diff options
32 files changed, 1239 insertions, 252 deletions
diff --git a/CommModule/server.pl b/CommModule/server.pl index c70bc9a..6084042 100755 --- a/CommModule/server.pl +++ b/CommModule/server.pl @@ -955,10 +955,10 @@ sub analyze($) if($bytes[1] == 0) # NUL Request { SysLog "NUL Request detected.\n"; - if($fields[1]) + if($fields[1] =~ /^\d+\.\d+$/) { open OUT,">timesync.sh"; - print OUT "date -u $fields[1]\n"; + print OUT "date -u '$fields[1]'\n"; print OUT "hwclock --systohc\n"; close OUT; } diff --git a/includes/account.php b/includes/account.php index 496c7ca..cc2c581 100644 --- a/includes/account.php +++ b/includes/account.php @@ -622,10 +622,31 @@ { $row = mysql_fetch_assoc($res); echo $row['domain']."<br>\n"; - mysql_query("update `domains` set `deleted`=NOW() where `id`='$id'"); - $dres = mysql_query("select * from `domlink` where `domid`='$id'"); + + $dres = mysql_query( + "select `domaincerts`.`id` + from `domaincerts` + where `domaincerts`.`domid` = '$id' + union distinct + select `domaincerts`.`id` + from `domaincerts`, `domlink` + where `domaincerts`.`id` = `domlink`.`certid` + and `domlink`.`domid` = '$id'"); while($drow = mysql_fetch_assoc($dres)) - mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0"); + { + mysql_query( + "update `domaincerts` + set `revoked`='1970-01-01 10:00:01' + where `id` = '".$drow['id']."' + and `revoked` = 0 + and UNIX_TIMESTAMP(`expire`) - + UNIX_TIMESTAMP() > 0"); + } + + mysql_query( + "update `domains` + set `deleted`=NOW() + where `id` = '$id'"); } } } diff --git a/includes/account_stuff.php b/includes/account_stuff.php index 148a0ac..b9544e0 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -262,6 +262,7 @@ function hideall() { <ul class="menu" id="advertising"><li><a href="advertising.php?id=1"><?=_("New Ad")?></a></li><li><a href="advertising.php?id=0"><?=_("View Ads")?></a></li></ul> </div> <? } ?> + <? include("about_menu.php"); ?> </div> <div id="content"> <div class="story"> diff --git a/includes/general.php b/includes/general.php index d762586..d89c0e6 100644 --- a/includes/general.php +++ b/includes/general.php @@ -21,10 +21,10 @@ session_name("cacert"); session_start(); - session_register("_config"); - session_register("profile"); - session_register("signup"); - session_register("lostpw"); +// session_register("_config"); +// session_register("profile"); +// session_register("signup"); +// session_register("lostpw"); // if($_SESSION['profile']['id'] > 0) // session_regenerate_id(); @@ -536,17 +536,22 @@ $myemail = mysql_real_escape_string($email); if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email)) { - list($username,$domain)=split('@',$email); + list($username,$domain)=explode('@',$email,2); $dom = escapeshellarg($domain); $line = trim(`dig +short MX $dom 2>&1`); #echo $email."-$dom-$line-\n"; #echo `dig +short mx heise.de 2>&1`."-<br>\n"; $list = explode("\n", $line); - foreach($list as $row) - list($pri, $mxhosts[]) = explode(" ", substr(trim($row), 0, -1)); + foreach($list as $row) { + if(!strstr($row, " ")) { + continue; + } + list($pri, $mxhosts[]) = explode(" ", trim($row), 2); + } $mxhosts[] = $domain; -#print_r($mxhosts); die; + array_walk($mxhosts, function(&$mx) { $mx = trim($mx, '.'); } ); + foreach($mxhosts as $key => $domain) { $fp = @fsockopen($domain,25,$errno,$errstr,5); @@ -797,4 +802,5 @@ return $res; } + ?> diff --git a/includes/loggedin.php b/includes/loggedin.php index 5734fad..4f9b8e8 100644 --- a/includes/loggedin.php +++ b/includes/loggedin.php @@ -18,20 +18,29 @@ include_once("../includes/lib/general.php"); require_once("../includes/lib/l10n.php"); + include_once("../includes/mysql.php"); + + if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) { + $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 ); + } + if(!isset($_SESSION['profile']['id']) || !isset($_SESSION['profile']['loggedin'])) { + $_SESSION['profile']['id'] = 0; + $_SESSION['profile']['loggedin'] = 0; + } if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0) { $uid = $_SESSION['profile']['id']; $_SESSION['profile']['loggedin'] = 0; $_SESSION['profile'] = ""; - foreach($_SESSION as $key) + foreach($_SESSION as $key => $value) { - if($key == '_config') + if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; if(is_int($key) || is_string($key)) unset($_SESSION[$key]); - unset($$key); - session_unregister($key); + unset($$key); + //session_unregister($key); } $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'")); @@ -50,14 +59,14 @@ { $_SESSION['profile']['loggedin'] = 0; $_SESSION['profile'] = ""; - foreach($_SESSION as $key) + foreach($_SESSION as $key => $value) { - if($key == '_config') + if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; if(is_int($key) || is_string($key)) unset($_SESSION[$key]); - unset($$key); - session_unregister($key); + unset($$key); + //session_unregister($key); } $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( @@ -69,16 +78,16 @@ } else { $_SESSION['profile']['loggedin'] = 0; $_SESSION['profile'] = ""; - foreach($_SESSION as $key) + foreach($_SESSION as $key => $value) { - if($key == '_config') + if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; - unset($_SESSION[$key]); - unset($$key); - session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } - unset($_SESSION['_config']['oldlocation']); + $_SESSION['_config']['oldlocation'] = ''; foreach($_GET as $key => $val) { @@ -127,9 +136,9 @@ $_SESSION['profile'] = ""; foreach($_SESSION as $key => $value) { - unset($_SESSION[$key]); - unset($$key); - session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } header("location: https://".$normalhost."/index.php"); @@ -138,11 +147,11 @@ if($_SESSION['profile']['loggedin'] < 1) { - unset($_SESSION['_config']['oldlocation']); + $_SESSION['_config']['oldlocation'] = ''; foreach($_REQUEST as $key => $val) { - if($_SESSION['_config']['oldlocation']) + if('' != $_SESSION['_config']['oldlocation']) $_SESSION['_config']['oldlocation'] .