diff options
| author | Michael Tänzer <neo@nhng.de> | 2013-07-16 23:19:26 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2013-07-16 23:19:26 +0200 |
| commit | aea694d929d09db48b008eda40fc2a77ea086e8d (patch) | |
| tree | 97261963287386ebbfb51152d9002c58c17bd5b2 /pages | |
| parent | 90dcf899dae9bff3dc9d7e7953e2841dadea178f (diff) | |
| download | cacert-aea694d929d09db48b008eda40fc2a77ea086e8d.tar.gz cacert-aea694d929d09db48b008eda40fc2a77ea086e8d.tar.xz cacert-aea694d929d09db48b008eda40fc2a77ea086e8d.zip | |
Source code taken from cacert-20130716.tar.bz2
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/account/10.php | 3 | ||||
| -rw-r--r-- | pages/account/41.php | 8 | ||||
| -rw-r--r-- | pages/account/43.php | 112 | ||||
| -rw-r--r-- | pages/account/57.php | 107 | ||||
| -rw-r--r-- | pages/account/58.php | 61 | ||||
| -rw-r--r-- | pages/index/0.php | 94 | ||||
| -rw-r--r-- | pages/index/10.php | 13 | ||||
| -rw-r--r-- | pages/index/3.php | 59 | ||||
| -rw-r--r-- | pages/index/4.php | 2 | ||||
| -rw-r--r-- | pages/wot/2.php | 25 | ||||
| -rw-r--r-- | pages/wot/4.php | 51 |
11 files changed, 374 insertions, 161 deletions
diff --git a/pages/account/10.php b/pages/account/10.php index 704a05c..a394695 100644 --- a/pages/account/10.php +++ b/pages/account/10.php @@ -26,7 +26,8 @@ <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> -<p><b>*** <?=_("Please Note. All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not. If you are a valid organisation and would like more details to appear on certificates, you will need to have at least 50 assurance points and you need to send us a copy of your document of incorporation. Then we can add those details to your certificates. Contact us for more information on our organisational services.")?> ***</b></p> +<p><b>*** <?=_("Please note: All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not.")?> ***</b></p> +<p><?=_("If you are a valid organisation and would like the organisation name in the certificates you can apply for an organisation assurance. Contact us via support@cacert.org for more information.")?></p> <form method="post" action="account.php"> <? if($_SESSION['profile']['points'] >= 50) { ?> diff --git a/pages/account/41.php b/pages/account/41.php index 4ea9b10..d61d8db 100644 --- a/pages/account/41.php +++ b/pages/account/41.php @@ -73,8 +73,12 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - echo "<option value='".sanitizeHTML($row['locale'])."'"; - echo ">".$row['country']." - ".$row['lang']."</option>\n"; + printf("<option value=\"%s\">[%s] %s (%s)</option>\n", + sanitizeHTML($row['locale']), + sanitizeHTML($row['locale']), + $row['lang'], + $row['country'] + ); } ?> </select> diff --git a/pages/account/43.php b/pages/account/43.php index 7bf6d04..234e01a 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -35,6 +35,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) { + $_REQUEST['userid'] = 0; + $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email'])); //Disabled to speed up the queries @@ -53,14 +55,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); } else { // $email contains non-digits ==> search for mail addresses // Be defensive here (outer join) if primary mail is not listed in email table - $query = "select `users`.`id` as `id`, `email`.`email` as `email` + $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) - where (`email`.`email` like '$emailsearch' + where (`email`.`email` like '$emailsearch' or `users`.`email` like '$emailsearch') and `users`.`deleted`=0 group by `users`.`id` limit 100"; } - // bug-975 ted+uli changes --- end + // bug-975 ted+uli changes --- end $res = mysql_query($query); if(mysql_num_rows($res) > 1) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> @@ -173,6 +175,10 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <input type="submit" value="Go"></form></nobr></td> </tr> <tr> + <td class="DataTD"><?=_("CCA accepted")?>:</td> + <td class="DataTD"><a href="account.php?id=57&userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td> + </tr> + <tr> <td class="DataTD"><?=_("Trainings")?>:</td> <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> </tr> @@ -338,7 +344,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <td colspan="2" class="title"><?