecP3AjJ+YcxggGaMIIBlgIBATCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDUwMjA0NDIyOFowIwYJKoZIhvcNAQkEMRYEFHfXhKQoFxBqqG6q/87VmWf4364dMA0GCSqGSIb3DQEBAQUABIGAwPUhL0gvCMysU8a9lqGuYdNm54FYsogI2LXv6vNHKc5/xTHJ65LSV8mhmyWwxL8fUDu8IHOZbccSipiUaQTsPr57tRrwmXOV+7VC/NIciK1ulwvWwazcvP96fdr9B5OqxjxDz8AsEcXnRjFm4LehsdnP9Z9B/Z9/nwT6htjxyO0=-----END PKCS7-----
+">
+</form>
+<?=_("or a one off donation for this button whatever you can afford to help")?>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_s-xclick">
+<input type="image" src="/images/payment2a.png" border="0" name="submit" alt="Make payments with PayPal">
+<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHRwYJKoZIhvcNAQcEoIIHODCCBzQCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYCA1pOad7SD8OtSdvHxI3CItmi2sb2eq/1UZbQboNkJTwlaTbTZfoWzBuFmimBR/Qz21Z+L7wFa7XxfhwRLC4V/X4uTJVAIDaKsdTXFNx51EMu+LyiP1O+7GxcdNR7njwvndIaHN0HZIdidpG8jFPP/8ZsLaPe2/Dh2S7344wSuUDELMAkGBSsOAwIaBQAwgcQGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIYn0dsk7tIRmAgaBNejWqE2RRr+Tsb3fVlcbuG98Bq+zaMO5g8n8i3DnBjIoSJNb+ZuSj53oWrh/+HCY4EY1Rg3qHiUSMOS/o9k75UR7C+ez0R9tmZ2eQrdxlqTVuvENRA0W5z6iTJYog5XhMoKScOFUBaIr9zxjETUY2Y1V3X8qRFIe0YWlYRYbePs2p/IDatirUFhOJSff0ancU2GZULRy0PiZHtzbm8Gy/oIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcxMTAzMDcxMDI1WjAjBgkqhkiG9w0BCQQxFgQU8tPwGUvNb8eYe8Pfhe9YutgXm/YwDQYJKoZIhvcNAQEBBQAEgYBpwhhgz5ED5qxBosfMaifzIr2anV5ScQqqQbC1hphWBQ4e2PT5+TQWCcQkrTh2UTp3vC81Y8vYZ+fussa+zPBE8DmeFDfzpLJo+TQHZUiKxWUDu6drv3o3mV3VjAkaqIhAdubhEOxj2bbKND3IRT1lfIVVSUipndKzRjukZJK39A==-----END PKCS7-----
+">
+</form>
+<p><?=_("If you are located in Australia, use bank transfer instead.")?></p>
+
+<p><?=_("CAcert bank account details:")?></p>
+
+<ul>
+<li>Account Name: CAcert Inc</li>
+<li>BSB: 032073</li>
+<li>Account No.: 180264</li>
+</ul>
+<br /><br />
+
+<?=_("If you want to participate in CAcert.org, have a look")?> <a href="http://wiki.cacert.org/wiki/HelpingCAcert"><?=_("here")?></a> <?=_("and")?> <a href="http://wiki.cacert.org/wiki/SystemTasks"><?=_("here")?></a>.
+
+<!--
+<h3><?=_("For CAcert Association Members")?></h3>
+
+<b><?=_("Have you paid your CAcert Association membership fees for the year?")?></b>
+<p><?=_("If not then select this PayPal button to pay your US$10 membership fee for the year.")?></p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_s-xclick">
+<input type="image" src="/images/payment2.png" border="0" name="submit" alt="Make payments with PayPal">
+<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHiAYJKoZIhvcNAQcEoIIHeTCCB3UCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAVW/F7PUYp3SMSCdOj1L4lNmZk8TPLmyFBXiYe/dP6bdcsvvx0A58mLC/3j961TCs95gXWqYx5vDD9znDEii5An7weRqtaxFa9B+UplKT2kcQJpi45zsGKzhwtHF/g0aJQdLmzrDYNnWd16UvhuasUIV501LaZB3ykq5j2eDJV/DELMAkGBSsOAwIaBQAwggEEBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECJHKnDgLaYrEgIHgjYPDm0r2cH9hexIMEuCuiO9eOIsYxpzC50y9+ZWltUA9Eqp8avPT3ExC4qaw6FS8eo4+UWweESWXpAk3QrNTXgeV+Zf/4RjUEurpkRECinPUCtTgJvs6XLaPU50hAAaV9QmknT4DICcmB7djry0tB1FbLOmnqMyOTpT2pKDuL7r6hgEIAnCyASBtO5E8YJWFgSneQ53PbtT+YuAcVwIOD83wFRDAjlwYhs50VD6ugK07SXxC5I8RFV65PZS/qIiEEBCv7yiXi/U9DK4QG+3ojuxkP6ZjwshGb/99uK1NZCqgggOHMIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wHhcNMDQwMjEzMTAxMzE1WhcNMzUwMjEzMTAxMzE1WjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFHTt38RMxLXJyO2SmS+Ndl72T7oKJ4u4uw+6awntALWh03PewmIJuzbALScsTS4sZoS1fKciBGoh11gIfHzylvkdNe/hJl66/RGqrj5rFb08sAABNTzDTiqqNpJeBsYs/c2aiGozptX2RlnBktH+SUNpAajW724Nv2Wvhif6sFAgMBAAGjge4wgeswHQYDVR0OBBYEFJaffLvGbxe9WT9S1wob7BDWZJRrMIG7BgNVHSMEgbMwgbCAFJaffLvGbxe9WT9S1wob7BDWZJRroYGUpIGRMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIFfOlaagFrl71+jq6OKidbWFSE+Q4FqROvdgIONth+8kSK//Y/4ihuE4Ymvzn5ceE3S/iBSQQMjyvb+s2TWbQYDwcp129OPIbD9epdr4tJOUNiSojw7BHwYRiPh58S1xGlFgHFXwrEBb3dgNbMUa+u4qectsMAXpVHnD9wIyfmHMYIBmjCCAZYCAQEwgZQwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMDMwNzA2NDdaMCMGCSqGSIb3DQEJBDEWBBQQVDeJMeMteu3fuP5xIdpSiYrfLDANBgkqhkiG9w0BAQEFAASBgHIt5M/R6uPXFU0bVQJWcoO++ETE4nPbp+Nz+o7bclXsxIQL+yG5C5vQdpgNeCLuq42sPv+QUuVoMxio6hecCgHewwqAxkrUUr+teGOFSEqpfXBhjWfkUvZLvOy1ix6pSpjLnUu4bbJxaA5eM0gZQDZCJ8nh0HxPScdi5BhVuPSk-----END PKCS7-----
+">
+</form>
+<p><?=_("If you are located in Australia, you can use bank transfer instead and pay the equivalent of US$10 in AU$.")?></p>
+
+<p><?=_("Please also include Your name in the transaction so we know who it came from or send an email to robert at cacert dot org with the details:")?></p>
+
+<ul>
+<li>Account Name: CAcert Inc</li>
+<li>BSB: 032073</li>
+<li>Account No.: 180264</li>
+</ul>
+<br/><br/>
+-->
+
+
+<!--
+<h3><?=_("Introduction")?></h3>
+
+<p><?=_("It's been a long time coming, but the wait was worthwhile, finally you are able to get security at the right price... Free!")?></p>
+
+<p><?=_("For years we've all been charged high amounts of money to pay for security that doesn't and shouldn't cost the earth.")?></p>
+
+<p><?=_("The primary goals are:")?>
+<ul>
+<li><?=_("Inclusion into mainstream browsers!")?></li>
+<li><?=_("To provide a trust mechanism to go with the security aspects of encryption.")?></li>
+</ul>
+
+<p><?=sprintf(_("For general documentation and help please see our %s site"), "<a href='http://wiki.CAcert.org'>"._("Wiki Documentation")."</a>")?>.</p>
+-->
+
+
diff --git a/pages/index/1.php b/pages/index/1.php
new file mode 100644
index 0000000..d9ce8a8
--- /dev/null
+++ b/pages/index/1.php
@@ -0,0 +1,142 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p><?=_("By joining CAcert and becoming a Member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p>
+<p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p>
+<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
+<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br>
+<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br>
+<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br>
+<b><?=_("Note: White spaces at the beginning and end of a password will be removed.")?></b>
+</p>
+
+<form method="post" action="index.php" autocomplete="off">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
+ <tr>
+ <td colspan="2" class="title"><?=_("My Details")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" width="125"><?=_("First Name")?>: </td>
+ <td class="DataTD" width="125"><input type="text" name="fname" value="<?=array_key_exists('fname',$_REQUEST)?sanitizeHTML($_REQUEST['fname']):""?>" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
+ (<?=_("optional")?>)
+ </td>
+ <td class="DataTD"><input type="text" name="mname" value="<?=array_key_exists('mname',$_REQUEST)?sanitizeHTML($_REQUEST['mname']):""?>" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Last Name")?>: </td>
+ <td class="DataTD"><input type="text" name="lname" value="<?=array_key_exists('lname',$_REQUEST)?sanitizeHTML($_REQUEST['lname']):""?>" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Suffix")?><br>
+ (<?=_("optional")?>)</td>
+ <td class="DataTD"><input type="text" name="suffix" value="<?=array_key_exists('suffix',$_REQUEST)?sanitizeHTML($_REQUEST['suffix']):""?>" autocomplete="off"><br><?=sprintf(_("Please only write %sName Suffixes%s into this field."),'<a href="http://en.wikipedia.org/wiki/Suffix_%28name%29" target="_blank">','</a>')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Date of Birth")?><br>
+ (<?=_("dd/mm/yyyy")?>)</td>
+ <td class="DataTD"><nobr><select name="day">
+<?
+ for($i = 1; $i <= 31; $i++)
+ {
+ echo "<option";
+ if(array_key_exists('day',$_SESSION['signup']) && $_SESSION['signup']['day'] == $i)
+ echo " selected=\"selected\"";
+ echo ">$i</option>";
+ }
+?>
+ </select>
+ <select name="month">
+<?