= "&"; $key = str_replace(array("\n", "\r"), '', $key); diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample index eb86401..10185fc 100644 --- a/includes/mysql.php.sample +++ b/includes/mysql.php.sample @@ -64,7 +64,8 @@ fputs($smtp, "DATA\r\n"); $InputBuffer = fgets($smtp, 1024); fputs($smtp, "X-Mailer: CAcert.org Website\r\n"); - fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n"); + if (array_key_exists("REMOTE_ADDR", $_SERVER)) + fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n"); fputs($smtp, "Sender: $errorsto\r\n"); fputs($smtp, "Errors-To: $errorsto\r\n"); if($replyto != "") diff --git a/includes/notary.inc.php b/includes/notary.inc.php index cc0e0eb..d6f86a8 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -14,7 +14,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ +*/ function query_init ($query) { @@ -52,8 +52,8 @@ function get_top_assurer_position ($no_of_assurances) { - $res = query_init ("SELECT count(*) AS `list` FROM `notary` - WHERE `method` = 'Face to Face Meeting' + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE `method` = 'Face to Face Meeting' GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'"); return intval(query_get_number_of_rows($res)+1); } @@ -83,7 +83,7 @@ $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method"); return $res; } - + function get_received_assurances_summary ($userid) { $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method"); @@ -129,7 +129,7 @@ $awarded = 100; } else - $experience = 0; + $experience = 0; switch ($row['method']) { @@ -303,7 +303,7 @@ ?> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td> -<? } +<? } ?> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td> <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td> @@ -319,7 +319,7 @@ <td class="DataTD" <?=$tdstyle?>> </td> <? } else { ?> - <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&userid=<?=intval($userid)?>&assurance=<?=intval($assuranceid)?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a><?=$emclose?></td> + <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&userid=<?=intval($userid)?>&assurance=<?=intval($assuranceid)?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td> <? } } @@ -374,7 +374,7 @@ $res = get_given_assurances(intval($userid)); while($row = mysql_fetch_assoc($res)) { - $fromuser = get_user (intval($row['to'])); + $fromuser = get_user (intval($row['to'])); $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked); $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to'])); $email = show_email_link ($fromuser['email'],intval($row['to'])); @@ -602,4 +602,74 @@ <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> <? } + + //functions to do with recording user agreements + function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){ + // write a new record to the table user_agreement + $query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid. + ",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ; + $res = mysql_query($query); + } + + function get_user_agreement_status($memid, $type="CCA"){ + //returns 0 - no user agreement, 1- at least one entry + $query="SELECT u.`document` FROM `user_agreements` u + WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ; + $res = mysql_query($query); + if(mysql_num_rows($res) <=0){ + return 0; + }else{ + return 1; + } + } + + function get_first_user_agreement($memid, $active=1, $type="CCA"){ + //returns an array (`document`,`date`,`method`, `comment`,`active`) + if($active==1){ + $filter="u.`memid`=".$memid; + }else{ + $filter="u.`secmemid`=".$memid; + } + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u + WHERE u.`document` = '".$type."' AND ".$filter." + ORDER BY u.`date` Limit 1;"; + $res = mysql_query($query); + if(mysql_num_rows($res) >0){ + $row = mysql_fetch_assoc($res); + $rec['document']= $row['document']; + $rec['date']= $row['date']; + $rec['method']= $row['method']; + $rec['comment']= $row['comment']; + $rec['active']= $row['active']; + }else{ + $rec=array(); + } + return $rec; + } + + function get_last_user_agreement($memid, $type="CCA"){ + //returns an array (`document`,`date`,`method`, `comment`,`active`) + $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1) + union + (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; + $res = mysql_query($query); + if(mysql_num_rows($res) >0){ + $row = mysql_fetch_assoc($res); + $rec['document']= $row['document']; + $rec['date']= $row['date']; + $rec['method']= $row['method']; + $rec['comment']= $row['comment']; + $rec['active']= $row['active']; + }else{ + $rec=array(); + } + return $rec; +} + + function delete_user_agreement($memid, $type="CCA"){ + //deletes all entries to an user for the given type of user agreements + mysql_query("delete from `user_agreements` where `memid`='".$memid."'"); + mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'"); + } + ?> diff --git a/includes/wot.inc.php b/includes/wot.inc.php index 6b3bcc8..9471bee 100644 --- a/includes/wot.inc.php +++ b/includes/wot.inc.php @@ -40,6 +40,15 @@ return intval($row['list']); } + + function get_number_of_ttpassurances ($userid) + { + $res = query_init ("SELECT count(*) AS `list` FROM `notary` + WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' "); + $row = query_getnextrow($res); + + return intval($row['list']); + } function get_number_of_assurees ($userid) { diff --git a/pages/account/10.php b/pages/account/10.php index 704a05c..a394695 100644 --- a/pages/account/10.php +++ b/pages/account/10.php @@ -26,7 +26,8 @@ <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> -<p><b>*** <?=_("Please Note. All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not. If you are a valid organisation and would like more details to appear on certificates, you will need to have at least 50 assurance points and you need to send us a copy of your document of incorporation. Then we can add those details to your certificates. Contact us for more information on our organisational services.")?> ***</b></p> +<p><b>*** <?=_("Please note: All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not.")?> ***</b></p> +<p><?=_("If you are a valid organisation and would like the organisation name in the certificates you can apply for an organisation assurance. Contact us via support@cacert.org for more information.")?></p> <form method="post" action="account.php"> <? if($_SESSION['profile']['points'] >= 50) { ?> diff --git a/pages/account/41.php b/pages/account/41.php index 4ea9b10..d61d8db 100644 --- a/pages/account/41.php +++ b/pages/account/41.php @@ -73,8 +73,12 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - echo "<option value='".sanitizeHTML($row['locale'])."'"; - echo ">".$row['country']." - ".$row['lang']."</option>\n"; + printf("<option value=\"%s\">[%s] %s (%s)</option>\n", + sanitizeHTML($row['locale']), + sanitizeHTML($row['locale']), + $row['lang'], + $row['country'] + ); } ?> </select> diff --git a/pages/account/43.php b/pages/account/43.php index 7bf6d04..234e01a 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -35,6 +35,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) { + $_REQUEST['userid'] = 0; + $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email'])); //Disabled to speed up the queries @@ -53,14 +55,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); } else { // $email contains non-digits ==> search for mail addresses // Be defensive here (outer join) if primary mail is not listed in email table - $query = "select `users`.