=_("Account State")?></td> </tr> -<? +<? // --- bug-975 begin --- // potential db inconsistency like in a20110804.1 // Admin console -> don't list user account @@ -359,7 +365,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); 4. email.email = primary-email (???) or'd not covered by admin console find user routine, but may block users login 5. users.verified = 0|1 - further "special settings" + further "special settings" 6. users.locked (setting displayed in display form) 7. users.assurer_blocked (setting displayed in display form) @@ -370,7 +376,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); 1. users.verified = 1 2. users.deleted = 0 3. users.locked = 0 - 4. users.email = primary-email + 4. users.email = primary-email --- Assurer, assure someone find user query select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' @@ -384,11 +390,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); 1. email.hash = '' Yes No No 2. email.deleted = 0 Yes No No 3. users.deleted = 0 Yes Yes Yes - 4. users.verified = 1 No Yes No + 4. users.verified = 1 No Yes No 5. users.locked = 0 No Yes No 6. users.email = prim-email No Yes Yes 7. email.email = prim-email Yes No No - + full usable account needs all 7 requirements fulfilled so if one setting isn't set/cleared there is an inconsistency either way if eg email.email is not avail, admin console cannot open user info @@ -432,7 +438,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); } - + if ($drow) { $eemail = $drow['eemail']; $edeleted = $drow['edeleted']; @@ -451,11 +457,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); } if ($edeleted!=0) { $inconsistency += 8; - $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); + $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); } if ($ehash!='') { $inconsistency += 16; - $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); + $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); } } else { $inconsistency = 32; @@ -474,14 +480,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); "operations and needs to be fixed manually through arbitration/critical ". "team.")?> </td> - </tr> + </tr> <? } // --- bug-975 end --- ?> </table> <br> -<? +<? // End - Debug infos ?> @@ -510,12 +516,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $total = $drow['total']; - + $maxexpire = "0000-00-00 00:00:00"; if ($drow['maxexpire']) { $maxexpire = $drow['maxexpire']; } - + if($total > 0) { $query = "select COUNT(*) as `valid` from `domains` inner join `domaincerts` @@ -526,7 +532,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $valid = $drow['valid']; - + $query = "select COUNT(*) as `expired` from `domains` inner join `domaincerts` on `domains`.`id` = `domaincerts`.`domid` @@ -535,7 +541,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $expired = $drow['expired']; - + $query = "select COUNT(*) as `revoked` from `domains` inner join `domaincerts` on `domains`.`id` = `domaincerts`.`domid` @@ -568,12 +574,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $total = $drow['total']; - + $maxexpire = "0000-00-00 00:00:00"; if ($drow['maxexpire']) { $maxexpire = $drow['maxexpire']; } - + if($total > 0) { $query = "select COUNT(*) as `valid` from `emailcerts` @@ -583,7 +589,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $valid = $drow['valid']; - + $query = "select COUNT(*) as `expired` from `emailcerts` where `memid` = '".intval($row['id'])."' @@ -591,7 +597,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $expired = $drow['expired']; - + $query = "select COUNT(*) as `revoked` from `emailcerts` where `memid` = '".intval($row['id'])."' @@ -623,12 +629,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $total = $drow['total']; - + $maxexpire = "0000-00-00 00:00:00"; if ($drow['maxexpire']) { $maxexpire = $drow['maxexpire']; } - + if($total > 0) { $query = "select COUNT(*) as `valid` from `gpg` @@ -637,7 +643,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $valid = $drow['valid']; - + $query = "select COUNT(*) as `expired` from `emailcerts` where `memid` = '".intval($row['id'])."' @@ -645,7 +651,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $expired = $drow['expired']; - + ?> <td class="DataTD"><?