+ for($i = 1; $i <= 12; $i++)
+ {
+ echo "<option value='$i'";
+ if(array_key_exists('month',$_SESSION['signup']) && $_SESSION['signup']['month'] == $i)
+ echo " selected=\"selected\"";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
+ }
+?>
+ </select>
+ <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['signup']) ? sanitizeHTML($_SESSION['signup']['year']):""?>" size="4" autocomplete="off"></nobr>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email Address")?>: </td>
+ <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_REQUEST)?sanitizeHTML($_REQUEST['email']):""?>" autocomplete="off"><br/><?=_("I own or am authorised to control this email address")?>
+</td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Pass Phrase")?><font color="red">*</font>: </td>
+ <td class="DataTD"><input type="password" name="pword1" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td>
+ <td class="DataTD"><input type="password" name="pword2" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions - Please enter five questions and your responses to be used for security verification.")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD">1)&nbsp;<input type="text" name="Q1" size="15" value="<?=array_key_exists('Q1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q1']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A1" value="<?=array_key_exists('A1',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A1']):""?>" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD">2)&nbsp;<input type="text" name="Q2" size="15" value="<?=array_key_exists('Q2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q2']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A2" value="<?=array_key_exists('A2',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A2']):""?>" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD">3)&nbsp;<input type="text" name="Q3" size="15" value="<?=array_key_exists('Q3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q3']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A3" value="<?=array_key_exists('A3',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A3']):""?>" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD">4)&nbsp;<input type="text" name="Q4" size="15" value="<?=array_key_exists('Q4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q4']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A4" value="<?=array_key_exists('A4',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A4']):""?>" autcomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD">5)&nbsp;<input type="text" name="Q5" size="15" value="<?=array_key_exists('Q5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['Q5']):""?>"></td>
+ <td class="DataTD"><input type="text" name="A5" value="<?=array_key_exists('A5',$_SESSION['signup'])?sanitizeHTML($_SESSION['signup']['A5']):""?>" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("It's possible to get notifications of up and coming events and even just general announcements, untick any notifications you don't wish to receive. For country, regional and radius notifications to work you must choose your location once you've verified your account and logged in.")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" valign="top"><?=_("Alert me if")?>: </td>
+ <td class="DataTD" align="left">
+ <input type="checkbox" name="general" value="1" <?=array_key_exists('general',$_SESSION['signup'])? ($_SESSION['signup']['general'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("General Announcements")?><br>
+ <input type="checkbox" name="country" value="1" <?=array_key_exists('country',$_SESSION['signup'])? ($_SESSION['signup']['country'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Country Announcements")?><br>
+ <input type="checkbox" name="regional" value="1" <?=array_key_exists('regional',$_SESSION['signup'])? ($_SESSION['signup']['regional'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Regional Announcements")?><br>
+ <input type="checkbox" name="radius" value="1" <?=array_key_exists('radius',$_SESSION['signup'])? ($_SESSION['signup']['radius'] == "0" ?"":"checked=\"checked\""):"checked=\"checked\"" ?>><?=_("Within 200km Announcements")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("When you click on next, we will send a confirmation email to the email address you have entered above.")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="checkbox" name="cca_agree" value="1" <?=array_key_exists('cca_agree',$_SESSION['signup'])? ($_SESSION['signup']['cca_agree'] == "1" ?"checked=\"checked\"":""):"" ?> ><?=_("I agree to the terms and conditions of the CAcert Community Agreement")?>: <a href="/policy/CAcertCommunityAgreement.php">http://www.cacert.org/policy/CAcertCommunityAgreement.php</a></td>
+ </tr>
+
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
+
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/index/10.php b/pages/index/10.php
new file mode 100644
index 0000000..f89187d
--- /dev/null
+++ b/pages/index/10.php
@@ -0,0 +1,90 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<h3><?=_("Privacy Policy")?></h3>
+
+<p>
+<?=_("This policy discloses what information we gather about you when you visit any of our Web site, and when you issue or use our certificates. It describes how we use that information and how you can control it.")?>
+</p>
+
+<h4>1. <?=_("Website information")?></h4>
+<p>
+<?=_("We collect two kinds of information about website users: 1) data that users volunteer by signing up to our website or when you send us an email via our contact form; and 2) aggregated tracking data we collect when users interact with our site.")?>
+</p>
+
+<h4>2. <?=_("Personal information")?></h4>
+<p>
+<?=_("When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address, date of birth and some lost pass phrase question and answers.")?>
+</p>
+<p>
+<?=_("We only share your information with any other organisation when so instructed by a CAcert arbitrator.")?>
+</p>
+
+<h4>3. <?=_("Aggregated tracking information")?></h4>
+<p>
+<?=_("We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user.")?>
+</p>
+
+<h4>4. <?=_("Cookies")?></h4>
+<p>
+<?=_("Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them.")?>
+</p>
+<p>
+<?=_("We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer.")?>
+</p>
+
+<h4>5. <?=_("Notification of changes")?></h4>
+<p>
+<?=_("If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information.")?>
+</p>
+
+<h4>6. <?=_("How to update, correct, or delete your information")?></h4>
+<p>
+<?=_("You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link")?>
+</p>
+
+<h4>7. <?=_("Privacy of certificates")?></h4>
+<p>
+<?=_("CAcert does not automatically publish the certificates through a directory service or the website to other people than the user who requested the certificate. In the future, the user might be able to opt-in for publication of the certificates through a directory server by CAcert.")?>
+</p>
+
+<h4>8. <?=_("Privacy of user data")?></h4>
+<p>
+<?=_("CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address. No other person related data is published by CAcert.")?>
+</p>
+
+<h4>9. <?=_("Exceptions")?></h4>
+<p>
+<?=_("A CAcert arbitrator may override this policy in a dispute.")?>
+<?=_("To obtain access to confidential data, a dispute has to be filed.")?>
+</p>
+
+<h4>10. <?=_("Legal mandates")?></h4>
+<p>
+<?=_("CAcert adopts the Australian privacy regulations.")?>
+<?=_("Please see <a href='http://www.privacy.gov.au/'>http://www.privacy.gov.au/</a> for further details.")?>
+<?=_("Governmental warrants and civil supoenas will be processed through the dispute resolution system, which ensures that valid authority is given to whoever complies with the supoena or the warrant.")?>
+</p>
+
+
+<p><?=_("If you need to contact us in writing, address your mail to:")?></p>
+<p>
+CAcert Inc.<br>
+P.O. Box 4107<br>
+Denistone East NSW 2112<br>
+Australia
+</p>
diff --git a/pages/index/11.php b/pages/index/11.php
new file mode 100644
index 0000000..1b76f9c
--- /dev/null
+++ b/pages/index/11.php
@@ -0,0 +1,86 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['secrethash'] = md5(date("YmdHis").rand(0, intval(date("u"))));
+?>
+<H3><?=_("Contact Us")?></H3>
+
+<p><b><?=_("General Questions")?></b></p>
+<p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be over looked, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a reply quicker.")?></b></p>
+<p><b><?=_("If you are contacting us about advertising, please use the form at the bottom of the website, the first contact form is not the correct place.")?></b></p>
+<p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p>
+<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="http://www.CAcert.org/help.php"><?=_("Go here for more details.")?></a></p>
+<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
+<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
+<p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
+<form method="post" name="form1">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ <input type="hidden" name="support" value="yes">
+ <input type="hidden" name="secrethash2" value="">
+ <table border="0">
+ <tr><td width="90"><?=_("Your Name")?>:</td><td><input type="text" name="who"></td><td>&#160;</td></tr>
+ <tr><td><?=_("Your Email")?>:</td><td><input type="text" name="email"></td></tr>
+ <tr><td><?=_("Subject")?>:</td><td><input type="text" name="subject"></td></tr>
+ <tr><td colspan="2"><textarea name="message" cols="40" rows="10"></textarea></td></tr>
+ <tr><td colspan="3"><font color="#ff0000"><?=_("Warning: Please do not enter confidential data into this form, it is being sent to a public mailinglist. Use the form further below instead.")?></font></td></tr>
+ <tr><td colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td></tr>
+ </table>
+</form>
+
+<p><b>IRC</b></p>
+<p><a href="irc://irc.CAcert.org/CAcert">irc://irc.CAcert.org/CAcert</a></p>
+<p><b>Secure IRC</b></p>
+<p><a href="ircs://irc.CAcert.org:7000/CAcert">ircs://irc.CAcert.org:7000/CAcert</a></p>
+
+<p><b><?=_("Other Mailing Lists")?></b></p>
+<p><?=_("There are a number of other mailing lists CAcert runs, some are general discussion, others are technical (such as the development list) or platform specific help (such as the list for Apple Mac users)")?></p>
+<p><a href="http://lists.cacert.org/"><?=_("Click here to view all lists available")?></a></p>
+
+<p><b><?=_("Sensitive Information")?></b></p>
+<p><?=_("If you have questions, comments or otherwise and information you're sending to us contains sensitive details, you should use the contact form below. Due to the large amounts of support emails we receive, sending general questions via this contact form will generally take longer then using the support mailing list. Also sending queries in anything but english could cause delays in supporting you as we'd need to find a translator to help.")?></p>
+<form method="post" action="https://www.cacert.org/index.php" name="form2">
+ <input type="hidden" name="secrethash2" value="">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ <table border="0">
+ <tr><td><?=_("Your Name")?>:</td><td><input type="text" name="who"></td></tr>
+ <tr><td><?=_("Your Email")?>:</td><td><input type="text" name="email"></td></tr>
+ <tr><td><?=_("Subject")?>:</td><td><input type="text" name="subject"></td></tr>
+ <tr><td colspan="2"><textarea name="message" cols="40" rows="10"></textarea></td></tr>
+ <tr><td colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td></tr>
+ </table>
+</form>
+
+<p><b><?=_("Security Issues")?></b></p>
+<p><?=_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on <a href='https://bugs.cacert.org/'>bugs.cacert.org</a> and mark it as private.")?></p>
+
+<p><b><?=_("Snail Mail")?></b></p>
+<p><?=_("Alternatively you can get in contact with us via the following methods:")?></p>
+
+<p><?=_("Postal Address:")?><br>
+CAcert Inc.<br>
+P.O. Box 4107<br>
+Denistone East NSW 2112<br>
+Australia</p>
+
+<script type="text/javascript">
+<!--
+ var pagehash = '<?=$_SESSION['_config']['secrethash']?>';
+
+ document.form1.secrethash2.value = pagehash;
+ document.form2.secrethash2.value = pagehash;
+-->
+</script>
diff --git a/pages/index/12.php b/pages/index/12.php
new file mode 100644
index 0000000..4b021e0
--- /dev/null
+++ b/pages/index/12.php
@@ -0,0 +1,31 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<H3><?=_("About CAcert.org")?></H3>
+
+<p><?=_("CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free.")?></p>
+
+<p><? printf(_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically with the X.509 family of standards. We have compiled a %sdocument base%s that has helpful hints and tips on setting up encryption with common software, and general information about Public Key Infrastructures (PKI)."), "<a href='http://wiki.cacert.org/'>", "</a>"); ?></p>
+
+<p><?=_("For the enthusiast looking to dip their toe in the water, we have an easy way of obtaining certificates you can use with your email program. You can use these not only to encrypt, but to prove to your friends and family that your email really does come from you.")?></p>
+
+<p><?=_("For administrators looking to protect the services they offer, we provide host and wild card certificates which you can issue almost immediately. Not only can you use these to protect websites, but also POP3, SMTP and IMAP connections, to list but a few. Unlike other certificate authorities, we don't limit the strength of the certificates, or the use of wild card certificates. Everyone should have the right to security and to protect their privacy, not just those looking to run ecommerce sites.")?></p>
+
+<p><?=_("If you're extremely serious about encryption, you can join CAcert's Assurance Programme and Web of Trust. This allows you to have your identity verified to obtain added benefits, including longer length certificates and the ability to include your name on email certificates."); ?></p>
+
+<p><?=_("CAcert Inc. is a non-profit association, incorporated in New South Wales Australia.")?></p>
+<p><?=_("More information about CAcert Incorporated:")?><a href="http://wiki.cacert.org/wiki/CAcertIncorporated">http://wiki.cacert.org/wiki/CAcertIncorporated</a></p>