`id` as `id`, `email`.`email` as `email` + $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) - where (`email`.`email` like '$emailsearch' + where (`email`.`email` like '$emailsearch' or `users`.`email` like '$emailsearch') and `users`.`deleted`=0 group by `users`.`id` limit 100"; } - // bug-975 ted+uli changes --- end + // bug-975 ted+uli changes --- end $res = mysql_query($query); if(mysql_num_rows($res) > 1) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> @@ -173,6 +175,10 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <input type="submit" value="Go"></form></nobr></td> </tr> <tr> + <td class="DataTD"><?=_("CCA accepted")?>:</td> + <td class="DataTD"><a href="account.php?id=57&userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td> + </tr> + <tr> <td class="DataTD"><?=_("Trainings")?>:</td> <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> </tr> @@ -338,7 +344,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); <td colspan="2" class="title"><?=_("Account State")?></td> </tr> -<? +<? // --- bug-975 begin --- // potential db inconsistency like in a20110804.1 // Admin console -> don't list user account @@ -359,7 +365,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); 4. email.email = primary-email (???) or'd not covered by admin console find user routine, but may block users login 5. users.verified = 0|1 - further "special settings" + further "special settings" 6. users.locked (setting displayed in display form) 7. users.assurer_blocked (setting displayed in display form) @@ -370,7 +376,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); 1. users.verified = 1 2. users.deleted = 0 3. users.locked = 0 - 4. users.email = primary-email + 4. users.email = primary-email --- Assurer, assure someone find user query select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' @@ -384,11 +390,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); 1. email.hash = '' Yes No No 2. email.deleted = 0 Yes No No 3. users.deleted = 0 Yes Yes Yes - 4. users.verified = 1 No Yes No + 4. users.verified = 1 No Yes No 5. users.locked = 0 No Yes No 6. users.email = prim-email No Yes Yes 7. email.email = prim-email Yes No No - + full usable account needs all 7 requirements fulfilled so if one setting isn't set/cleared there is an inconsistency either way if eg email.email is not avail, admin console cannot open user info @@ -432,7 +438,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); } - + if ($drow) { $eemail = $drow['eemail']; $edeleted = $drow['edeleted']; @@ -451,11 +457,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); } if ($edeleted!=0) { $inconsistency += 8; - $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); + $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); } if ($ehash!='') { $inconsistency += 16; - $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); + $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); } } else { $inconsistency = 32; @@ -474,14 +480,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); "operations and needs to be fixed manually through arbitration/critical ". "team.")?> </td> - </tr> + </tr> <? } // --- bug-975 end --- ?> </table> <br> -<? +<? // End - Debug infos ?> @@ -510,12 +516,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $total = $drow['total']; - + $maxexpire = "0000-00-00 00:00:00"; if ($drow['maxexpire']) { $maxexpire = $drow['maxexpire']; } - + if($total > 0) { $query = "select COUNT(*) as `valid` from `domains` inner join `domaincerts` @@ -526,7 +532,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $valid = $drow['valid']; - + $query = "select COUNT(*) as `expired` from `domains` inner join `domaincerts` on `domains`.`id` = `domaincerts`.`domid` @@ -535,7 +541,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $expired = $drow['expired']; - + $query = "select COUNT(*) as `revoked` from `domains` inner join `domaincerts` on `domains`.`id` = `domaincerts`.`domid` @@ -568,12 +574,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $total = $drow['total']; - + $maxexpire = "0000-00-00 00:00:00"; if ($drow['maxexpire']) { $maxexpire = $drow['maxexpire']; } - + if($total > 0) { $query = "select COUNT(*) as `valid` from `emailcerts` @@ -583,7 +589,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $valid = $drow['valid']; - + $query = "select COUNT(*) as `expired` from `emailcerts` where `memid` = '".intval($row['id'])."' @@ -591,7 +597,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $expired = $drow['expired']; - + $query = "select COUNT(*) as `revoked` from `emailcerts` where `memid` = '".intval($row['id'])."' @@ -623,12 +629,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $total = $drow['total']; - + $maxexpire = "0000-00-00 00:00:00"; if ($drow['maxexpire']) { $maxexpire = $drow['maxexpire']; } - + if($total > 0) { $query = "select COUNT(*) as `valid` from `gpg` @@ -637,7 +643,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $valid = $drow['valid']; - + $query = "select COUNT(*) as `expired` from `emailcerts` where `memid` = '".intval($row['id'])."' @@ -645,7 +651,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $expired = $drow['expired']; - + ?> <td class="DataTD"><?=intval($total)?></td> <td class="DataTD"><?=intval($valid)?></td> @@ -662,7 +668,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); </tr> <tr> - <td class="DataTD"><?=_("Org Server")?>:</td> + <td class="DataTD"><a href="account.php?id=58&userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td> <? $query = "select COUNT(*) as `total`, MAX(`orgcerts`.`expire`) as `maxexpire` @@ -672,12 +678,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $total = $drow['total']; - + $maxexpire = "0000-00-00 00:00:00"; if ($drow['maxexpire']) { $maxexpire = $drow['maxexpire']; } - + if($total > 0) { $query = "select COUNT(*) as `valid` from `orgdomaincerts` as `orgcerts` inner join `org` @@ -688,7 +694,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $valid = $drow['valid']; - + $query = "select COUNT(*) as `expired` from `orgdomaincerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` @@ -697,7 +703,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $expired = $drow['expired']; - + $query = "select COUNT(*) as `revoked` from `orgdomaincerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` @@ -732,12 +738,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $total = $drow['total']; - + $maxexpire = "0000-00-00 00:00:00"; if ($drow['maxexpire']) { $maxexpire = $drow['maxexpire']; } - + if($total > 0) { $query = "select COUNT(*) as `valid` from `orgemailcerts` as `orgcerts` inner join `org` @@ -748,7 +754,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $valid = $drow['valid']; - + $query = "select COUNT(*) as `expired` from `orgemailcerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` @@ -757,7 +763,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $expired = $drow['expired']; - + $query = "select COUNT(*) as `revoked` from `orgemailcerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` @@ -827,7 +833,7 @@ function showassuredto() <td class="DataTD"><?