=intval($total)?></td> <td class="DataTD"><?=intval($valid)?></td> @@ -662,7 +668,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); </tr> <tr> - <td class="DataTD"><?=_("Org Server")?>:</td> + <td class="DataTD"><a href="account.php?id=58&userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td> <? $query = "select COUNT(*) as `total`, MAX(`orgcerts`.`expire`) as `maxexpire` @@ -672,12 +678,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $total = $drow['total']; - + $maxexpire = "0000-00-00 00:00:00"; if ($drow['maxexpire']) { $maxexpire = $drow['maxexpire']; } - + if($total > 0) { $query = "select COUNT(*) as `valid` from `orgdomaincerts` as `orgcerts` inner join `org` @@ -688,7 +694,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $valid = $drow['valid']; - + $query = "select COUNT(*) as `expired` from `orgdomaincerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` @@ -697,7 +703,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $expired = $drow['expired']; - + $query = "select COUNT(*) as `revoked` from `orgdomaincerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` @@ -732,12 +738,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $total = $drow['total']; - + $maxexpire = "0000-00-00 00:00:00"; if ($drow['maxexpire']) { $maxexpire = $drow['maxexpire']; } - + if($total > 0) { $query = "select COUNT(*) as `valid` from `orgemailcerts` as `orgcerts` inner join `org` @@ -748,7 +754,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $valid = $drow['valid']; - + $query = "select COUNT(*) as `expired` from `orgemailcerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` @@ -757,7 +763,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $expired = $drow['expired']; - + $query = "select COUNT(*) as `revoked` from `orgemailcerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` @@ -827,7 +833,7 @@ function showassuredto() <td class="DataTD"><?=intval($drow['points'])?></td> <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> </tr> <? } ?> <tr> @@ -873,7 +879,7 @@ function showassuredby() <td class="DataTD"><?=$drow['points']?></td> <td class="DataTD"><?=$drow['location']?></td> <td class="DataTD"><?=$drow['method']?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> </tr> <? } ?> <tr> @@ -884,19 +890,21 @@ function showassuredby() </table> <? } ?> <br><br> -<? } } - -switch ($_GET['shownotary']) - { - case 'assuredto': showassuredto(); - break; - case 'assuredby': showassuredby(); - break; - case 'assuredto15': output_received_assurances(intval($_GET['userid']),1); - break; - case 'assuredby15': output_given_assurances(intval($_GET['userid']),1); - break; - } - - -?> +<? } } + +if(isset($_GET['shownotary'])) { + switch($_GET['shownotary']) { + case 'assuredto': + showassuredto(); + break; + case 'assuredby': + showassuredby(); + break; + case 'assuredto15': + output_received_assurances(intval($_GET['userid']),1); + break; + case 'assuredby15': + output_given_assurances(intval($_GET['userid']),1); + break; + } +} diff --git a/pages/account/57.php b/pages/account/57.php new file mode 100644 index 0000000..76eee27 --- /dev/null +++ b/pages/account/57.php @@ -0,0 +1,107 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + include_once($_SESSION['_config']['filepath'].'/includes/notary.inc.php'); + + if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) { + + echo _('You do not have access to this page'); + + } else { + $user_id = intval($_REQUEST['userid']); + $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + } else { + $row = mysql_fetch_assoc($res); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_('CCA agreement of').' '.sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname'])?></td> + </tr> +</table> + + +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"><b><?=_('CCA type')?></b></td> + <td class="DataTD"><b><?=_('Date')?></b></td> + <td class="DataTD"><b><?=_('Method')?></b></td> + <td class="DataTD"><b><?=_('Type')?></b></td> + </tr> +<? + $data=get_first_user_agreement($user_id,1); + if (!isset($data['active'])){ + $type=''; + }else{ + $type=_('active'); + } +?> + <tr> + <td class="DataTD"><?=_('First active CCA')?></td> + <td class="DataTD"><?=$data['date']?></td> + <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=$type?