diff --git a/pages/index/13.php b/pages/index/13.php
new file mode 100644
index 0000000..34cbea4
--- /dev/null
+++ b/pages/index/13.php
@@ -0,0 +1,40 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<H3><?=_("Donations")?></H3><br>
+
+<h4><?=_("If I'd like to donate to CAcert Inc., how can I do it?")?></h4>
+
+<p><?=_("CAcert Inc. is a non-profit association which is legally able to accept donations. CAcert adheres to strict guidelines about how this money can to be used. If you'd like to make a donation, you can do so via")?>
+
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_s-xclick">
+<input type="image" src="/images/payment2.png" border="0" name="submit" alt="<?=_("CAcert Donation through PayPal")?>">
+<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHRwYJKoZIhvcNAQcEoIIHODCCBzQCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYCA1pOad7SD8OtSdvHxI3CItmi2sb2eq/1UZbQboNkJTwlaTbTZfoWzBuFmimBR/Qz21Z+L7wFa7XxfhwRLC4V/X4uTJVAIDaKsdTXFNx51EMu+LyiP1O+7GxcdNR7njwvndIaHN0HZIdidpG8jFPP/8ZsLaPe2/Dh2S7344wSuUDELMAkGBSsOAwIaBQAwgcQGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIYn0dsk7tIRmAgaBNejWqE2RRr+Tsb3fVlcbuG98Bq+zaMO5g8n8i3DnBjIoSJNb+ZuSj53oWrh/+HCY4EY1Rg3qHiUSMOS/o9k75UR7C+ez0R9tmZ2eQrdxlqTVuvENRA0W5z6iTJYog5XhMoKScOFUBaIr9zxjETUY2Y1V3X8qRFIe0YWlYRYbePs2p/IDatirUFhOJSff0ancU2GZULRy0PiZHtzbm8Gy/oIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcxMTAzMDcxMDI1WjAjBgkqhkiG9w0BCQQxFgQU8tPwGUvNb8eYe8Pfhe9YutgXm/YwDQYJKoZIhvcNAQEBBQAEgYBpwhhgz5ED5qxBosfMaifzIr2anV5ScQqqQbC1hphWBQ4e2PT5+TQWCcQkrTh2UTp3vC81Y8vYZ+fussa+zPBE8DmeFDfzpLJo+TQHZUiKxWUDu6drv3o3mV3VjAkaqIhAdubhEOxj2bbKND3IRT1lfIVVSUipndKzRjukZJK39A==-----END PKCS7-----">
+</form>
+
+<p><?=_("If you are located in Australia, please use bank transfer instead:")?></p>
+
+<pre>
+Account Name: CAcert Inc
+BSB: 032073
+Account No.: 180264
+</pre>
+
+<p><?=_("ANY amount will be appreciated - the more funding CAcert receives, the sooner it can achieve the goals of the community.")?></p>
+
+<p><?=_("Thank you very much for your support, your donations help CAcert to continue to operate.")?></p>
diff --git a/pages/index/16.php b/pages/index/16.php
new file mode 100755
index 0000000..5b75815
--- /dev/null
+++ b/pages/index/16.php
@@ -0,0 +1,78 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p>
+Class 1 <?=_("PKI Key")?><br>
+<a href="index.php?id=17"><?=_("Click here if you want to import the root certificate into Microsoft Internet Explorer 5.x/6.x")?></a><br>
+<a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a><br>
+<a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a><br>
+<a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a><br>
+<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a><br>
+<?=_("Fingerprint")?> SHA1: 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33<br/>
+<?=_("Fingerprint")?> MD5: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B<br/>
+</p>
+
+<p>
+Class 3 <?=_("PKI Key")?><br>
+<a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a><br/>
+<a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a><br/>
+<a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a><br/>
+<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a><br/>
+<?=_("Fingerprint")?> SHA1: DB:4C:42:69:07:3F:E9:C2:A3:7D:89:0A:5C:1B:18:C4:18:4E:2A:2D<br/>
+<?=_("Fingerprint")?> MD5: 73:3F:35:54:1D:44:C9:E9:5A:4A:EF:51:AD:03:06:B6<br/>
+</p>
+
+<p>
+<?=_("GPG Key")?><br>
+<a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a><br>
+</p>
+
+<p>
+<?=_("PKI finger/thumb print signed by the CAcert GPG Key")?><br>
+<pre>
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+For most software, the fingerprint is reported as:
+A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B
+
+Under MSIE the thumbprint is reported as:
+135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (GNU/Linux)
+
+iD8DBQE/VtRZ0rsNAWXQ/VgRAphfAJ9jh6TKBDexG0NTTUHvdNuf6O9RuQCdE5kD
+Mch2LMZhK4h/SBIft5ROzVU=
+=R/pJ
+-----END PGP SIGNATURE-----
+</pre>
+<pre>
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA)
+ Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58
+sub 2048g/113ED0F2 2003-07-11 [expires: 2033-07-03]
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.5 (GNU/Linux)
+
+iD8DBQFCEDLN0rsNAWXQ/VgRArhhAJ9EY1TJOzsVVuy2lL98CoKL0vnJjQCfbdBk
+TG1yj+lkktROGGyn0hJ5SbM=
+=tXoj
+-----END PGP SIGNATURE-----
+</pre>
+</p>
diff --git a/pages/index/17.php b/pages/index/17.php
new file mode 100644
index 0000000..99fbee3
--- /dev/null
+++ b/pages/index/17.php
@@ -0,0 +1,138 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ include("../includes/general_stuff.php");
+ ?>
+
+<html>
+<head>
+<title><?=_("Install CAcert Root using CEnroll Active-X component and PKCS-7")?></title>
+<link rel="stylesheet" href="styles/default.css" type="text/css">
+</head>
+
+<SCRIPT LANGUAGE="VBSCRIPT">
+
+Sub InstallCert
+
+ credentials = "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290" & _
+"IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB" & _
+"IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA" & _
+"Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO" & _
+"BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi" & _
+"MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ" & _
+"ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC" & _
+"CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ" & _
+"8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6" & _
+"zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y" & _
+"fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7" & _
+"w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc" & _
+"G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k" & _
+"epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q" & _
+"laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ" & _
+"QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU" & _
+"fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826" & _
+"YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w" & _
+"ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY" & _
+"gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe" & _
+"MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0" & _
+"IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy" & _
+"dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw" & _
+"czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0" & _
+"dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl" & _
+"aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC" & _
+"AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg" & _
+"b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB" & _
+"ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc" & _
+"nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg" & _
+"18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c" & _
+"gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl" & _
+"Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY" & _
+"sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T" & _
+"SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF" & _
+"CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum" & _
+"GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk" & _
+"zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW" & _
+"omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD"
+
+ credentials2 = "MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290" & _
+"IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB" & _
+"IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA" & _
+"Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS" & _
+"BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v" & _
+"cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB" & _
+"AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9" & _
+"4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB" & _
+"Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J" & _
+"0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ" & _
+"FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx" & _
+"bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q" & _
+"SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb" & _
+"6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV" & _
+"m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g" & _
+"eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG" & _
+"kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7" & _
+"6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG" & _
+"CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc" & _
+"aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB" & _
+"gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w" & _
+"aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6" & _
+"tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0" & _
+"nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M" & _
+"77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV" & _
+"Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L" & _
+"ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM" & _
+"zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU" & _
+"rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF" & _
+"YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT" & _
+"oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu" & _
+"FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB" & _
+"0m6lG5kngOcLqagA"
+
+ On Error Resume Next
+ Dim Enroll
+
+ Set Enroll = CreateObject("CEnroll.CEnroll.2")
+ if ( (Err.Number = 438) OR (Err.Number = 429) ) Then
+ Err.Clear
+ Set Enroll = CreateObject("CEnroll.CEnroll.1")
+ End If
+ if Err.Number <> 0 then
+ location = "index.php?id=18&errid=1&hex=" & Hex(err)
+ Else
+ Call Enroll.InstallPKCS7(credentials)
+ If err.Number <> 0 then
+ location = "index.php?id=18&errid=2&hex=" & Hex(err)
+ Else
+ Call Enroll.InstallPKCS7(credentials2)
+ If err.Number <> 0 then
+ location = "index.php?id=18&errid=2&hex=" & Hex(err)
+ Else
+ location = "index.php?id=18&errid=0&hex=0"
+ End if
+ End if
+ End If
+
+ End sub
+</SCRIPT>
+<body LANGUAGE="VBScript" ONLOAD="InstallCert">
+
+<? showbodycontent("CAcert.org",""); ?>
+<p><?=_("Install a Root Certificate using Internet Explorer and the CEnroll ActiveX control. This avoids the Microsoft Certificate Installation wizard and all of its complexity and extra screens for users. This however will ONLY work for Microsoft Internet Explorer.")?></p>
+<? showfooter(); ?>
+
+
diff --git a/pages/index/18.php b/pages/index/18.php
new file mode 100644
index 0000000..d67ce6e
--- /dev/null
+++ b/pages/index/18.php
@@ -0,0 +1,25 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $errmsg = _("The CAcert root certificate was successfully installed");
+ if(array_key_exists('errid',$_REQUEST) && $_REQUEST['errid'] == 1)
+ $errmsg = _("Can't start the CEnroll control:").' '.substr(strip_tags(array_key_exists('hex',$_REQUEST)?$_REQUEST['hex']:""), 0, 5);
+ if(array_key_exists('errid',$_REQUEST) && $_REQUEST['errid'] == 2)
+ $errmsg = _("Problems were detected with the CAcert root certificate download error:").' '.substr(strip_tags(array_key_exists('hex',$_REQUEST)?$_REQUEST['hex']:""), 0, 5);
+?>
+<p><?=$errmsg?></p>
diff --git a/pages/index/19.php b/pages/index/19.php
new file mode 100644
index 0000000..c58eb68
--- /dev/null
+++ b/pages/index/19.php
@@ -0,0 +1,104 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<span style="background-color: #FF8080; font-size: 150%">
+Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br>
+Until a subsidiary policy under AP is written, it is against AP rules.<br>
+</span>
+&nbsp;<br>
+<h3><?=_("Information")?></h3>
+<table border="0" align="center" cellspacing="0" cellpadding="0">
+ <tr>
+ <td class="title" colspan="2"><?=_("What can CAcert provide to you, to increase your privacy and security for free?")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <h4><?=_("Client certificates (un-assured)")?></h4>
+ </td>
+ <td class="DataTD">
+ <u><?=_("Benefits")?>:</u> <?=_("You can send digitally signed/encrypted emails; others can send encrypted emails to you.")?><br /><br />
+ <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 6 months. Only the email address itself can be entered into the certificate (not your full name)")?>.<br /><br />
+ <u><?=_("Verification needed")?>:</u> <?=_("You must confirm it is your email address by responding to a 'ping' email sent to it.")?><br /><br />
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <h4><?=_("Assured client certificates")?></h4>
+ </td>
+ <td class="DataTD">
+ <u><?=_("Benefits")?>:</u> <?=_("Same as above plus you can include your full name in the certificates.")?><br /><br />
+ <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 24 months.")?><br /><br />
+ <u><?=_("Verification needed")?>:</u> <?=_("Same as above, plus you must get a minimum of 50 assurance points by meeting with one or more assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br /><br />
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <h4><?=_("Code signing certificates")?></h4>
+ </td>
+ <td class="DataTD">
+ <u><?=_("Benefits")?>:</u> <?=_("Digitally sign code, web applets, installers, etc. including your name and location in the certificates.")?><br><br>
+ <u><?=_("Limitations")?>:</u> <?=sprintf(_("Certificates expire in 12 months. Certificates %s must%s include your full name."),"<u>","</u>")?><br /><br />
+ <u><?=_("Verification needed")?>:</u> <?=_("Same as above plus get 100 assurance points by meeting with multiple assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br><br>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <h4><?=_("Server certificates (un-assured)")?></h4>
+ </td>
+ <td class="DataTD">
+ <u><?=_("Benefits")?>:</u> <?=_("Enable encrypted data transfer for users accessing your web, email, or other SSL enabled service on your server; wildcard certificates are allowed.")?><br><br>
+ <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 6 months; only the domain name itself can be entered into the certificates (not your full name, company name, location, etc.).")?><br><br>