=intval($drow['points'])?></td> <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> </tr> <? } ?> <tr> @@ -873,7 +879,7 @@ function showassuredby() <td class="DataTD"><?=$drow['points']?></td> <td class="DataTD"><?=$drow['location']?></td> <td class="DataTD"><?=$drow['method']?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> </tr> <? } ?> <tr> @@ -884,19 +890,21 @@ function showassuredby() </table> <? } ?> <br><br> -<? } } - -switch ($_GET['shownotary']) - { - case 'assuredto': showassuredto(); - break; - case 'assuredby': showassuredby(); - break; - case 'assuredto15': output_received_assurances(intval($_GET['userid']),1); - break; - case 'assuredby15': output_given_assurances(intval($_GET['userid']),1); - break; - } - - -?> +<? } } + +if(isset($_GET['shownotary'])) { + switch($_GET['shownotary']) { + case 'assuredto': + showassuredto(); + break; + case 'assuredby': + showassuredby(); + break; + case 'assuredto15': + output_received_assurances(intval($_GET['userid']),1); + break; + case 'assuredby15': + output_given_assurances(intval($_GET['userid']),1); + break; + } +} diff --git a/pages/account/57.php b/pages/account/57.php new file mode 100644 index 0000000..76eee27 --- /dev/null +++ b/pages/account/57.php @@ -0,0 +1,107 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + include_once($_SESSION['_config']['filepath'].'/includes/notary.inc.php'); + + if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) { + + echo _('You do not have access to this page'); + + } else { + $user_id = intval($_REQUEST['userid']); + $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + } else { + $row = mysql_fetch_assoc($res); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_('CCA agreement of').' '.sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname'])?></td> + </tr> +</table> + + +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"><b><?=_('CCA type')?></b></td> + <td class="DataTD"><b><?=_('Date')?></b></td> + <td class="DataTD"><b><?=_('Method')?></b></td> + <td class="DataTD"><b><?=_('Type')?></b></td> + </tr> +<? + $data=get_first_user_agreement($user_id,1); + if (!isset($data['active'])){ + $type=''; + }else{ + $type=_('active'); + } +?> + <tr> + <td class="DataTD"><?=_('First active CCA')?></td> + <td class="DataTD"><?=$data['date']?></td> + <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=$type?></td> + </tr> +<? + $data=get_first_user_agreement($user_id,0); + if (!isset($data['active'])){ + $type=""; + }else{ + $type=_('passive'); + } +?> + <tr> + <td class="DataTD"><?=_('First passive CCA')?></td> + <td class="DataTD"><?=$data['date']?></td> + <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=$type?></td> + </tr> +<? + $data=get_last_user_agreement($user_id); + if (!isset($data['active'])){ + $type=""; + }elseif($data['active']==1){ + $type=_('active'); + }else{ + $type=_('passive'); + } +?> + <tr> + <td class="DataTD"><?=_('Last CCA')?></td> + <td class="DataTD"><?=$data['date']?></td> + <td class="DataTD"><?=$data['method']?></td> + <td class="DataTD"><?=$type?></td> + </tr> +</table> +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> +<? + if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) { +?> + <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=$user_id ?>">back</a></td></tr> +<? } +?> </table> +<? + } +} +?> diff --git a/pages/account/58.php b/pages/account/58.php new file mode 100644 index 0000000..1f6b1a0 --- /dev/null +++ b/pages/account/58.php @@ -0,0 +1,61 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) { + echo _('You do not have access to this page'); +} else { + $user_id = intval($_REQUEST['userid']); + $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) != 1){ + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + } else { + if ($row = mysql_fetch_assoc($res)){ + $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']); + $query = "select `orginfo`.`o`, `org`.`masteracc` + FROM `orginfo`, `org` + WHERE `orginfo`.`id` = `org`.`orgid` + AND `org`.`memid`='$user_id' order by `orginfo`.`o`"; + $res1 = mysql_query($query);?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"><? + if (mysql_num_rows($res1) <= 0) {?> + <tr> + <td colspan="2" class="title"><?=sprintf(_('%s is not listed as Organisation Administrator'), $username)?></td> + </tr> + <?}else{?> + <tr> + <td colspan="2" class="title"><?=sprintf(_('%s is listed as Organisation Administrator for:'), $username)?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_('Organisation')?></b></td> + <td class="DataTD"><b><?=_('Masteraccount')?></b></td> + </tr><? + while($drow = mysql_fetch_assoc($res1)){?> + <tr> + <td class="DataTD"><?=$drow['o']?></td> + <td class="DataTD"><?=$drow['masteracc'] ? _("Yes") : _("No") ?></td> + </tr> + <?} + } + ?></table> +<? }else{ + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + } + } +} +?> diff --git a/pages/index/0.php b/pages/index/0.php index 81ab2b1..a2c2e5a 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -29,61 +29,47 @@ <div class="newsbox"> <? -/* - $query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 5"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { - echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n"; - if($row['story'] != "") - echo "<p>[ <a href='news.php?id=".$row['id']."'>"._("Full Story")."</a> ]</p>\n"; - } - if(mysql_num_rows(mysql_query("select * from `news`")) > 2) - echo "<p>[ <a href='news.php'>"._("More News Items")."</a> ]</p>"; -*/ - $rss = ""; - $open = $items = 0; - $fp = @fopen("/www/pages/index/feed.rss", "r"); - if($fp) - { - echo '<p id="lnews">'._('Latest News').'</p>'; - - - while(!feof($fp)) - $rss .= trim(fgets($fp, 4096)); - fclose($fp); - $rss = str_replace("><", ">\n<", $rss); - $lines = explode("\n", $rss); - foreach($lines as $line) - { - $line = trim($line); - - if($line != "<item>" && $open == 0) - continue; - - if($line == "<item>" && $open == 0) - { - $open = 1; - continue; - } - - if($line == "</item>" && $open == 1) - { - $items++; - if($items >= 3) - break; - $open == 0; - continue; - } - if(substr($line, 0, 7) == "<title>") - echo "<h3>".str_replace("&#", "&#", recode_string("UTF8..html", str_replace("&", "", trim(substr($line, 7, -8)))))."