></td> + </tr> +<? + $data=get_first_user_agreement($user_id,0); + if (!isset($data['active'])){ + $type=""; + }else{ + $type=_('passive'); + } +?> + <tr> + <td class="DataTD"><?=_('First passive CCA')?></td> + <td class="DataTD"><?=$data['date']?></td> + <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=$type?></td> + </tr> +<? + $data=get_last_user_agreement($user_id); + if (!isset($data['active'])){ + $type=""; + }elseif($data['active']==1){ + $type=_('active'); + }else{ + $type=_('passive'); + } +?> + <tr> + <td class="DataTD"><?=_('Last CCA')?></td> + <td class="DataTD"><?=$data['date']?></td> + <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=$type?></td> + </tr> +</table> +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> +<? + if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) { +?> + <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=$user_id ?>">back</a></td></tr> +<? } +?> </table> +<? + } +} +?> diff --git a/pages/account/58.php b/pages/account/58.php new file mode 100644 index 0000000..1f6b1a0 --- /dev/null +++ b/pages/account/58.php @@ -0,0 +1,61 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) { + echo _('You do not have access to this page'); +} else { + $user_id = intval($_REQUEST['userid']); + $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) != 1){ + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + } else { + if ($row = mysql_fetch_assoc($res)){ + $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']); + $query = "select `orginfo`.`o`, `org`.`masteracc` + FROM `orginfo`, `org` + WHERE `orginfo`.`id` = `org`.`orgid` + AND `org`.`memid`='$user_id' order by `orginfo`.`o`"; + $res1 = mysql_query($query);?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"><? + if (mysql_num_rows($res1) <= 0) {?> + <tr> + <td colspan="2" class="title"><?=sprintf(_('%s is not listed as Organisation Administrator'), $username)?></td> + </tr> + <?}else{?> + <tr> + <td colspan="2" class="title"><?=sprintf(_('%s is listed as Organisation Administrator for:'), $username)?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_('Organisation')?></b></td> + <td class="DataTD"><b><?=_('Masteraccount')?></b></td> + </tr><? + while($drow = mysql_fetch_assoc($res1)){?> + <tr> + <td class="DataTD"><?=$drow['o']?></td> + <td class="DataTD"><?=$drow['masteracc'] ? _("Yes") : _("No") ?></td> + </tr> + <?} + } + ?></table> +<? }else{ + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + } + } +} +?> diff --git a/pages/index/0.php b/pages/index/0.php index 81ab2b1..a2c2e5a 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -29,61 +29,47 @@ <div class="newsbox"> <? -/* - $query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 5"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { - echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n"; - if($row['story'] != "") - echo "<p>[ <a href='news.php?id=".$row['id']."'>"._("Full Story")."</a> ]</p>\n"; - } - if(mysql_num_rows(mysql_query("select * from `news`")) > 2) - echo "<p>[ <a href='news.php'>"._("More News Items")."</a> ]</p>"; -*/ - $rss = ""; - $open = $items = 0; - $fp = @fopen("/www/pages/index/feed.rss", "r"); - if($fp) - { - echo '<p id="lnews">'._('Latest News').'</p>'; - - - while(!feof($fp)) - $rss .= trim(fgets($fp, 4096)); - fclose($fp); - $rss = str_replace("><", ">\n<", $rss); - $lines = explode("\n", $rss); - foreach($lines as $line) - { - $line = trim($line); - - if($line != "<item>" && $open == 0) - continue; - - if($line == "<item>" && $open == 0) - { - $open = 1; - continue; - } - - if($line == "</item>" && $open == 1) - { - $items++; - if($items >= 3) - break; - $open == 0; - continue; - } - if(substr($line, 0, 7) == "<title>") - echo "<h3>".str_replace("&#", "&#", recode_string("UTF8..html", str_replace("&", "", trim(substr($line, 7, -8)))))."</h3>\n"; - if(substr($line, 0, 13) == "<description>") - echo "<p>".str_replace("&#", "&#", recode_string("UTF8..html", str_replace("&", "", trim(substr($line, 13, -14)))))."</p>\n"; - if(substr($line, 0, 6) == "<link>") - echo "<p>[ <a href='".trim(substr($line, 6, -7))."'>"._("Full Story")."