+ <u><?=_("Verification needed")?>:</u> <?=_("You must confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address listed in the whois record, or one of the RFC-mandatory addresses (hostmaster/postmaster/etc).")?><br><br>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <h4><?=_("Assured server certificates")?></h4>
+ </td>
+ <td class="DataTD">
+ <u><?=_("Benefits")?>:</u> <?=_("Same as above.")?><br><br>
+ <u><?=_("Limitations")?>:</u> <?=_("Same as above, except certificates expire in 24 months.")?><br><br>
+ <u><?=_("Verification needed")?>:</u> <?=_("Same as above, plus get 50 assurance points by meeting with assurer(s) from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br><br>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <h4><?=_("Become an assurer in CAcert Web of Trust")?></h4>
+ </td>
+ <td class="DataTD">
+ <u><?=_("Benefits")?>:</u> <?=_("The ability to assure other new CAcert users; contribute to the strengthening and broadening of the CAcert Web of Trust.")?><br><br>
+ <u><?=_("Limitations")?>:</u> <?=_("The number of assurance point you have will limit the maximum assurance points you can issue for people you assure.")?><br><br>
+ <u><?=_("Verification needed")?>:</u> <?=_("You will need to be issued 100 points by meeting with existing assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents; OR if it is too difficult to meet up with existing assurers in your area, meet with two Trusted Third Party assurers (notary public, justice of the peace, lawyer, bank manager, accountant) to do the verifying.")?><br><br>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <h4><?=_("Become a member of the CAcert Association")?></h4>
+ </td>
+ <td class="DataTD">
+ <u><?=_("Benefits")?>:</u> <?=_("You get a vote in how CAcert (a non-profit association incorporated in Australia) is run; be eligible for positions on the CAcert board.")?><br><br>
+ <u><?=_("Limitations")?>:</u> <?=_("None, the sky is the limit for CAcert.")?><br><br>
+ <u><?=_("Verification needed")?>:</u> <?=_("None; $10 USD per year membership fee.")?><br><br>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2">
+ (*) <?=_("Please note a general limitation is that, unlike long-time players like Verisign, CAcert's root certificate is not included by default in mainstream browsers, email clients, etc. This means people to whom you send encrypted email, or users who visit your SSL-enabled web server, will first have to import CAcert's root certificate, or they will have to agree to pop-up security warnings (which may look a little scary to non-techy users).")?>
+ </td>
+ </tr>
+</table>
+<br>
diff --git a/pages/index/2.php b/pages/index/2.php
new file mode 100644
index 0000000..1c057e9
--- /dev/null
+++ b/pages/index/2.php
@@ -0,0 +1,20 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p>
+<?=_("Your information has been submitted into our system. You will now be sent an email with a web link, you need to open that link in your web browser within 24 hours or your information will be removed from our system!")?>
+</p>
diff --git a/pages/index/21.php b/pages/index/21.php
new file mode 100644
index 0000000..ae55e9c
--- /dev/null
+++ b/pages/index/21.php
@@ -0,0 +1,46 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+
+<h3><?=_("For CAcert Association Members")?></h3>
+
+<b><?=_("Have you paid your CAcert Association membership fees for the year?")?></b>
+<p><?=_("If not then select this PayPal button to establish annual payment of your US$10 membership fee.")?></p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_s-xclick">
+<input type="image" src="/images/payment2.png" border="0" name="submit" alt="Make payments with PayPal">
+<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHiAYJKoZIhvcNAQcEoIIHeTCCB3UCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAVW/F7PUYp3SMSCdOj1L4lNmZk8TPLmyFBXiYe/dP6bdcsvvx0A58mLC/3j961TCs95gXWqYx5vDD9znDEii5An7weRqtaxFa9B+UplKT2kcQJpi45zsGKzhwtHF/g0aJQdLmzrDYNnWd16UvhuasUIV501LaZB3ykq5j2eDJV/DELMAkGBSsOAwIaBQAwggEEBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECJHKnDgLaYrEgIHgjYPDm0r2cH9hexIMEuCuiO9eOIsYxpzC50y9+ZWltUA9Eqp8avPT3ExC4qaw6FS8eo4+UWweESWXpAk3QrNTXgeV+Zf/4RjUEurpkRECinPUCtTgJvs6XLaPU50hAAaV9QmknT4DICcmB7djry0tB1FbLOmnqMyOTpT2pKDuL7r6hgEIAnCyASBtO5E8YJWFgSneQ53PbtT+YuAcVwIOD83wFRDAjlwYhs50VD6ugK07SXxC5I8RFV65PZS/qIiEEBCv7yiXi/U9DK4QG+3ojuxkP6ZjwshGb/99uK1NZCqgggOHMIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wHhcNMDQwMjEzMTAxMzE1WhcNMzUwMjEzMTAxMzE1WjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFHTt38RMxLXJyO2SmS+Ndl72T7oKJ4u4uw+6awntALWh03PewmIJuzbALScsTS4sZoS1fKciBGoh11gIfHzylvkdNe/hJl66/RGqrj5rFb08sAABNTzDTiqqNpJeBsYs/c2aiGozptX2RlnBktH+SUNpAajW724Nv2Wvhif6sFAgMBAAGjge4wgeswHQYDVR0OBBYEFJaffLvGbxe9WT9S1wob7BDWZJRrMIG7BgNVHSMEgbMwgbCAFJaffLvGbxe9WT9S1wob7BDWZJRroYGUpIGRMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIFfOlaagFrl71+jq6OKidbWFSE+Q4FqROvdgIONth+8kSK//Y/4ihuE4Ymvzn5ceE3S/iBSQQMjyvb+s2TWbQYDwcp129OPIbD9epdr4tJOUNiSojw7BHwYRiPh58S1xGlFgHFXwrEBb3dgNbMUa+u4qectsMAXpVHnD9wIyfmHMYIBmjCCAZYCAQEwgZQwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMDMwNzA2NDdaMCMGCSqGSIb3DQEJBDEWBBQQVDeJMeMteu3fuP5xIdpSiYrfLDANBgkqhkiG9w0BAQEFAASBgHIt5M/R6uPXFU0bVQJWcoO++ETE4nPbp+Nz+o7bclXsxIQL+yG5C5vQdpgNeCLuq42sPv+QUuVoMxio6hecCgHewwqAxkrUUr+teGOFSEqpfXBhjWfkUvZLvOy1ix6pSpjLnUu4bbJxaA5eM0gZQDZCJ8nh0HxPScdi5BhVuPSk-----END PKCS7-----
+">
+</form>
+
+<p><?=_("To do a single US$10 Membership-Fee Payment, please use this button:")?></p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_s-xclick">
+<input type="hidden" name="hosted_button_id" value="586280">
+<input type="image" src="/images/btn_paynowCC_LG.gif" border="0" name="submit" alt="">
+</form>
+
+<p><?=_("If you are located in Australia, you can use bank transfer instead and pay the equivalent of US$10 in AU$.")?></p>
+
+<p><?=_("Please also include your name in the transaction so we know who it came from and send an email to ernestine at cacert dot org with the details:")?></p>
+
+<ul>
+<li>Account Name: CAcert Inc</li>
+<li>BSB: 032073</li>
+<li>Account No.: 180264</li>
+</ul>
+<br/><br/>
diff --git a/pages/index/3.php b/pages/index/3.php
new file mode 100644
index 0000000..5b75815
--- /dev/null
+++ b/pages/index/3.php
@@ -0,0 +1,78 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p>
+Class 1 <?=_("PKI Key")?><br>
+<a href="index.php?id=17"><?=_("Click here if you want to import the root certificate into Microsoft Internet Explorer 5.x/6.x")?></a><br>
+<a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a><br>
+<a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a><br>
+<a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a><br>
+<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a><br>
+<?=_("Fingerprint")?> SHA1: 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33<br/>
+<?=_("Fingerprint")?> MD5: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B<br/>
+</p>
+
+<p>
+Class 3 <?=_("PKI Key")?><br>
+<a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a><br/>
+<a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a><br/>
+<a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a><br/>
+<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a><br/>
+<?=_("Fingerprint")?> SHA1: DB:4C:42:69:07:3F:E9:C2:A3:7D:89:0A:5C:1B:18:C4:18:4E:2A:2D<br/>
+<?=_("Fingerprint")?> MD5: 73:3F:35:54:1D:44:C9:E9:5A:4A:EF:51:AD:03:06:B6<br/>
+</p>
+
+<p>
+<?=_("GPG Key")?><br>
+<a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a><br>
+</p>
+
+<p>
+<?=_("PKI finger/thumb print signed by the CAcert GPG Key")?><br>
+<pre>
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+For most software, the fingerprint is reported as:
+A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B
+
+Under MSIE the thumbprint is reported as:
+135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (GNU/Linux)
+
+iD8DBQE/VtRZ0rsNAWXQ/VgRAphfAJ9jh6TKBDexG0NTTUHvdNuf6O9RuQCdE5kD
+Mch2LMZhK4h/SBIft5ROzVU=
+=R/pJ
+-----END PGP SIGNATURE-----
+</pre>
+<pre>
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA)
+ Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58
+sub 2048g/113ED0F2 2003-07-11 [expires: 2033-07-03]
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.5 (GNU/Linux)
+
+iD8DBQFCEDLN0rsNAWXQ/VgRArhhAJ9EY1TJOzsVVuy2lL98CoKL0vnJjQCfbdBk
+TG1yj+lkktROGGyn0hJ5SbM=
+=tXoj
+-----END PGP SIGNATURE-----
+</pre>
+</p>
diff --git a/pages/index/4.php b/pages/index/4.php
new file mode 100644
index 0000000..ffbfe26
--- /dev/null
+++ b/pages/index/4.php
@@ -0,0 +1,61 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+
+<?
+ if(!array_key_exists('mconn',$_SESSION) || !$_SESSION['mconn'])
+ {
+ echo _("This function is currently unavailable. Please come back later.");
+ exit;
+ }
+?>
+
+<? if($_SESSION['_config']['hostname'] == $_SESSION['_config']['securehostname']) { ?>
+<p><?=_("Warning! You've attempted to log into the system with a client certificate, but the login failed due to the certificate being expired, revoked, disabled for certificate login, or simply not valid for this site. You can login using your Email/Pass Phrase to get a new certificate, by clicking on 'Normal Login' to the right of your screen.")?></p>
+<? } else { ?>
+<style>
+.box2 {width:100%;text-align:center;}
+.box {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:250px;width:300px;padding:1em;}
+.smalltext {font-size:10px;}
+label {width:100px;display:block;float:left;}
+text {width:166px;display:block;float:left;}
+br {clear:left;}
+h1 {font-size:1.9em;text-align:center;}
+</style>
+<div class='box2'>
+<div class='box'>
+<form action='index.php' method='post'<? if(array_key_exists("noauto",$_REQUEST) && $_REQUEST['noauto'] == 1) echo " autocomplete='off'"; ?>>
+<? if(array_key_exists("noauto",$_REQUEST) && $_REQUEST['noauto'] == 1) { ?><input type="hidden" name="noauto" value="1"><? } ?>
+<h1><?=_("Login")?></h1>
+<p class='smalltext'><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p>
+<label for="email"><?=_("Email Address")?>:</label><input type='text' name="email" value="<?=sanitizeHTML(array_key_exists("email",$_REQUEST)?$_REQUEST['email']:"")?>" <? if(array_key_exists('notauto',$_REQUEST) && $_REQUEST['noauto'] == 1) echo " autocomplete='off'"; ?>/><br />
+<label for="pword"><?=_("Pass Phrase")?>:</label><input type='password' name='pword' autocomplete="off"/><br />
+<input type='submit' name="process" value="<?=_("Login")?>" /><br /><br />
+<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4'><?=_("Password Login")?></a> -
+<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=5'><?=_("Lost Password")?></a> -
+<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4&amp;noauto=1'><?=_("Net Cafe Login")?></a><br />
+<p class='smalltext'><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
+</div>
+</div>
+<? }
+if(array_key_exists("oldlocation",$_SESSION['_config']) && $_SESSION['_config']['oldlocation']!="")
+{
+ echo "<br/><center>"._("If you want to use certificate login instead of username+password, please")." <a href='https://secure.cacert.org/".sanitizeHTML($_SESSION['_config']['oldlocation'])."'>"._("click here")."</a></center>";
+}
+?>
diff --git a/pages/index/47.php b/pages/index/47.php
new file mode 100644
index 0000000..7046934
--- /dev/null
+++ b/pages/index/47.php
@@ -0,0 +1,58 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<h3><?=_("CAcert Public Relations materials")?></h3>
+
+<p><?=_("On this page you find materials that can be used for CAcert publicity")?>
+<br /><?=sprintf(_("Use of these materials is subject to the rules described in the %s."), "<a href='http://svn.cacert.org/CAcert/PR/CAcert_Styleguide.pdf'>CAcert Style Guide</a>")?></p>
+
+<h5><?=_("CAcert logos")?></h4>
+
+<p><?=sprintf(_("Here you find a number of logos to use in documents or to add to your website. Help CAcert to get some publicity by using a logo to link back to %s or to indicate that you or your website are using a CAcert certificates for security and privacy."), "<a href='http://www.cacert.org'>http://www.cacert.org</a>")?></p>
+
+<p><?=_("As described in the Style Guide, the monochrome version of the logo must be used in situations where the logo colours cannot be reproduced correctly.")?></p>
+
+<p><?=_("CAcert Logo, Encapsulated PostScript (EPS) format")?>
+<br />&nbsp;&nbsp;&nbsp;&nbsp;|
+<a href="http://svn.cacert.org/CAcert/PR/Logos/CAcert-logo-colour.eps"><?=_("Colour version")?></a> |
+<a href="http://svn.cacert.org/CAcert/PR/Logos/CAcert-logo-mono.eps"><?=_("Monochrome version")?></a> |
+</p>
+
+<p><?=_("CAcert Logo, colour version, PNG format")?>
+<? $px = array("100x24", "120x28", "150x35", "180x42", "210x49", "270x62", "330x76", "390x90", "470x108", "560x128", "680x156", "820x188", "1000x229") ?>
+<br>&nbsp;&nbsp;&nbsp;&nbsp;|
+<?
+foreach ( $px as $i ) {
+ $w = substr($i, 0, strcspn($i,"x"));
+ if ( $w != "100" ) {
+ printf(" | ");
+ }
+?><a href="http://svn.cacert.org/CAcert/PR/Logos/CAcert-logo-colour-<?=$w?>.png"><?=$i?></a>
+<? } ?> |</p>
+
+<p><?=_("CAcert Logo, monochrome version, PNG format")?>
+<? $px = array("100x24", "120x28", "150x35", "180x42", "210x49", "270x63", "330x76", "390x90", "470x108", "560x129", "680x157", "820x189", "1000x230") ?>
+<br>&nbsp;&nbsp;&nbsp;&nbsp;|
+<?
+foreach ( $px as $i ) {
+ $w = substr($i, 0, strcspn($i,"x"));
+ if ( $w != "100" ) {
+ printf(" | ");
+ }
+?><a href="http://svn.cacert.org/CAcert/PR/Logos/CAcert-logo-mono-<?=$w?>.png"><?=$i?></a>
+<? } ?> |</p>
+
diff --git a/pages/index/5.php b/pages/index/5.php
new file mode 100644
index 0000000..20e868f
--- /dev/null
+++ b/pages/index/5.php
@@ -0,0 +1,62 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<form method="post" action="index.php" autocomplete="off">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Lost Pass Phrase")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" width="125"><?=_("Email Address (primary)")?>: </td>
+ <td class="DataTD" width="125"><input type="text" name="email" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Date of Birth")?><br>
+ (<?=_("dd/mm/yyyy")?>)</td>
+ <td class="DataTD"><nobr><select name="day">
+<?
+ for($i = 1; $i <= 31; $i++)
+ {
+ echo "<option>$i</option>";
+ }
+?>
+ </select>
+ <select name="month">
+<?