</h3>\n"; - if(substr($line, 0, 13) == "<description>") - echo "<p>".str_replace("&#", "&#", recode_string("UTF8..html", str_replace("&", "", trim(substr($line, 13, -14)))))."</p>\n"; - if(substr($line, 0, 6) == "<link>") - echo "<p>[ <a href='".trim(substr($line, 6, -7))."'>"._("Full Story")."</a> ]</p>\n"; + printf("<p id='lnews'>%s</p>\n\n",_('Latest News')); + + $xml = "/www/pages/index/feed.rss"; // FIXME: use relative path to allow operation with different document root + $dom = new DOMDocument(); + $dom->preserveWhiteSpace = false; + $dom->Load($xml); + + $xpath = new DOMXPath($dom); //Create an XPath query + + $query = "//channel/item"; + $items = $xpath->query($query); + + $count = 0; + foreach($items as $id => $item) { + $query = "./title"; + $nodeList = $xpath->query($query, $item); + $title = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue); + + $query = "./link"; + $nodeList = $xpath->query($query, $item); + $link = htmlspecialchars($nodeList->item(0)->nodeValue); + + $query = "./description"; + $nodeList = $xpath->query($query, $item); + $description = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue); + + printf("<h3> %s </h3>\n", $title); + printf("<p> %s </p>\n", $description); + printf("<p>[<a href=\"%s\"> %s </a> ] </p>\n\n", $link,_("Full Story")); + + $title = ''; + $description = ''; + $link = ''; + + $count++; + if ($count >= 3) { + break; } } ?> + [ <a href="http://blog.CAcert.org/"><?=_('More News Items')?></a> ] </div> <hr/> @@ -118,8 +104,7 @@ <p><?=_("If you are located in Australia, use bank transfer instead.")?></p> <p><?=_("CAcert bank account details:")?></p> - -<ul> +<ul class="no_indent"> <li>Account Name: CAcert Inc</li> <li>SWIFT: WPACAU2S</li> <li>BSB: 032073</li> @@ -128,4 +113,3 @@ <br /><br /> <?=_("If you want to participate in CAcert.org, have a look")?> <a href="http://wiki.cacert.org/wiki/HelpingCAcert"><?=_("here")?></a> <?=_("and")?> <a href="http://wiki.cacert.org/wiki/SystemTasks"><?=_("here")?></a>. - diff --git a/pages/index/10.php b/pages/index/10.php index 9e09bb8..7280e09 100644 --- a/pages/index/10.php +++ b/pages/index/10.php @@ -14,11 +14,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<p style="background-color: #FF8080; font-size: 150%"> -<? -printf(_('This page has been moved to the %spolicy directory%s. Please update '. - 'your bookmarks and report any broken links.'), - '<a href="/policy/PrivacyPolicy.html">', '</a>'); -?> -</p> +*/ + + header('HTTP/1.0 301 Moved Permanently'); + header('Location: http://www.cacert.org/policy/CertificationPracticeStatement.php'); + exit(); diff --git a/pages/index/3.php b/pages/index/3.php index c2cb391..a107c29 100644 --- a/pages/index/3.php +++ b/pages/index/3.php @@ -18,38 +18,45 @@ <p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.php'>","</a>")?></p> -<p> -Class 1 <?=_("PKI Key")?><br> -<a href="index.php?id=17"><?=_("Click here if you want to import the root certificate into Microsoft Internet Explorer 5.x/6.x")?></a><br> -<a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a><br> -<a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a><br> -<a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a><br> -<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a><br> -<?=_("Fingerprint")?> SHA1: 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33<br/> -<?=_("Fingerprint")?> MD5: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B<br/> -</p> +<h3><?=_("Windows Installer") ?></h3> +<ul class="no_indent"> + <li><? printf(_("%s Windows installer package %s for browsers that use the Windows certificate store %s (for example Internet Explorer, Chrome on Windows and Safari on Windows)"), '<a href="certs/CAcert_Root_Certificates.msi">', '</a>', '<br/>')?></li> + <li><?=_("SHA1 Hash:") ?> 2db1957db31aa0d778d1a65ea146760ee1e67611</li> + <li><?=_("SHA256 Hash:") ?> 88883f2e3117bae6f43922fbaef8501b94efe4143c12116244ca5d0c23bcbb16</li> +</ul> -<p> -Class 3 <?=_("PKI Key")?><br> -<a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a><br/> -<a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a><br/> -<a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a><br/> -<a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a><br/> +<h3><?=_("Class 1 PKI Key")?></h3> +<ul class="no_indent"> + <li><a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a></li> + <li><a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a></li> + <li><a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a></li> + <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a></li> + <li><?=_("SHA1 Fingerprint:")?> 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33</li> + <li><?=_("MD5 Fingerprint:")?> A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B</li> +</ul> + +<h3><?=_("Class 3 PKI Key")?></h3> +<ul class="no_indent"> + <li><a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li> + <li><a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a></li> + <li><a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li> + <li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a></li> <?php /* class3 subroot fingerprint updated: 2011-05-23 class3 Re-sign project https://wiki.cacert.org/Roots/Class3ResignProcedure/Migration */ ?> -<?=_("Fingerprint")?> SHA1: AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE<br/> -<?=_("Fingerprint")?> MD5: F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42<br/> -</p> + <li><?=_("SHA1 Fingerprint:")?> AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE</li> + <li><?=_("MD5 Fingerprint:")?> F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42</li> +</ul> -<p> -<?=_("GPG Key")?><br> -<a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a><br> -</p> +<h3><?=_("GPG Key")?></h3> +<ul class="no_indent"> + <li><a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a></li> + <li><?=_("GPG Key ID:")?> 0x65D0FD58</li> + <li><?=_("Fingerprint:")?> A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58</li> +</ul> -<p> -<?=_("PKI finger/thumb print signed by the CAcert GPG Key")?><br> +<h4><?=_("PKI fingerprint signed by the CAcert GPG Key")?></h4> <pre> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @@ -82,8 +89,8 @@ TG1yj+lkktROGGyn0hJ5SbM= =tXoj -----END PGP SIGNATURE----- </pre> -</p> +<h3><?=_("History")?