</a> ]</p>\n"; + printf("<p id='lnews'>%s</p>\n\n",_('Latest News')); + + $xml = "/www/pages/index/feed.rss"; // FIXME: use relative path to allow operation with different document root + $dom = new DOMDocument(); + $dom->preserveWhiteSpace = false; + $dom->Load($xml); + + $xpath = new DOMXPath($dom); //Create an XPath query + + $query = "//channel/item"; + $items = $xpath->query($query); + + $count = 0; + foreach($items as $id => $item) { + $query = "./title"; + $nodeList = $xpath->query($query, $item); + $title = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue); + + $query = "./link"; + $nodeList = $xpath->query($query, $item); + $link = htmlspecialchars($nodeList->item(0)->nodeValue); + + $query = "./description"; + $nodeList = $xpath->query($query, $item); + $description = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue); + + printf("<h3> %s </h3>\n", $title); + printf("<p> %s </p>\n", $description); + printf("<p>[<a href=\"%s\"> %s </a> ] </p>\n\n", $link,_("Full Story")); + + $title = ''; + $description = ''; + $link = ''; + + $count++; + if ($count >= 3) { + break; } } ?> + [ <a href="http://blog.CAcert.org/"><?=_('More News Items')?></a> ] </div> <hr/> @@ -118,8 +104,7 @@ <p><?=_("If you are located in Australia, use bank transfer instead.")?></p> <p><?=_("CAcert bank account details:")?></p> - -<ul> +<ul class="no_indent"> <li>Account Name: CAcert Inc</li> <li>SWIFT: WPACAU2S</li> <li>BSB: 032073</li> @@ -128,4 +113,3 @@ <br /><br /> <?=_("If you want to participate in CAcert.org, have a look")?> <a href="http://wiki.cacert.org/wiki/HelpingCAcert"><?=_("here")?></a> <?=_("and")?> <a href="http://wiki.cacert.org/wiki/SystemTasks"><?=_("here")?></a>. - diff --git a/pages/index/10.php b/pages/index/10.php index 9e09bb8..7280e09 100644 --- a/pages/index/10.php +++ b/pages/index/10.php @@ -14,11 +14,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<p style="background-color: #FF8080; font-size: 150%"> -<? -printf(_('This page has been moved to the %spolicy directory%s. Please update '. - 'your bookmarks and report any broken links.'), - '<a href="/policy/PrivacyPolicy.html">', '</a>'); -?> -</p> +*/ + + header('HTTP/1.0 301 Moved Permanently'); + header('Location: http://www.cacert.org/policy/CertificationPracticeStatement.php'); + exit(); diff --git a/pages/index/3.php b/pages/index/3.php index c2cb391..a107c29 100644 --- a/pages/index/3.php +++ b/pages/index/3.php @@ -18,38 +18,45 @@ <p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.php'>","</a>")?></p> -<p> -Class 1 <?=_("PKI Key")?><br> -<a href="index.php?id=17"><?=_("Click here if you want to import the root certificate into Microsoft Internet Explorer 5.x/6.x")?></a><br> -<a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a><br> -<a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a><br> -<a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a><br> -<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a><br> -<?=_("Fingerprint")?> SHA1: 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33<br/> -<?=_("Fingerprint")?> MD5: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B<br/> -</p> +<h3><?=_("Windows Installer") ?></h3> +<ul class="no_indent"> + <li><? printf(_("%s Windows installer package %s for browsers that use the Windows certificate store %s (for example Internet Explorer, Chrome on Windows and Safari on Windows)"), '<a href="certs/CAcert_Root_Certificates.msi">', '</a>', '<br/>')?></li> + <li><?=_("SHA1 Hash:") ?> 2db1957db31aa0d778d1a65ea146760ee1e67611</li> + <li><?=_("SHA256 Hash:") ?> 88883f2e3117bae6f43922fbaef8501b94efe4143c12116244ca5d0c23bcbb16</li> +</ul> -<p> -Class 3 <?=_("PKI Key")?><br> -<a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a><br/> -<a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a><br/> -<a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a><br/> -<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a><br/> +<h3><?=_("Class 1 PKI Key")?></h3> +<ul class="no_indent"> + <li><a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a></li> + <li><a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a></li> + <li><a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a></li> + <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a></li> + <li><?=_("SHA1 Fingerprint:")?