+ for($i = 1; $i <= 12; $i++)
+ {
+ echo "<option value='$i'";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
+ }
+?>
+ </select>
+ <input type="text" name="year" size="4" autocomplete="off"></nobr>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
+<p><?=_("Due to the increasing number of people that haven't been able to recover their passwords via the lost password form, there are now two other options available. 1.) If you don't care about your account you can signup under a new account and file dispute forms to recover your email accounts and domains. 2.) If you would like to recover your password via help from support staff, this requires a small payment to cover a real person's time to verify your claim of ownership on an account. After you pay the required fee you will have to contact the proper person to arrange the verification. Click the payment button below to continue.")." "?><? printf(_("Alternatively visit our %sinformation page%s on this subject for more details."), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount'>", "</a>")?></p>
+
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_s-xclick">
+<input type="image" src="/images/payment2.png" border="0" name="submit" alt="<?=_("Password Reset Payment through PayPal")?>">
+<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHXwYJKoZIhvcNAQcEoIIHUDCCB0wCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYCg4ipewtpqKr0/2Qmm+yA+cFBzyJw9Dyji8gSugFeDCXpe2GE567JCICjSR2hdJAWTTJzDet3QCb5URlWuCXjsDuTRl08CI7FqdgmjdxNuFqBUYadnWziNHkMwL4dDHYPnhptQhjwySAmjPVhDSfXCdOWu7ASHYYSr37Re3VznaDELMAkGBSsOAwIaBQAwgdwGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIHFbtKcAC8BqAgbjEkhFkoMxpMSJ/lXYttkQ36//QrIM+ZXNK2g1giWjRPGRQoMW+4heyhbIO7z4LeRyg/3faAn4elm8b/vlAQY2eFnEICs22VsNr/JjXIQ9ZMHw/kzjPMXpqTUNnLCri5H+Mn/3pYsQNbrmRPxbkj3CXQWp6KpgkXCAHCR+yFgYnPy/7IC77IOacL53RcxB13mvGaQUW2o2gDUFgnZUYorK9OGhjp51WLCy+I0+8TJP//18TdHhc8doqoIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcxMTAzMDcxODU0WjAjBgkqhkiG9w0BCQQxFgQU6zx/ENl4VZxj/FUJgc/v+QvLOmMwDQYJKoZIhvcNAQEBBQAEgYA83CAevt42eBbktt6UtfDqsa4Lw7TwrBLVGsXwsxIkYLaUBXzaMZ/ept2qLUksjnTklC39skjTIp6HqRaoJ6Tnt98J+bkntVnUk2YrGZ1E2Zynz2xA/WBvXQo4R+dwxbqawf28DLgR935tBfDipv1A4Ay1yoULknnEACUH+Qk4Ig==-----END PKCS7-----">
+</form>
diff --git a/pages/index/51.php b/pages/index/51.php
new file mode 100644
index 0000000..69abcb6
--- /dev/null
+++ b/pages/index/51.php
@@ -0,0 +1,37 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<H3><?=_("CAcert.org Mission Statement")?></H3>
+
+<p><?=_("To create a Non-Profit Certificate Authority; an alternative to the commercial CAs.")?></p>
+
+<h3><?=_("Who?")?></h3>
+<p><?=_("Core members of CAcert generally have a strong information technology and security background, and a stronger desire to give back to the community.")?></p>
+<p><?=_("Many are just the users of the system who by just making use of the project contribute to the wider community by word-of-mouth.")?></p>
+
+<h3><?=_("Why?")?></h3>
+<p><?=_("Many people are currently dissatisfied with the commercial offerings. Many people wish only to connect or share with people they know, or simply secure their webmail from people potentially sniffing their traffic. Why subscribe to a service that is not structured to handle this, and furthermore charges a king's ransom for the privilege?")?></p>
+<p><?=_("CAcert Inc., as a community-based project, is not driven by profits - it is driven by the community's desire for privacy and security.")?></p>
+
+<h3><?=_("How?")?></h3>
+<p><?=_("Based on OpenSSL, PHP, a little bit of C and MySQL, we were able to build not only a free certificate authority that could verify your email address or domain, but actually build in a highly effective trust model. Our model goes further than that used by some commercial CAs to prove your identity.")?></p>
+
+<h3><?=_("When and Where?")?></h3>
+<p><?=_("Right now it's happening all around you - there are secured websites and email protocols being protected and trusted by people, signed by CAcert.")?></p>
+
+<h3><?=_("So what can I do to help the cause?")?></h3>
+<p><?=_("The simplest and most effective thing you can do is spread the word, by telling your friends, colleagues and relatives about us and join.")?></p>
diff --git a/pages/index/6.php b/pages/index/6.php
new file mode 100644
index 0000000..8eefa44
--- /dev/null
+++ b/pages/index/6.php
@@ -0,0 +1,102 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
+<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br>
+<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br>
+<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?>
+</p>
+
+<form method="post" action="index.php" autocomplete="off">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="350">
+ <tr>
+ <td colspan="2" class="title"><?=_("Lost Pass Phrase - Step 2")?></td>
+ </tr>
+<?
+ srand ((double) microtime() * 1000000);
+ $num2 = $nums = array();
+ for($i = 1; $i <= 5; $i++)
+ {
+ if($_SESSION['lostpw']['user']["Q$i"] == "")
+ continue;
+ $nums[] = $i;
+ }
+
+ for($i = 0; $i < count($nums); $i++)
+ {
+ if(count($num2) == count($nums))
+ break;
+
+ $val = rand(1, 5);
+ if($_SESSION['lostpw']['user']["Q$val"] == "")
+ {
+ $i--;
+ continue;
+ }
+
+ if($val < 1 || $val > 5)
+ {
+ $i--;
+ continue;
+ }
+
+ if(!in_array($val, $num2))
+ $num2[] = $val;
+ else
+ $i--;
+
+ if(count($num2) >= 3)
+ break;
+ }
+
+ if($i > 1)
+ {
+
+ $_SESSION['lostpw']['total'] = count($num2);
+
+ foreach($num2 as $num)
+ {
+ $q = "Q$num"; $a = "A$num";
+ if($_SESSION['lostpw']['user'][$q] == "")
+ continue;
+?>
+ <tr>
+ <td class="DataTD"><?=$_SESSION['lostpw']['user'][$q]?></td>
+ <td class="DataTD"><input type="text" name="<?=$a?>" autocomplete="off">
+ <input type="hidden" name="<?=$q?>" value="<?=sanitizeHTML($_SESSION['lostpw']['user'][$q])?>"></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><?=_("New Pass Phrase")?><font color="red">*</font>: </td>
+ <td class="DataTD"><input type="password" name="newpass1" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Repeat")?><font color="red">*</font>: </td>
+ <td class="DataTD"><input type="password" name="newpass2" autocomplete="off"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol.")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
+<? } else { ?>
+<p><?=_("You do not have enough/any lost password questions set. You will not be able to continue to reset your password via this method.")?></p>
+<? } ?>
diff --git a/pages/index/7.php b/pages/index/7.php
new file mode 100644
index 0000000..bc6db44
--- /dev/null
+++ b/pages/index/7.php
@@ -0,0 +1,30 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<h3><?=_("Credits")?></h3>
+
+<p><?=_("Many people to thank, if you've had a large input with the CAcert project with code, documentation, translations, or assurances and would like recognition let me know.")?></p>
+<p><?=_("The list of names are in no sense of order")?></p>
+<ul style="padding-left: 0; margin-left: 10em; border-left: none; text-indent: -8em;">
+<li>Christian Barmala - <?=_("Put a lot of effort convincing people in Germany to signup and be assured, he started work on a new RFC compliant CPS, spent countless hours helping with tech support, and so much more")?></li>
+<li>Guillaume Romagny - <?=_("He's constantly helping out on the support list, building up documentation and all round nice guy, he was even offered a free book and turned down the offer until there is a book on CAcert available!")?></li>
+<li>Adam Butler - <?=_("For much of the art work that exists on the website, t-shirt designs, much of the organisational work for Usenix '04, as well as a few published articles and written documents.")?></li>
+<li>Philipp Gühring - <?=_("Has put so much effort into CAcert I don't know where to begin, he managed to get the CPS Christian had started up to draft status, he has given countless hours to assuring people and attending conferences to help spread the word")?></li>
+<li>Evaldo Gardenali - <?=_("Has put a lot of time and effort into promoting and assuring people in Brazil and South America, and for helping to translate this site into Portuguese")?></li>
+<li>Ben Pollinger - <?=_("Did a substantial amount of work on the previous website design, and has been floating about on the mailing lists often giving invaluble insight into what we should be doing better.")?></li>
+<li>William Amaral - <?=_("Has been involved in translating this website into Portuguese")?></li>
+</ul>
diff --git a/pages/index/8.php b/pages/index/8.php
new file mode 100644
index 0000000..26acaa9
--- /dev/null
+++ b/pages/index/8.php
@@ -0,0 +1,27 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<p><b><? printf(_("The current %s board, and roles."), "CAcert Inc."); ?></b></p>
+<p>
+Lambert Hofstra - <?=_("President")?><br/>
+Daniel Black - <?=_("Vice-President")?><br/>
+Mark Lipscombe - <?=_("Secretary")?>, <?=_("Public Officer")?><br/>
+Ernestine Schwob - <?=_("Treasurer")?><br/>
+Nick Bebout - <?=_("member")?><br/>
+Ian Grigg - <?=_("member")?><br/>
+Mario Lipinski - <?=_("member")?><br/>
+</p>
diff --git a/pages/index/CVS/Entries b/pages/index/CVS/Entries
new file mode 100644
index 0000000..e71cfda
--- /dev/null
+++ b/pages/index/CVS/Entries
@@ -0,0 +1,21 @@
+/10.php/1.5/Sun Apr 6 19:45:25 2008//
+/12.php/1.6/Sun Apr 6 19:45:25 2008//
+/13.php/1.5/Sun Apr 6 19:45:25 2008//
+/16.php/1.12/Sun Apr 6 19:45:25 2008//
+/2.php/1.2/Sun Apr 6 19:45:25 2008//
+/3.php/1.12/Sun Apr 6 19:45:25 2008//
+/47.php/1.5/Sun Apr 6 19:45:25 2008//
+/51.php/1.2/Sun Apr 6 19:45:25 2008//
+/7.php/1.8/Sun Apr 6 19:45:25 2008//
+/17.php/1.10/Mon Aug 25 21:04:26 2008//
+/18.php/1.6/Mon Aug 25 21:04:26 2008//
+/19.php/1.6/Sun Sep 7 22:20:30 2008//
+/6.php/1.12/Tue Oct 7 16:49:50 2008//
+/11.php/1.24/Fri Apr 10 23:09:07 2009//
+/1.php/1.18/Mon Sep 7 22:36:32 2009//
+/21.php/1.3/Mon Sep 7 22:36:32 2009//
+/5.php/1.15/Mon Sep 7 22:36:32 2009//
+/8.php/1.13/Tue Sep 8 20:29:25 2009//
+/4.php/1.22/Sat Sep 19 23:32:57 2009//
+/0.php/1.31/Mon Sep 21 18:28:22 2009//
+D
diff --git a/pages/index/CVS/Repository b/pages/index/CVS/Repository
new file mode 100644
index 0000000..f9fcee5
--- /dev/null
+++ b/pages/index/CVS/Repository
@@ -0,0 +1 @@
+cacert/pages/index
diff --git a/pages/index/CVS/Root b/pages/index/CVS/Root
new file mode 100644
index 0000000..a363882
--- /dev/null
+++ b/pages/index/CVS/Root
@@ -0,0 +1 @@
+/var/lib/cvs
diff --git a/pages/wot/0.php b/pages/wot/0.php
new file mode 100644
index 0000000..465a3ac
--- /dev/null
+++ b/pages/wot/0.php
@@ -0,0 +1,21 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<h3><?=_("CAcert Web of Trust")?></h3>
+
+<p><?=_("CAcert.org was designed to be by the community for the community, and instead of placing all the labour on a central authority and in turn increasing the cost of certificates, the idea was to get community in conjunction with this website to have trust maintained in a dispersed and automated manner!")?></p>
+
diff --git a/pages/wot/1.php b/pages/wot/1.php
new file mode 100644
index 0000000..a45b5df
--- /dev/null
+++ b/pages/wot/1.php
@@ -0,0 +1,123 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
+ $total1 =$res['summe'];
+
+ $locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
+ $regid=array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
+ $ccid=array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
+
+ echo "<ul class='top'>\n<li>";
+ echo "<a href='wot.php?id=1'>"._("Home")." ("._("Listed").": $total1)</a>\n";
+
+ $display = "";
+ if($locid > 0)
+ {
+ $loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'"));
+ $display = "<ul class='top'>\n<li>\n".
+ "<a href='wot.php?id=1&locid=".$locid."'>".$loc['name']." ("._("Listed").": ".$loc['acount'].")</a>\n".
+ $display;
+ $regid = $loc['regid'];
+ }
+
+ if($regid > 0)
+ {
+ $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'"));
+ $display = "<ul class='top'>\n<li>\n".
+ "<a href='wot.php?id=1&regid=".$regid."'>".$reg['name']." ("._("Listed").": ".$reg['acount'].")</a>\n".
+ $display;
+ $ccid = $reg['ccid'];
+ }
+
+ if($ccid > 0)
+ {
+ $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$ccid."'"));
+ $display = "<ul class='top'>\n<li>\n".
+ "<a href='wot.php?id=1&ccid=".$ccid."'>".$cnt['name']." ("._("Listed").": ".$cnt['acount'].")</a>\n".
+ $display;
+ }
+
+ if($display)
+ echo $display;
+
+ if($ccid <= 0)
+ {
+ echo "<ul>\n";
+ $query = "select * from countries where acount>0 order by `name`";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ echo "<li><a href='wot.php?id=1&ccid=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n";
+ }
+ echo "</ul>\n</li>\n</ul>\n<br>\n";
+ } elseif($ccid > 0 && $regid <= 0 && $locid <= 0) {
+ echo "<ul>\n";
+ $query = "select * from regions where ccid='".$ccid."' and acount>0 order by `name`";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ echo "<li><a href='wot.php?id=1&regid=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n";
+ }
+ echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
+ } elseif($regid > 0 && $locid <= 0) {
+ echo "<ul>\n";
+ $query = "select * from locations where regid='".$regid."' and acount>0 order by `name`";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ echo "<li><a href='wot.php?id=1&locid=".$row['id']."'>".$row['name']." ("._("Listed").": ".$row['acount'].")</a></li>\n";
+ }
+ echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
+ } elseif($locid > 0){
+ echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
+ }
+ if($locid>0 || $regid>0 || $ccid>0)
+ {
+ $query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and
+ `ccid`='".$ccid."' and `regid`='".$regid."' and
+ `locid`='".$locid."' and `users`.`id`=`notary`.`to`
+ group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
+ $list = mysql_query($query);
+ if(mysql_num_rows($list) > 0)
+ {
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="550">
+ <tr>
+ <td class="title"><?=_("Name")?></td>
+ <td class="title"><?=_("Max Points")?></td>
+ <td class="title"><?=_("Contact Details")?></td>
+ <td class="title"><?=_("Email Assurer")?></td>
+ <td class="title"><?=_("Assurer Challenge")?></td>
+
+ </tr>
+<? while($row = mysql_fetch_assoc($list)) { ?>
+ <tr>
+ <td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td>
+ <td class="DataTD"><?=maxpoints($row['id'])?></td>
+ <td class="DataTD"><?=$row['contactinfo']?></td>
+ <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td>
+ <td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td>
+
+ </tr>
+<? }
+ }
+?>
+</table>
+<br>
+<? } ?>
diff --git a/pages/wot/10.php b/pages/wot/10.php
new file mode 100644
index 0000000..51ed019
--- /dev/null
+++ b/pages/wot/10.php
@@ -0,0 +1,124 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Assurer Ranking")?></td>
+ </tr>
+ <tr>
+<?