></h3> <p> <? printf(_('An overview over all CA certificates ever issued can be found in '. '%sthe wiki%s.'), diff --git a/pages/index/4.php b/pages/index/4.php index 9eb90af..384ea56 100644 --- a/pages/index/4.php +++ b/pages/index/4.php @@ -25,7 +25,7 @@ ?> <? if($_SESSION['_config']['hostname'] == $_SESSION['_config']['securehostname']) { ?> -<p><?=_("Warning! You've attempted to log into the system with a client certificate, but the login failed due to the certificate being expired, revoked, disabled for certificate login, or simply not valid for this site. You can login using your Email/Pass Phrase to get a new certificate, by clicking on 'Normal Login' to the right of your screen.")?></p> +<p><?=sprintf(_("Warning! You've attempted to log into the system with a client certificate, but the login failed due to the certificate being expired, revoked, disabled for certificate login, or simply not valid for this site. You can login using your email/pass phrase to get a new certificate, by clicking on %sPassword Login%s on the right side of this page."),"<a href='https://".$_SESSION['_config']['normalhostname']."/index.php?id=4'>", "</a>")?></p> <? } else { ?> <style> .box2 {width:100%;text-align:center;} diff --git a/pages/wot/2.php b/pages/wot/2.php index a75bc57..eda77bb 100644 --- a/pages/wot/2.php +++ b/pages/wot/2.php @@ -15,22 +15,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> -<span style="background-color: #FF8080; font-size: 150%"> -Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br> -Until a subsidiary policy under AP is written, it is against AP rules.<br> -</span> - <br> -<h3><?=_("To become an Assurer")?></h3> -<p><?=_("There are several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!).")?></p> +<h3><?=_('To become an Assurer')?></h3> -<p><?=_("You can also become a CAcert Assurer by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p> +<p><?=_('To become a CAcert Assurer you need to fulfill the following requirements:')?></p> +<ol> + <li><?=_('You have to reach 100 Assurance points')?></li> + <li><?=_('You have to pass the CATS test')?></li> +</ol> -<p>CAcert Inc.<br> -P.O. Box 4107<br> -Denistone East NSW 2112<br> -Australia</p> +<p><?=_('To reach 100 Assurance Points you have to meet with assurers who assure you under the CAcert Assurance Programme according to Assurance Policy. During the face to face meeting you need to show at least one governmental issued photo ID.')?></p> + +<p><?=sprintf(_('The 2nd requirement in becoming assurer is to pass the CAcert Assurer Challenge, which can be started at %s. For more information explore the wiki regarding the %s.'),'<a href="https://cats.cacert.org">https://cats.cacert.org</a>','<a href="//wiki.cacert.org/AssurerChallenge">Assurer Challenge</a>')?><p> + +<p><?=sprintf(_('In case you cannot meet an Assurer (eg there are not many assurer in your area) you can be assured under the alternate %sTTP-assisted-assurance programme%s. Read the pages %s for the basic way how the TTP-assisted-assurance programme works for you and %s whether the TTP programme affects the country where you are located.'),'<a href="/wot.php?id=4">', '</a>','<a href="//wiki.cacert.org/TTP/TTPuser">TTPuser</a>','<a href="//wiki.cacert.org/TTP/TTPAL">TTPAL</a>')?> </p> -<p><?=_("Upon receiving your documents you will be notified, and points will be added to your account.")?></p> -<p><?=_("Once you have received at least 100 Assurance Points you will have to pass a test called Assurer Challenge, which can be started at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>!'?></p> diff --git a/pages/wot/4.php b/pages/wot/4.php index 04997ba..befdfe4 100644 --- a/pages/wot/4.php +++ b/pages/wot/4.php @@ -14,7 +14,9 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> +*/ +require_once(dirname(__FILE__).'/../../includes/wot.inc.php'); +?> <h3><?=_("Trusted Third Parties")?></h3> @@ -32,4 +34,49 @@ <p><?=sprintf(_("If you are interested in the TTP programme, read the pages %s for the basic way how the TTP programme works for you, and %s whether the TTP programme affects the country where you are located."),"<a href='//wiki.cacert.org/TTP/TTPuser'>https://wiki.cacert.org/TTP/TTPuser</a>","<a href='//wiki.cacert.org/TTP/TTPAL'>https://wiki.cacert.org/TTP/TTPAL</a>")?> </p> -<p><?=sprintf(_("If you want to take part in the TTP programme, send an email to %s with your name, the main email address of your CAcert account and the country that you want to see the TTP. CAcert will then send you the needed forms and guide you through the process."),"<a href='mailto:support@cacert.org'>support@cacert.org</a>")?></p> +<? +// test for points <100 +if ($_SESSION['profile']['points']<100){ + // test for TTP assurances + if (get_number_of_ttpassurances(intval($_SESSION['profile']['id']))<2){?> + <p><?=_("If you want to ask for TTP assurances fill out the missing data and send the request to support@cacert.org to start the process. CAcert will then inform you about the next steps.")?></p> + <form method="post" action="wot.php"> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"><?=_("Country where you want to visit the TTP")?></td> + <td class="DataTD"><select size="1" name="country"> + <option>Australia</option> + <option>Puerto Rico</option> + <option>USA</option> + </select></td> + </tr> + <tr> + <td class="DataTD"><?=_("I want to take part in the TTP Topup programme")?></td> + <td class="DataTD"><input type="checkbox" name="ttptopup" value="1"></td> + </tr> + <tr> + <td colspan="2" > + <input type="hidden" name="oldid" value="<?=intval($id)?>"> + <input type="submit" name="ttp" value="<?=_("I need a TTP assurance")?>"> + </td> + </tr> + </table> + </form> +<? //" + } else { + /* As soon as the TPP TOPUP Programme is established this routine should be used + <p><?=_("As you have already got 2 TTP assurances you can only take part in the TTP TOPUP programme. If you want to ask for the TTP TOPUP programme use the submit button to send the request to support@cacert.org to start the process. CAcert will then inform you about the next steps.")?></p> + <form method="post" action="wot.php"> + <input type="hidden" name="oldid" value="<?=intval($id)?>"> + <input type="submit" name="ttptopup" value="<?=_("I need a TTP TOPUP")?>"> + </form> +*/ +?> + <p><?=_("We are working to develop the TTP TOPUP process to be able to fill the gap of the missing 30 assurance points to 100 assurance points. Meanwhile you have to close this gap with face to face assurances from CAcert Assurers. Think not only travelling to populated countries, but as well to assurers visiting your country or area.")?></p> +<? + } +} else { +?> + <p><?