> 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33</li> + <li><?=_("MD5 Fingerprint:")?> A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B</li> +</ul> + +<h3><?=_("Class 3 PKI Key")?></h3> +<ul class="no_indent"> + <li><a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li> + <li><a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a></li> + <li><a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li> + <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a></li> <?php /* class3 subroot fingerprint updated: 2011-05-23 class3 Re-sign project https://wiki.cacert.org/Roots/Class3ResignProcedure/Migration */ ?> -<?=_("Fingerprint")?> SHA1: AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE<br/> -<?=_("Fingerprint")?> MD5: F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42<br/> -</p> + <li><?=_("SHA1 Fingerprint:")?> AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE</li> + <li><?=_("MD5 Fingerprint:")?> F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42</li> +</ul> -<p> -<?=_("GPG Key")?><br> -<a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a><br> -</p> +<h3><?=_("GPG Key")?></h3> +<ul class="no_indent"> + <li><a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a></li> + <li><?=_("GPG Key ID:")?> 0x65D0FD58</li> + <li><?=_("Fingerprint:")?> A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58</li> +</ul> -<p> -<?=_("PKI finger/thumb print signed by the CAcert GPG Key")?><br> +<h4><?=_("PKI fingerprint signed by the CAcert GPG Key")?></h4> <pre> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @@ -82,8 +89,8 @@ TG1yj+lkktROGGyn0hJ5SbM= =tXoj -----END PGP SIGNATURE----- </pre> -</p> +<h3><?=_("History")?></h3> <p> <? printf(_('An overview over all CA certificates ever issued can be found in '. '%sthe wiki%s.'), diff --git a/pages/index/4.php b/pages/index/4.php index 9eb90af..384ea56 100644 --- a/pages/index/4.php +++ b/pages/index/4.php @@ -25,7 +25,7 @@ ?> <? if($_SESSION['_config']['hostname'] == $_SESSION['_config']['securehostname']) { ?> -<p><?=_("Warning! You've attempted to log into the system with a client certificate, but the login failed due to the certificate being expired, revoked, disabled for certificate login, or simply not valid for this site. You can login using your Email/Pass Phrase to get a new certificate, by clicking on 'Normal Login' to the right of your screen.")?></p> +<p><?=sprintf(_("Warning! You've attempted to log into the system with a client certificate, but the login failed due to the certificate being expired, revoked, disabled for certificate login, or simply not valid for this site. You can login using your email/pass phrase to get a new certificate, by clicking on %sPassword Login%s on the right side of this page."),"<a href='https://".$_SESSION['_config']['normalhostname']."/index.php?id=4'>", "</a>")?></p> <? } else { ?> <style> .box2 {width:100%;text-align:center;} diff --git a/pages/wot/2.php b/pages/wot/2.php index a75bc57..eda77bb 100644 --- a/pages/wot/2.php +++ b/pages/wot/2.php @@ -15,22 +15,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<span style="background-color: #FF8080; font-size: 150%"> -Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br> -Until a subsidiary policy under AP is written, it is against AP rules.<br> -</span> - <br> -<h3><?=_("To become an Assurer")?></h3> -<p><?=_("There are several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!).")?></p> +<h3><?=_('To become an Assurer')?></h3> -<p><?=_("You can also become a CAcert Assurer by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p> +<p><?=_('To become a CAcert Assurer you need to fulfill the following requirements:')?></p> +<ol> + <li><?=_('You have to reach 100 Assurance points')?></li> + <li><?=_('You have to pass the CATS test')?></li> +</ol> -<p>CAcert Inc.<br> -P.O. Box 4107<br> -Denistone East NSW 2112<br> -Australia</p> +<p><?=_('To reach 100 Assurance Points you have to meet with assurers who assure you under the CAcert Assurance Programme according to Assurance Policy. During the face to face meeting you need to show at least one governmental issued photo ID.')?></p> + +<p><?