+ $query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
+ WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
+ AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
+ $res = mysql_query($query);
+ $row = mysql_fetch_assoc($res);
+ $rc = intval($row['list']);
+/*
+ $query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
+ WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
+ GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
+*/
+ $query = "SELECT count(*) AS `list` FROM `users`
+ inner join `notary` on `users`.`id` = `notary`.`from`
+ GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
+
+ $rank = mysql_num_rows(mysql_query($query)) + 1;
+?>
+ <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($rc), intval($rank))?></td>
+ </tr>
+</table>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="6" class="title"><?=_("Your Assurance Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ </tr>
+<?
+ $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'"));
+?>
+ <tr>
+ <td class="DataTD"><?=$row['id']?></td>
+ <td class="DataTD"><?=$row['date']?></td>
+ <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
+ <td class="DataTD"><?=$row['points']?></td>
+ <td class="DataTD"><?=$row['location']?></td>
+ <td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="3"><b><?=_("Total Points")?>:</b></td>
+ <td class="DataTD"><?=intval($_SESSION['profile']['points'])?></td>
+ <td class="DataTD" colspan="2">&nbsp;</td>
+ </tr>
+</table>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="6" class="title"><?=_("Assurance Points You Issued")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ </tr>
+<?
+ $points = 0;
+ $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'"));
+ $points += $row['points'];
+ $name = trim($fromuser['fname']." ".$fromuser['lname']);
+ if($name == "")
+ $name = _("Deleted before Verification");
+ else
+ $name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>$name</a>";
+?>
+ <tr>
+ <td class="DataTD"><?=intval($row['id'])?></td>
+ <td class="DataTD"><?=$row['date']?></td>
+ <td class="DataTD"><?=$name?></td>
+ <td class="DataTD"><?=intval($row['points'])?></td>
+ <td class="DataTD"><?=$row['location']?></td>
+ <td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="3"><b><?=_("Total Points Issued")?>:</b></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD" colspan="2">&nbsp;</td>
+ </tr>
+</table>
+<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
+
diff --git a/pages/wot/11.php b/pages/wot/11.php
new file mode 100644
index 0000000..e25a862
--- /dev/null
+++ b/pages/wot/11.php
@@ -0,0 +1,52 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? if($_SESSION['profile']['admin'] == 1) { ?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Organisational Assurance")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("Organisation Title")?>:</b></td>
+ <td class="DataTD">&nbsp;</td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("Contact Email")?>:</b></td>
+ <td class="DataTD">&nbsp;</td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("Town/Suburb")?>:</b></td>
+ <td class="DataTD">&nbsp;</td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("State/Province")?>:</b></td>
+ <td class="DataTD">&nbsp;</td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("Country")?>:</b></td>
+ <td class="DataTD">&nbsp;</td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("Comments")?>:</b></td>
+ <td class="DataTD">&nbsp;</td>
+ </tr>
+</table>
+<? } else { ?>
+<p><?=_("This page is a work in Progress. Please see this")?>
+<a href="http://wiki.cacert.org/wiki/OrganisationEntities"><?=_("article on the Wiki")?></a>
+<?=_("for more information about Organizational Support.")?></a></p>
+<? } ?>
diff --git a/pages/wot/12.php b/pages/wot/12.php
new file mode 100644
index 0000000..a0bbf50
--- /dev/null
+++ b/pages/wot/12.php
@@ -0,0 +1,135 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+
+<? if(!array_key_exists('location',$_REQUEST) || $_REQUEST['location'] == "") { ?>
+<script language="javascript" src="/ac.js"></script>
+<script language="javascript">
+<!--
+function oncomplete() {
+ document.f.submit();
+}
+// -->
+</script>
+<p><?=_("Please enter your town or suburb name, followed by region or state or province and then the country (please separate by commas)")?><br />
+<?=_("eg Sydney, New South Wales, Australia")?></p>
+<p><?=_("This is an AJAX form which depends heavily on javascript for auto-complete functionality and while it will work without javascript the usability will be heavily degraded.")?></p>
+<form name="f" action="wot.php" method="post">
+<input type='hidden' name='oldid' value='12' />
+<table>
+ <tr>
+ <td align=right valign=middle><?=_("Maximum Distance:")?></td>
+ <td><select name="maxdist">
+<?
+ $arr = array(10, 25, 50, 100, 250, 500, 1000);
+ foreach($arr as $val)
+ {
+ echo "<option value='$val'";
+ if(array_key_exists('maxdist',$_REQUEST) && $val == $_REQUEST['maxdist'])
+ echo " selected";
+ echo ">${val}km</option>\n";
+ }
+?>
+ </td>
+ </tr>
+ <tr>
+ <td align=right valign=middle><?=_("Location:")?></td>
+ <td><input autocomplete="off" type="text" id="location" name="location" value="" size="50" /> <input type="submit" name="process" value="Go"></td>
+ </tr>
+</table>
+
+</form>
+<script language="javascript">
+<!--
+var ac1 = new AC('location', 'location', oncomplete);
+ac1.enable_unicode();
+document.f.location.focus();
+// -->
+</script>
+<? } else {
+ if(intval($_REQUEST['location']) == 0)
+ {
+ $bits = explode(",", $_REQUEST['location']);
+
+ $loc = trim(mysql_escape_string($bits['0']));
+ $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1']));
+ $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2']));
+
+ $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
+ `locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
+ `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
+ order by `locations`.`name` limit 1";
+ $res = mysql_query($query);
+ if($reg != "" && $ccname == "" && mysql_num_rows($res) <= 0)
+ {
+ $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
+ `locations`.`name` like '$loc%' and `countries`.`name` like '$reg%' and
+ `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
+ order by `locations`.`name` limit 1";
+ $res = mysql_query($query);
+ }
+ if(mysql_num_rows($res) <= 0)
+ die(_("Unable to find suitable location"));
+ $row = mysql_fetch_assoc($res);
+ $_REQUEST['location'] = $row['locid'];
+ }
+
+ $maxdist = intval($_REQUEST['maxdist']);
+
+ $locid = intval($_REQUEST['location']);
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+ if($maxdist <= 10)
+ {
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + (COS(PI() * $loc[lat] / 180 ) *
+ COS(PI() * `locations`.`lat` / 180) * COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`,
+ `locations`.`name` AS `location`, concat(`users`.`fname`, ' ', LEFT(`users`.`lname`, 1)) AS `name`, `long`, `lat`,
+ `users`.`id` as `uid`, `contactinfo` FROM `locations`, `users` WHERE `users`.`locid` = `locations`.`id` AND
+ `users`.`assurer` = 1 AND `users`.`listme` = 1 HAVING `distance` <= '$maxdist' ORDER BY `distance`";
+ } else {
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + (COS(PI() * $loc[lat] / 180 ) *
+ COS(PI() * `locations`.`lat` / 180) * COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`,
+ `locations`.`name` AS `location`, concat(`users`.`fname`, ' ', LEFT(`users`.`lname`, 1)) AS `name`, `long`, `lat`,
+ `users`.`id` as `uid`, `contactinfo` FROM `locations`, `users` WHERE `users`.`locid` = `locations`.`id` AND
+ `users`.`assurer` = 1 AND `users`.`listme` = 1 HAVING `distance` <= '$maxdist' ORDER BY `distance` LIMIT 50";
+ //echo $query;
+ }
+ $res = mysql_query($query);
+?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="700">
+ <tr>
+ <td class="title"><?=_("Name")?></td>
+ <td class="title"><?=_("Distance")?></td>
+ <td class="title"><?=_("Max Points")?></td>
+ <td class="title"><?=_("Contact Details")?></td>
+ <td class="title"><?=_("Email Assurer")?></td>
+ </tr>
+<? while($row = mysql_fetch_assoc($res))
+ {
+ $points = maxpoints($row['uid']);
+ if($points > 35)
+ $points = 35;
+?>
+ <tr>
+ <td class="DataTD" width="100"><nobr><?=$row['name']?></nobr></td>
+ <td class="DataTD"><?=$row['distance']?>km</td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD"><?=$row['contactinfo']?></td>
+ <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=$row['uid']?>"><?=_("Email Me")?></a></td>
+ </tr>
+<? } ?>
+</table>
+<? } ?>
diff --git a/pages/wot/13.php b/pages/wot/13.php
new file mode 100644
index 0000000..eac7e18
--- /dev/null
+++ b/pages/wot/13.php
@@ -0,0 +1,102 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+if(array_key_exists('location',$_REQUEST) && $_REQUEST['location'] != "") {
+ if(intval($_REQUEST['location']) == 0)
+ {
+ $bits = explode(",", $_REQUEST['location']);
+
+ $loc = trim(mysql_escape_string($bits['0']));
+ $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1']));
+ $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2']));
+ $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
+ `locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and
+ `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
+ order by `locations`.`name` limit 1";
+ $res = mysql_query($query);
+ if($reg != "" && $ccname == "" && mysql_num_rows($res) <= 0)
+ {
+ $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where
+ `locations`.`name` like '$loc%' and `countries`.`name` like '$reg%' and
+ `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id`
+ order by `locations`.`name` limit 1";
+ $res = mysql_query($query);
+ }
+ if(mysql_num_rows($res) <= 0)
+ die("Unable to find suitable location");
+
+ $row = mysql_fetch_assoc($res);
+ $_REQUEST['location'] = $row['locid'];
+ }
+
+ $locid = intval($_REQUEST['location']);
+ $query = "select * from `locations` where `id`='$locid'";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0)
+ {
+ $loc = mysql_fetch_assoc($res);
+ $_SESSION['profile']['ccid'] = $loc['ccid'];
+ $_SESSION['profile']['regid'] = $loc['regid'];
+ $_SESSION['profile']['locid'] = $loc['id'];
+ $query = "update `users` set `locid`='$loc[id]', `regid`='$loc[regid]', `ccid`='$loc[ccid]' where `id`='".$_SESSION['profile']['id']."'";
+ mysql_query($query);
+ echo "<p>"._("Your location has been updated")."</p>\n";
+ } else {
+ echo "<p>"._("I was unable to match your location with places in my database.")."</p>\n";
+ }
+}
+
+ $query = "select `name` from `locations` where `id`='".$_SESSION['profile']['locid']."'";
+ $res = mysql_query($query);
+ $loc = mysql_fetch_assoc($res);
+ $query = "select `name` from `regions` where `id`='".$_SESSION['profile']['regid']."'";
+ $res = mysql_query($query);
+ $reg = mysql_fetch_assoc($res);
+ $query = "select `name` from `countries` where `id`='".$_SESSION['profile']['ccid']."'";
+ $res = mysql_query($query);
+ $cc = mysql_fetch_assoc($res);
+?>
+<script language="javascript" src="/ac.js"></script>
+<script language="javascript">
+<!--
+function oncomplete() {
+ document.f.submit();
+}
+// -->
+</script>
+<p><?=_("Please enter your town or suburb name, followed by region or state or province and then the country (please separate by commas)")?><br />
+<?=_("eg Sydney, New South Wales, Australia")?></p>
+<p><?=_("This is an AJAX form which depends heavily on javascript for auto-complete functionality and while it will work without javascript the usability will be heavily degraded.")?></p>
+<p><?=sprintf(_("Your current location is set as: %s"), "$loc[name], $reg[name], $cc[name]")?></p>
+<form name="f" action="wot.php" method="post">
+<input type='hidden' name='id' value='13' />
+<table>
+ <tr>
+ <td align=right valign=middle><?=_("Location:")?></td>
+ <td><input autocomplete="off" type="text" id="location" name="location" value="" size="50" /> <?=_("(hit enter to submit)")?></td>
+ </tr>
+</table>
+
+</form>
+<script language="javascript">
+<!--
+var ac1 = new AC('location', 'location', oncomplete);
+ac1.enable_unicode();
+document.f.location.focus();
+// -->
+</script>
diff --git a/pages/wot/14.php b/pages/wot/14.php
new file mode 100644
index 0000000..21c5873
--- /dev/null
+++ b/pages/wot/14.php
@@ -0,0 +1,47 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+
+<p>This is a demo page, which isn't fully functional yet.</p>
+
+<p><?=sprintf(_("If you have a %sSignaturecard%s (also called 'Buergerkarte'), you can digitally sign your assurance request here, and get 50 CAcert points:"),"<a href='http://www.buergerkarte.at/'>","</a>")?><br /></p>
+
+<p><?=sprintf(_("To get assured with your Signaturecard, you need the Software from <a href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>. To activate your E-Card, please go to <a href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>."))?></p>
+
+
+<pre><?=sanitizeHTML($_REQUEST['XMLResponse'])?></pre>
+
+<h1>1. Step: Assurance form</h1>
+
+<form name="form" method="post" action="http://localhost:3495/http-security-layer-request"/>
+ <input type="submit" name="Weiter" value="Start Assurance">
+ <input type="hidden" name="XMLRequest" value="&lt;CreateXMLSignatureRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/20020831#' xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'>&lt;KeyboxIdentifier>CertifiedKeypair&lt;/KeyboxIdentifier>&lt;DataObjectInfo Structure='enveloping'>&lt;sl10:DataObject>&lt;sl10:XMLContent>Mit dieser Signatur beantragen Sie die Assurance ihres CAcert Accounts '<?=$_SESSION['profile']['email']?>' mit ihrer Buergerkarte.&lt;/sl10:XMLContent>&lt;/sl10:DataObject>&lt;sl10:TransformsInfo>&lt;sl10:FinalDataMetaInfo>&lt;sl10:MimeType>text/plain&lt;/sl10:MimeType>&lt;/sl10:FinalDataMetaInfo>&lt;/sl10:TransformsInfo>&lt;/DataObjectInfo>&lt;/CreateXMLSignatureRequest>"/>