=_("You reached the maximum points that can be granted by the TTP programme and therefore you cannot take part in the TTP programme any more.")?></p> +<? +} diff --git a/scripts/49de-lt2013-berlin-email.txt b/scripts/49de-lt2013-berlin-email.txt new file mode 100644 index 0000000..3759160 --- /dev/null +++ b/scripts/49de-lt2013-berlin-email.txt @@ -0,0 +1,17 @@ +Hallo CAcert-Mitglieder und Assurer, + +Der diesjaehrige LinuxTag auf der Messe Berlin findet von Mittwoch, 22. Mai bis Samstag, 25. Mai statt und steht unter dem Motto "Open minds create effective solutions!" + +Effektive Loesungen finden bei CAcert besonders gut dann statt, wenn ein reger Informationsaustausch stattfindet. Dafuer steht CAcert mit einem Stand auf der Messe am Stand 140 in Halle 7.1a. Wir freuen uns dabei nicht nur auf Besucher, sondern wir sind auch in hohem Masse auf die Mithilfe der Community angewiesen. Wir freuen uns deshalb besonders, auch Dich am Stand als Standbetreuer, Assurer und Netzwerker begruessen zu koennen. Bei dieser Gelegenheit koennen wir uns auch gerne ueber die aktuellen Entwicklungen bei CAcert unterhalten. + +Weitere Details stehen in unserem Wiki unter +[https://wiki.cacert.org/Events/LinuxTag2013] + +Fuer Assurer, die als Standbetreuer mithelfen moechten bitte +Rueckantwort bitte an events@cacert.org + 'Ich moechte beim Linuxtag mithelfen' +Dafuer koennen wir auch kostenlose Eintrittskarten zur Verfuegung stellen, rechtzeitige Absprache ist dafuer natuerlich Voraussetzung. + +Vielen Dank fuer eure Unterstuetzung! + +Kontakt: events@cacert.org diff --git a/scripts/49de-lt2013-berlin-mail.php.txt b/scripts/49de-lt2013-berlin-mail.php.txt new file mode 100644 index 0000000..a5bef69 --- /dev/null +++ b/scripts/49de-lt2013-berlin-mail.php.txt @@ -0,0 +1,119 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2009 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/mysql.php"); + + $lines = ""; + $fp = fopen("49de-lt2013-berlin-email.txt", "r"); + while(!feof($fp)) + { + $line = trim(fgets($fp, 4096)); + $lines .= wordwrap($line, 75, "\n")."\n"; + } + fclose($fp); + + +// $locid = intval($_REQUEST['location']); +// $maxdist = intval($_REQUEST['maxdist']); +// maxdist in [Km] + $maxdist = 50; + + +// location location.ID +// verified: 29.4.09 u.schroeter +// $locid = 7902857; // Paris +// $locid = 238568; // Bielefeld +// $locid = 715191; // Hamburg +// $locid = 1102495; // London +// $locid = 606058; // Frankfurt +// $locid = 1775784; // Stuttgart +// $locid = 228950; // Berlin +// $locid = 606058; // Frankfurt +// $locid = 599389; // Flensburg +// $locid = 61065; // Amsterdam, Eemnes +// $locid = 228950; // Berlin +// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States +// $locid = 1486658; // Potsdam +// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden +// $locid = 2094781; // Mission Hills (Los Angeles), California, United States +// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark +// $locid = 2093625; // Los Angeles, CA ??? +// $locid = 2094326 // Los Angeles (Los Angeles), California, United States +// $locid = 2257312; // Sydney, New South Wales, Australia +// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany +// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany +// $locid = 1260319; // Muenchen +// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany +// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany +// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany +// $locid = 2262656; // Melbourne, Victoria, Australia +// $locid = 2185076; // Raleigh (Wake), North Carolina, United States + +// CAcert Assurance and Keysigning event at FUDcon, Lawrence, KS, Jan 19th 2013 +// $locid = 2126955; // Lawrence (Douglas), Kansas, United States +// $eventname = "CAcert Assurance and Keysigning at FUDcon Lawrence, KS"; +// $city = "January 19th 2013"; + +// ATE-Kiel 2013-02-11 +// $locid = 919560; // Kiel, Schleswig-Holstein, Germany +// $eventname = "ATE-Kiel"; +// $city = "11. Februar 2013"; + +// Linuxtag, Berlin, May 22-25, 2013, + $locid = 228950; // Berlin + $eventname = "Linuxtag Berlin"; + $city = "22.-25. Mai, 2013"; + + + $query = "select * from `locations` where `id`='$locid'"; + $loc = mysql_fetch_assoc(mysql_query($query)); + + $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + + (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * + COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* + FROM `locations` + inner join `users` on `users`.`locid` = `locations`.`id` + inner join `alerts` on `users`.`id`=`alerts`.`memid` + inner join `notary` on `users`.`id`=`notary`.`to` + WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) + GROUP BY `users`.`id` + HAVING `distance` <= '$maxdist' + ORDER BY `distance` "; + echo $query; + + // comment next line when starting to send mail not only to me + // $query = "select * from `users` where `email` like 'cacerttest%'"; + + $res = mysql_query($query); + $xrows = mysql_num_rows($res); + + while($row = mysql_fetch_assoc($res)) + { + // uncomment next line to send mails ... + sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + } + // 1x cc to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + // 1x mailing report to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + + // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 + sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + echo "invitation sent to $xrows recipients.\n"; + +?> diff --git a/scripts/50de-ate-luebeck-email.txt b/scripts/50de-ate-luebeck-email.txt new file mode 100644 index 0000000..5bbfb70 --- /dev/null +++ b/scripts/50de-ate-luebeck-email.txt @@ -0,0 +1,91 @@ +[Deutsch] + +Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher +eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen. +Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. +in dem CAcert Community Agreement) wurden beschlossen. Die Assurer +Training Events wollen versuchen, die ganzen Informationen unter's +Volk zu bringen: + +- Welcher Satz fehlt auf alten CAP Formularen? +- Warum soll ich mir R/L/O einpraegen? +- Wie verhaelst du dich, + wenn du ein fremdes Ausweisdokument das ersteMal pruefst? + +Antworten auf diese und weitere Fragen erhaelst du bei den +Assurer Training Events (ATEs). + +Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung +trainiert und auditiert, um die Qualitaet der Assurances in der +taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und +Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die +Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren, +wie diese vermieden werden koennen. + +Wie IanG sagte: The ATE or Assurer