=sprintf(_('The 2nd requirement in becoming assurer is to pass the CAcert Assurer Challenge, which can be started at %s. For more information explore the wiki regarding the %s.'),'<a href="https://cats.cacert.org">https://cats.cacert.org</a>','<a href="//wiki.cacert.org/AssurerChallenge">Assurer Challenge</a>')?><p> + +<p><?=sprintf(_('In case you cannot meet an Assurer (eg there are not many assurer in your area) you can be assured under the alternate %sTTP-assisted-assurance programme%s. Read the pages %s for the basic way how the TTP-assisted-assurance programme works for you and %s whether the TTP programme affects the country where you are located.'),'<a href="/wot.php?id=4">', '</a>','<a href="//wiki.cacert.org/TTP/TTPuser">TTPuser</a>','<a href="//wiki.cacert.org/TTP/TTPAL">TTPAL</a>')?> </p> -<p><?=_("Upon receiving your documents you will be notified, and points will be added to your account.")?></p> -<p><?=_("Once you have received at least 100 Assurance Points you will have to pass a test called Assurer Challenge, which can be started at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>!'?></p> diff --git a/pages/wot/4.php b/pages/wot/4.php index 04997ba..befdfe4 100644 --- a/pages/wot/4.php +++ b/pages/wot/4.php @@ -14,7 +14,9 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> +*/ +require_once(dirname(__FILE__).'/../../includes/wot.inc.php'); +?> <h3><?=_("Trusted Third Parties")?></h3> @@ -32,4 +34,49 @@ <p><?=sprintf(_("If you are interested in the TTP programme, read the pages %s for the basic way how the TTP programme works for you, and %s whether the TTP programme affects the country where you are located."),"<a href='//wiki.cacert.org/TTP/TTPuser'>https://wiki.cacert.org/TTP/TTPuser</a>","<a href='//wiki.cacert.org/TTP/TTPAL'>https://wiki.cacert.org/TTP/TTPAL</a>")?> </p> -<p><?=sprintf(_("If you want to take part in the TTP programme, send an email to %s with your name, the main email address of your CAcert account and the country that you want to see the TTP. CAcert will then send you the needed forms and guide you through the process."),"<a href='mailto:support@cacert.org'>support@cacert.org</a>")?></p> +<? +// test for points <100 +if ($_SESSION['profile']['points']<100){ + // test for TTP assurances + if (get_number_of_ttpassurances(intval($_SESSION['profile']['id']))<2){?> + <p><?=_("If you want to ask for TTP assurances fill out the missing data and send the request to support@cacert.org to start the process. CAcert will then inform you about the next steps.")?></p> + <form method="post" action="wot.php"> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"><?=_("Country where you want to visit the TTP")?></td> + <td class="DataTD"><select size="1" name="country"> + <option>Australia</option> + <option>Puerto Rico</option> + <option>USA</option> + </select></td> + </tr> + <tr> + <td class="DataTD"><?=_("I want to take part in the TTP Topup programme")?></td> + <td class="DataTD"><input type="checkbox" name="ttptopup" value="1"></td> + </tr> + <tr> + <td colspan="2" > + <input type="hidden" name="oldid" value="<?=intval($id)?>"> + <input type="submit" name="ttp" value="<?=_("I need a TTP assurance")?>"> + </td> + </tr> + </table> + </form> +<? //" + } else { + /* As soon as the TPP TOPUP Programme is established this routine should be used + <p><?=_("As you have already got 2 TTP assurances you can only take part in the TTP TOPUP programme. If you want to ask for the TTP TOPUP programme use the submit button to send the request to support@cacert.org to start the process. CAcert will then inform you about the next steps.")?></p> + <form method="post" action="wot.php"> + <input type="hidden" name="oldid" value="<?=intval($id)?>"> + <input type="submit" name="ttptopup" value="<?=_("I need a TTP TOPUP")?>"> + </form> +*/ +?> + <p><?=_("We are working to develop the TTP TOPUP process to be able to fill the gap of the missing 30 assurance points to 100 assurance points. Meanwhile you have to close this gap with face to face assurances from CAcert Assurers. Think not only travelling to populated countries, but as well to assurers visiting your country or area.")?></p> +<? + } +} else { +?> + <p><?=_("You reached the maximum points that can be granted by the TTP programme and therefore you cannot take part in the TTP programme any more.")?></p> +<? +} |