+ <input type="hidden" name="actualtest_" value="4"/>
+ <input type="hidden" name="DataURL" value="https://www.cacert.org/tverify/seclayer.php?id=14&amp;user=<?=$_SESSION['profile']['email']?>"/>
+ <input type="hidden" name="TestResult_" value="&lt;strong&gt;TestResult&lt;/strong&gt;"/>
+</form>
+
+<h1>2. Step: Person binding (Birthday)</h1>
+
+<form name="form" method="post" action="http://localhost:3495/http-security-layer-request"/>
+ <input type="submit" name="Weiter" value="Read birthday from Card">
+ <input type="hidden" name="XMLRequest" value="&lt;InfoboxReadRequest xmlns=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot;&gt;&lt;InfoboxIdentifier&gt;IdentityLink&lt;/InfoboxIdentifier&gt;&lt;BinaryFileParameters ContentIsXMLEntity=&quot;true&quot;/&gt;&lt;/InfoboxReadRequest&gt;"/>
+ <input type="hidden" name="actualtest_" value="4"/>
+ <input type="hidden" name="DataURL" value="https://www.cacert.org/tverify/seclayer.php?id=14&amp;user=<?=$_SESSION['profile']['email']?>"/>
+ <input type="hidden" name="TestResult_" value="&lt;strong&gt;TestResult&lt;/strong&gt;"/>
+</form>
+
diff --git a/pages/wot/2.php b/pages/wot/2.php
new file mode 100644
index 0000000..a75bc57
--- /dev/null
+++ b/pages/wot/2.php
@@ -0,0 +1,36 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<span style="background-color: #FF8080; font-size: 150%">
+Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br>
+Until a subsidiary policy under AP is written, it is against AP rules.<br>
+</span>
+&nbsp;<br>
+<h3><?=_("To become an Assurer")?></h3>
+
+<p><?=_("There are several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!).")?></p>
+
+<p><?=_("You can also become a CAcert Assurer by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p>
+
+<p>CAcert Inc.<br>
+P.O. Box 4107<br>
+Denistone East NSW 2112<br>
+Australia</p>
+
+<p><?=_("Upon receiving your documents you will be notified, and points will be added to your account.")?></p>
+
+<p><?=_("Once you have received at least 100 Assurance Points you will have to pass a test called Assurer Challenge, which can be started at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>!'?></p>
diff --git a/pages/wot/3.php b/pages/wot/3.php
new file mode 100644
index 0000000..0864ffd
--- /dev/null
+++ b/pages/wot/3.php
@@ -0,0 +1,47 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<h3><?=_("CAcert Web of Trust Rules")?></h3>
+
+<p><?=_("It is essential that CAcert Assurers understand and follow the rules below to ensure that applicants for assurance are suitably identified, which, in turn, maintains trust in the system.")?></p>
+
+<p><?=_("Contact")?><br>
+<br>
+* <?=_("You must meet the applicant in person;")?><br>
+* <?=_("You must sight at least one form of government issued photo identification. It's preferable if 2 forms of Government issued photo ID are presented, as less points may be issued if there is any doubt on the person by the person issuing points;")?><br>
+* <?=_("Complete the assurance form if the applicant has not already done so. Ensure that all information matches.")?><br>
+</p>
+
+<p><?=_("Processing")?><br>
+<?=_("After the meeting, visit the CAcert Web site's make an Assurance page and:")?><br>
+<br>
+* <?=_("Enter the applicant's email address;")?><br>
+* <?=_("Compare the online information to the information recorded on the paper form;")?><br>
+* <?=_("If, and only if, the two match completely - you may award trust points up to the maximum points you are able to allocate;")?><br>
+</p>
+
+<p><?=_("Privacy")?><br>
+<?=_("It is imperative that you maintain the confidentiality and privacy of the applicant, and never disclose the information obtained without the applicant's consent.")?></p>
+
+<p><?=_("Fees")?><br>
+<?=_("You may charge a fee for your expenses if the applicant has been advised of the amount prior to the meeting.")?></p>
+
+<p><?=_("Liability")?><br>
+<?=_("A CAcert Assurer who knowingly, or reasonably ought to have known, assures an applicant contrary to this policy may be held liable.")?></p>
+
+<p><?=_("Assurance Points")?><br>
+<?=_("CAcert may, from time to time, alter the amount of Assurance Points that a class of assurer may assign as is necessary to effect a policy or rule change. We may also alter the amount of Assurance Points available to an individual, or new class of assurer, should another policy of CAcert require this.")?></p>
diff --git a/pages/wot/4.php b/pages/wot/4.php
new file mode 100644
index 0000000..0da72da
--- /dev/null
+++ b/pages/wot/4.php
@@ -0,0 +1,32 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<span style="background-color: #FF8080; font-size: 150%">
+Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br>
+Until a subsidiary policy under AP is written, it is against AP rules.<br>
+</span>
+&nbsp;<br>
+<h3><?=_("Trusted Third Parties")?></h3>
+
+<p><?=_("A trusted 3rd party is simply someone in your country that is responsible for witnessing signatures and ID documents. This role is covered by many different titles such as public notary, justice of the peace and so on. Other people are allowed to be authoritative in this area as well, such as bank managers, accountants and lawyers.")?></p>
+
+<p><?=_("You can become a CAcert Assurer by seeking out trusted 3rd parties. You will also need to download and print out a copy of the TTP Form (found under 'CAP/TTP Forms') and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p>
+
+<p>CAcert Inc.<br>
+P.O. Box 4107<br>
+Denistone East NSW 2112<br>
+Australia</p>
diff --git a/pages/wot/5.php b/pages/wot/5.php
new file mode 100644
index 0000000..6c53d00
--- /dev/null
+++ b/pages/wot/5.php
@@ -0,0 +1,83 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/shutdown.php");
+?>
+<?
+ if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
+ {
+ if(array_key_exists('reminderset',$_SESSION['_config']) && $_SESSION['_config']['remindersent'] == 1)
+ {
+ ?><font color="orange" size="+1"><?
+ }
+ else
+ {
+ ?><font color="orange" size="+1"><?=_("ERROR")?>: <?
+ }
+ echo $_SESSION['_config']['error']."</font>";
+ unset($_SESSION['_config']['error']);
+ }
+?>
+<? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>
+<form method="post" action="wot.php">
+<input type="hidden" name="email" value="<?=sanitizeHTML($_POST['email'])?>"><br>
+<select name="reminder-lang">
+<?
+ if($_SESSION['_config']['reminder-lang'] == "")
+ $_SESSION['_config']['reminder-lang'] = $_SESSION['profile']['language'];
+ foreach($_SESSION['_config']['translations'] as $key => $val)
+ {
+ echo "<option value='$key'";
+ if($key == $_SESSION['_config']['reminder-lang'])
+ echo " selected";
+ echo ">$val</option>\n";
+ }
+?>
+ </select><br>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="submit" name="reminder" value="<?=_("Send reminder notice")?>">
+</form>
+<? unset($_SESSION['_config']['noemailfound']); } ?>
+<form method="post" action="wot.php" name="form1">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Assure Someone")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+<? if(array_key_exists('remindersent',$_SESSION['_config']) && $_SESSION['_config']['remindersent'] == 1) { unset($_SESSION['_config']['remindersent']) ?>
+ <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
+<? } else { ?>
+ <td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td>
+<? } ?>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
+<SCRIPT LANGUAGE="JavaScript">
+//<![CDATA[
+ function my_init()
+ {
+ document.getElementById("email").focus();
+ }
+
+ window.onload = my_init();
+//]]>
+</script>
diff --git a/pages/wot/6.php b/pages/wot/6.php
new file mode 100644
index 0000000..bc37aa2
--- /dev/null
+++ b/pages/wot/6.php
@@ -0,0 +1,170 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ if(!array_key_exists('notarise',$_SESSION['_config']))
+ {
+ echo "Error: No user data found.";
+ exit;
+ }
+
+ $row = $_SESSION['_config']['notarise'];
+
+ if(!array_key_exists('pointsalready',$_SESSION['_config'])) $_SESSION['_config']['pointsalready']=0;
+
+
+ if($_SESSION['profile']['ttpadmin'] == 1 && $_SESSION['profile']['board'] == 1)
+ {
+ $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "Thawte Points Transfer", "Administrative Increase", "CT Magazine - Germany");
+ } else if($_SESSION['profile']['ttpadmin'] == 1) {
+ $methods = array("Face to Face Meeting", "Trusted 3rd Parties");
+ }
+
+ $cap = "/cap.php?";
+ $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
+ $_SESSION['_config']['wothash'] = md5($name."-".$row['dob']);
+ while(strstr($name, " "))
+ $name = str_replace(" ", " ", $name);
+ $cap .= "name=".urlencode($name);
+ $cap .= "&amp;dob=".urlencode($row['dob']);
+ $cap .= "&amp;email=".urlencode($row['email']);
+ $name = $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'];
+ while(strstr($name, " "))
+ $name = str_replace(" ", " ", $name);
+ $cap .= "&amp;assurer=".urlencode($name);
+ $cap .= "&amp;date=now";
+ $cap .= "&amp;maxpoints=".maxpoints();
+
+ $maxpoints = maxpoints();
+ if($maxpoints > 100)
+ $maxpoints = 100;
+
+ if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?>
+<form method="post" action="wot.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
+ <tr>
+ <td colspan="2" class="title"><?=_("Assurance Confirmation")?></td>
+ </tr>
+<? if(array_key_exists('alreadydone',$_SESSION['_config']) && $_SESSION['_config']['alreadydone'] == 1) { ?>
+ <tr>
+ <td class="DataTD" colspan="2" align="left" style="color: red;"><b><?=_("PLEASE NOTE: You have already assured this person before! If this is unintentional please DO NOT CONTINUE with this assurance.")?></b></td>
+ </tr>
+<?
+ } if(100 - $_SESSION['_config']['pointsalready'] - $maxpoints < 0) {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2" align="left" style="color: red;"><b><? printf(_("This person already has %s assurance points. Any points you give this person may be rounded down, or they may not even get any points. If you have less then 150 points you will still receive 2 points for assuring them."), $_SESSION['_config']['pointsalready']); ?></b></td>
+ </tr>
+<? }
+
+ $query = "select `verified` from `users` where `id`='".$row['id']."'";
+ $res = mysql_query($query);
+ $drow = mysql_fetch_assoc($res);
+ //if($_SESSION['_config']['verified'] <= 0)
+ if($drow['verified']<=0)
+ { ?>
+ <tr>
+ <td class="DataTD" colspan="2" align="left" style="color: red;"><b><?=_("You are about to assure a person that isn't currently verified. If you continue and they do not verify their account within 48 hours the account could automatically be removed by the system.")?></b></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD" colspan="2" align="left"><? printf(_("Please check the following details match against what you witnessed when you met %s in person. You MUST NOT proceed unless you are sure the details are correct. You may be held responsible by the CAcert Arbitrator for any issues with this Assurance."), $row['fname']); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Name")?>:</td>
+ <td class="DataTD"><?=$row['fname']?> <?=$row['mname']?> <?=$row['lname']?> <?=$row['suffix']?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Date of Birth")?>:</td>
+ <td class="DataTD"><?=$row['dob']?> (<?=_("YYYY-MM-DD")?>)</td>
+ </tr>
+<? if($_SESSION['profile']['ttpadmin'] == 1) { ?>
+ <tr>
+ <td class="DataTD"><?=_("Method")?>:</td>
+ <td class="DataTD"><select name="method">
+<? foreach($methods as $val) { ?>
+ <option value="<?=$val?>"<? if(array_key_exists('method',$_POST) && $val == $_POST['method']) echo " selected"; ?>><?=$val?></option>
+<? } ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Only tick the next box if the Assurance was face to face.")?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><input type="checkbox" name="certify" value="1"<? if(array_key_exists('certify',$_POST) && $_POST['certify'] == 1) echo " checked"; ?>></td>
+ <td class="DataTD"><? printf(_("I certify that %s %s %s has appeared in person"), $row['fname'], $row['mname'], $row['lname']); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location")?>:</td>
+ <td class="DataTD"><input type="text" name="location" value="<?=array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:""?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Date")?>:</td>
+ <td class="DataTD"><input type="text" name="date" value="<?=array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:""?>"><br><?=_("Only fill this in if you assured the person on a different day")?></td>
+ </tr>
+<? if($_SESSION['profile']['board'] == 1 && $_SESSION['_config']['pointsalready'] <= 150) { ?>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Issuing a temporary increase will automatically boost their points to 200 points for a nomindated amount of days, after which the person will be reduced to 150 points regardless of the amount of points they had previously. Regardless of method chosen above it will be recorded in the system as an Administrative Increase and there is a maximum amount of 45 days that points can be issued for.")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><nobr><?=_("Temporary Increase")?>:</nobr><br><nobr><?=_("Number of days")?></nobr></td>
+ <td class="DataTD"><input type="text" name="expire" value="<?=intval(array_key_exists('expire',$_POST)?$_POST['expire']:0)?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><nobr><?=_("Sponsoring Member")?>:</td>
+ <td class="DataTD"><select name="sponsor">
+<?
+ $query = "select * from `users` where `board`='1' and `id`!='".intval($_SESSION['profile']['id'])."'";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+?>
+ <option value="<?=$row['id']?>"<? if(array_key_exists('sponsor',$_POST) && $row['id'] == $_POST['sponsor']) echo " selected='selected'"; ?>><?=$row['fname']." ".$row['lname']?></option>
+<? } ?>
+ </select>
+ </td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><input type="checkbox" name="assertion" value="1"<? if(array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1) echo " checked='checked'"; ?>></td>
+ <td class="DataTD"><?=_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible.")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><input type="checkbox" name="rules" value="1"<? if(array_key_exists('rules',$_POST) && $_POST['rules'] == 1) echo " checked='checked'"; ?>></td>
+ <td class="DataTD"><?=_("I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook.")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Policy")?>:</td>
+ <td class="DataTD"><a href="/policy/AssurancePolicy.php" target="_NEW"><?=_("Assurance Policy")?></a> - <a href="http://wiki.cacert.org/AssuranceHandbook2" target="_NEW"><?=_("Assurance Handbook")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Points")?>:<br><nobr>(Max <?=maxpoints()?>)</nobr></td>
+ <td class="DataTD"><input type="text" name="points" value=""></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("WoT Form")?>:</td>
+ <td class="DataTD"><a href="<?=$cap?>" target="_NEW">A4 - <?=_("WoT Form")?></a> <a href="<?=$cap?>&amp;format=letter" target="_NEW">US - <?=_("WoT Form")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("I confirm this Assurance")?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff --git a/pages/wot/7-old.php b/pages/wot/7-old.php
new file mode 100644
index 0000000..af167a0
--- /dev/null
+++ b/pages/wot/7-old.php
@@ -0,0 +1,183 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+exit;
+if($_GET['action'] != "update")
+{
+ $total1 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `users`.`id`=`notary`.`to`
+ group by `notary`.`to` HAVING SUM(`points`) >= 100"));
+
+ $town = mysql_escape_string(stripslashes($_GET['town']));
+ $start = intval($_GET['start']);
+ $limit = 25;
+
+ echo "<div id='listshow'><ul class='top'>\n<li>";
+ echo "<a href='wot.php?id=7'>"._("Home")." ("._("Listed").": $total1)</a>\n";
+
+ $display = "";
+ $ccid=intval($_GET['ccid']);
+ $locid=intval($_GET['locid']);
+ $regid=intval($_GET['regid']);
+
+ if($locid > 0)
+ {
+ $total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$locid."' and
+ `users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
+ $loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'"));
+ $display = "<ul class='top'>\n<li>\n".
+ "<a href='wot.php?id=7&locid=".$locid."'>$loc[name] ("._("Listed").": $total4)</a>\n".
+ $display;
+ $regid = $loc['regid'];
+ }
+
+ if($regid > 0)
+ {
+ $total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$regid."' and
+ `users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
+ $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'"));
+ $display = "<ul class='top'>\n<li>\n".
+ "<a href='wot.php?id=7&regid=".$regid."'>$reg[name] ("._("Listed").": $total3)</a>\n".
+ $display;
+ $ccid = $reg['ccid'];
+ }
+
+ if($ccid > 0)
+ {
+ $total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
+ `ccid`='".$ccid."' and `users`.`id`=`notary`.`to`
+ group by `notary`.`to` HAVING SUM(`points`) >= 100"));
+ $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$ccid."'"));
+ $display = "<ul class='top'>\n<li>\n".
+ "<a href='wot.php?id=7&ccid=".$ccid."'>$cnt[name] ("._("Listed").": $total2)</a>\n".
+ $display;
+ }
+
+ if($display)
+ echo $display;
+
+ if($ccid <= 0)
+ {
+ echo "<ul>\n";
+ $query = "select * from `countries` order by `name`";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ echo "<li><a href='wot.php?id=7&ccid=$row[id]'>$row[name]</a></li>\n";
+
+ echo "</ul>\n</li>\n</ul></div>\n<br>\n";
+ } elseif($regid <= 0) {
+ echo "<ul>\n";
+ $query = "select * from `regions` where `ccid`='".$ccid."' order by `name`";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ echo "<li><a href='wot.php?id=7&regid=$row[id]'>$row[name]</a></li>\n";
+
+ echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
+ } elseif($locid <= 0) {
+ echo "<ul>\n";
+ if($town != "")
+ {
+ $query = "select * from `locations` where `regid`='".$regid."' and `name` < '$town'";
+ $start = mysql_num_rows(mysql_query($query));
+ }
+ $query = "select * from `locations` where `regid`='".$regid."' order by `name` limit $start, $limit";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ echo "<li><a href='wot.php?id=7&locid=$row[id]'>$row[name]</a></li>\n";
+
+ echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
+ $rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='".$regid."'"));
+ if($start > 0)
+ {
+ $prev = $start - $limit;
+ if($prev < 0)
+ $prev = 0;
+
+ $st = "[ <a href='wot.php?id=7&regid=".$regid."'><< Start</a> ] ";
+ $prev = "[ <a href='wot.php?id=7&regid=".$regid."&start=$prev'>< Previous $limit</a> ] ";
+ }
+ if($start < $rc - $limit)
+ {
+ $next = $start + $limit;
+ $last = $rc - $limit;
+
+ $next = "[ <a href='wot.php?id=7&regid=".$regid."&start=$next'>Next $limit ></a> ] ";
+ $end = "[ <a href='wot.php?id=7&regid=".$regid."&start=$last'>End >></a> ]";
+ }
+ echo "<div id='search1'>$st</div><div id='search3'>$end</div>\n";
+ echo "<div id='search2'>$prev</div><div id='search4'>$next</div>\n";
+?>
+<div align="left">
+<form method="get" action="wot.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="200">
+ <tr>
+ <td colspan="2" class="title"><?=_("Search this region")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" width="125"><?=_("Location Name")?>: </td>
+ <td class="DataTD" width="125"><input type="text" name="town" value="<?=sanitizeHTML($_GET['town'])?>" size="10"></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Search")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="regid" value="<?=$regid?>">
+<input type="hidden" name="id" value="7">
+</form>
+</div>
+<?
+ } else {
+ echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
+ echo "<p><a href='wot.php?id=7&action=update&locid=".$locid."'>";
+ echo _("Make my location here");
+ echo "</a></p>\n";
+ echo "<p>"._("If you are happy with this location, click 'Make my location here' to update your location details.")."</p><br>\n";
+ }
+} else {
+ $total1 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `users`.`id`=`notary`.`to`
+ group by `notary`.`to` HAVING SUM(`points`) >= 100"));
+
+ if($locid > 0)
+ {
+ $total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$locid."' and
+ `users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
+ $loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'"));
+ $regid = $loc['regid'];
+ }
+
+ if($regid) > 0)
+ {
+ $total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$regid."' and
+ `users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
+ $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'"));
+ $ccid = $reg['ccid'];
+ }
+
+ $total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
+ `ccid`='".$ccid."' and `users`.`id`=`notary`.`to`
+ group by `notary`.`to` HAVING SUM(`points`) >= 100"));
+
+ $_SESSION['profile']['ccid'] = $ccid;
+ $_SESSION['profile']['regid'] = $regid;
+ $_SESSION['profile']['locid'] = $locid;
+
+ mysql_query("update `users` set `ccid`='".$ccid."',`regid`='".$regid."',`locid`='".$locid."'
+ where `id`='".$_SESSION['profile']['id']."'");
+
+ echo _("Your details have been updated.");
+}
+?>
diff --git a/pages/wot/8.php b/pages/wot/8.php
new file mode 100644
index 0000000..af67d0b
--- /dev/null
+++ b/pages/wot/8.php
@@ -0,0 +1,44 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><font color="#ff0000">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?>
+<form method="post" action="wot.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("My Listing")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Directory Listing")?>:</td>
+ <td class="DataTD" align="left">
+ <select name="listme">
+ <option value="0"><?=_("I don't want to be listed")?></option>
+ <option value="1"<? if($_SESSION['profile']['listme'] == 1) echo " selected"; ?>><?=_("I want to be listed")?></option>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Contact information")?>:</td>
+ <td class="DataTD"><textarea name="contactinfo" cols="40" rows="5" wrap="virtual"><?=$_SESSION['profile']['contactinfo']?></textarea></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('chgcontact')?>" />
+</form>
+<p><?=_("Please note: All html will be stripped from the contact information box, a link to an email form will automatically be inserted to ensure your privacy.")?></p>
diff --git a/pages/wot/9.php b/pages/wot/9.php
new file mode 100644
index 0000000..b974c5d
--- /dev/null
+++ b/pages/wot/9.php
@@ -0,0 +1,82 @@
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
+ if(mysql_num_rows($res) <= 0)
+ {
+ echo _("Sorry, I was unable to locate that user, the person doesn't wish to be contacted, or isn't an assurer.");
+ } else {
+
+ $user = mysql_fetch_array($res);
+ $userlang = $user['language'];
+ $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
+ where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
+ if($points <= 0)
+ {
+ echo _("Sorry, I was unable to locate that user.");
+ } else {
+
+ $_SESSION['_config']['pagehash'] = md5(date("U"));
+?>
+<? if($_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?>
+<form method="post" action="wot.php">
+<input type="hidden" name="userid" value="<?=$user['id']?>">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Contact Assurer")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("To")?>:</td>
+ <td class="DataTD" align="left"><?=$user['fname']?> <?=substr($user['lname'], 0, 1)?></td>
+ </tr>
+<? if($userlang != "") { ?>
+ <tr>
+ <td class="DataTD"><?=_("Language")?>:</td>
+ <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], $_SESSION['_config']['translations'][$userlang]) ?></td>
+ </tr>
+<? } ?>
+<?
+ $query = "select * from `addlang` where `userid`='".$user['id']."'";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'"));
+?>
+ <tr>
+ <td class="DataTD"><?=_("Additional Language")?>:</td>
+ <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), $user['fname'], $lang['lang'], $lang['country']) ?></td>
+ </tr>
+<? } ?>
+ <tr>
+ <td class="DataTD"><?=_("Subject")?>:</td>
+ <td class="DataTD" align="left"><input type="text" name="subject" value="<?=sanitizeHTML($_POST['subject'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Message")?>:</td>
+ <td class="DataTD"><textarea name="message" cols="40" rows="5" wrap="virtual"><?=sanitizeHTML($_POST['message'])?></textarea></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td>
+ </tr>
+</table>
+<input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>">
+<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
+<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
+<? } } ?>
diff --git a/pages/wot/CVS/Entries b/pages/wot/CVS/Entries
new file mode 100644
index 0000000..f79738c
--- /dev/null
+++ b/pages/wot/CVS/Entries
@@ -0,0 +1,16 @@
+/0.php/1.2/Sun Apr 6 19:45:25 2008//
+/3.php/1.4/Sun Apr 6 19:45:25 2008//
+/4.php/1.7/Sun Apr 6 19:45:25 2008//
+/7-old.php/1.4/Sun Apr 6 19:45:25 2008//
+/13.php/1.6/Mon Sep 1 22:28:14 2008//
+/14.php/1.4/Wed Sep 3 18:44:17 2008//
+/6.php/1.32/Mon Oct 6 21:29:20 2008//
+/8.php/1.5/Mon Oct 6 21:29:20 2008//
+/5.php/1.15/Fri Nov 14 23:40:25 2008//
+/12.php/1.10/Sun Apr 5 00:44:04 2009//
+/1.php/1.14/Sat Apr 25 23:23:02 2009//
+/9.php/1.16/Sun May 31 16:50:59 2009//
+/2.php/1.8/Sat Jun 6 02:40:22 2009//
+/10.php/1.16/Thu Jun 25 20:09:33 2009//
+/11.php/1.8/Thu Jun 25 20:09:33 2009//
+D
diff --git a/pages/wot/CVS/Repository b/pages/wot/CVS/Repository
new file mode 100644
index 0000000..a2bab37
--- /dev/null
+++ b/pages/wot/CVS/Repository
@@ -0,0 +1 @@
+cacert/pages/wot
diff --git a/pages/wot/CVS/Root b/pages/wot/CVS/Root
new file mode 100644
index 0000000..a363882
--- /dev/null
+++ b/pages/wot/CVS/Root
@@ -0,0 +1 @@
+/var/lib/cvs