Training Event is exceptionally +recommended for all Assurers, and include parts which contribute +directly to our audit. Come and find out how you can also contribute. + +Die kommende Veranstaltung in deiner Naehe findet statt am: + +- Freitag, den 7. Juni 2013 +- in der Zeit von: 19:00 - ca. 22:00 Uhr +- Jugendzentrum Burgtor +- Grosse Burgstrasse 2 +- 23539 Luebeck + + +Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im +Wiki [http://wiki.cacert.org/events/2013-06-07ATE-Luebeck] +Blog [http://blog.cacert.org/2013/05/595.html] + +Teilnehmer Registrierung mit Rueckantwort: + 'Ich moechte am ATE-Luebeck teilnehmen' + +Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme. + +Kontakt: events@cacert.org + + + +[English] + +During the last year many changes took place inside CAcert. Many "oral" +rules have been put into Policies. New procedures +(e.g. Assurer Challenge) and obligations +(e.g. CAcert Community Agreement) have been put into live. +The Assurer Training Events (ATE) try to spread this information: + +- What is missing on the "old" CAP forms? +- Why should I remember R/L/O? +- What can you do if an Assuree shows an ID document unknown to you? + +These and more questions will be answered during the +Assurer Training Events (ATEs) + +Furthermore, the ATE trains how to do assurances and audits assurances, +to measure the quality of assurances in the daily routine. Here are some +possible errors and pitfalls which need to be found. Assurers have the +opportunity to see those errors and how to avoid them. + +As IanG said: The ATE or Assurer Training Event is exceptionally +recommended for all Assurers and includes parts which contribute +directly to our audit. Come and find out how you can also contribute. + +The next event held in your area will be: + +- Friday 07. June 2013 +- during 19:00 - ca. 22:00 +- Jugendzentrum Burgtor +- Grosse Burgstrasse 2 +- 23539 Luebeck + +Details to the location can be found: +Wiki [http://wiki.cacert.org/events/2013-06-07ATE-Luebeck] +Blog [http://blog.cacert.org/2013/05/595.html] + +User reply for registration: 'I will attend the ATE-Luebeck' + +The event team is looking forward for your attendance: + +Contact: events@cacert.org diff --git a/scripts/50de-ate-luebeck-mail.php.txt b/scripts/50de-ate-luebeck-mail.php.txt new file mode 100644 index 0000000..41721c5 --- /dev/null +++ b/scripts/50de-ate-luebeck-mail.php.txt @@ -0,0 +1,123 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2013 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/mysql.php"); + + $lines = ""; + $fp = fopen("50de-ate-luebeck-email.txt", "r"); + while(!feof($fp)) + { + $line = trim(fgets($fp, 4096)); + $lines .= wordwrap($line, 75, "\n")."\n"; + } + fclose($fp); + + +// $locid = intval($_REQUEST['location']); +// $maxdist = intval($_REQUEST['maxdist']); +// maxdist in [Km] + $maxdist = 200; + + +// location location.ID +// verified: 29.4.09 u.schroeter +// $locid = 7902857; // Paris +// $locid = 238568; // Bielefeld +// $locid = 715191; // Hamburg +// $locid = 1102495; // London +// $locid = 606058; // Frankfurt +// $locid = 1775784; // Stuttgart +// $locid = 228950; // Berlin +// $locid = 606058; // Frankfurt +// $locid = 599389; // Flensburg +// $locid = 61065; // Amsterdam, Eemnes +// $locid = 228950; // Berlin +// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States +// $locid = 1486658; // Potsdam +// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden +// $locid = 2094781; // Mission Hills (Los Angeles), California, United States +// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark +// $locid = 2093625; // Los Angeles, CA ??? +// $locid = 2094326 // Los Angeles (Los Angeles), California, United States +// $locid = 2257312; // Sydney, New South Wales, Australia +// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany +// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany +// $locid = 1260319; // Muenchen +// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany +// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany +// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany +// $locid = 2262656; // Melbourne, Victoria, Australia +// $locid = 2185076; // Raleigh (Wake), North Carolina, United States + +// CAcert Assurance and Keysigning event at FUDcon, Lawrence, KS, Jan 19th 2013 +// $locid = 2126955; // Lawrence (Douglas), Kansas, United States +// $eventname = "CAcert Assurance and Keysigning at FUDcon Lawrence, KS"; +// $city = "January 19th 2013"; + +// ATE-Kiel 2013-02-11 +// $locid = 919560; // Kiel, Schleswig-Holstein, Germany +// $eventname = "ATE-Kiel"; +// $city = "11. Februar 2013"; + +// Linuxtag, Berlin, May 22-25, 2013, +// $locid = 228950; // Berlin +// $eventname = "Linuxtag Berlin"; +// $city = "22.-25. Mai, 2013"; + + $locid = 1117395; // Lubeck Hansestadt, Schleswig-Holstein, Germany + $eventname = "ATE-Luebeck"; + $city = "07. Juni 2013"; + + + $query = "select * from `locations` where `id`='$locid'"; + $loc = mysql_fetch_assoc(mysql_query($query)); + + $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) + + (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) * + COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.* + FROM `locations` + inner join `users` on `users`.`locid` = `locations`.`id` + inner join `alerts` on `users`.`id`=`alerts`.`memid` + inner join `notary` on `users`.`id`=`notary`.`to` + WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1) + GROUP BY `users`.`id` + HAVING `distance` <= '$maxdist' + ORDER BY `distance` "; + echo $query; + + // comment next line when starting to send mail not only to me + // $query = "select * from `users` where `email` like 'cacerttest%'"; + + $res = mysql_query($query); + $xrows = mysql_num_rows($res); + + while($row = mysql_fetch_assoc($res)) + { + // uncomment next line to send mails ... + sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + } + // 1x cc to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + // 1x mailing report to events.cacert.org + sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + + // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1 + sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1); + echo "invitation sent to $xrows recipients.\n"; + +?> diff --git a/scripts/51at-ate-graz-email.txt b/scripts/51at-ate-graz-email.txt new file mode 100644 index 0000000..0d77dfe --- /dev/null +++ b/scripts/51at-ate-graz-email.txt @@ -0,0 +1,91 @@ +[Deutsch]
+
+Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher
+eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen.
+Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B.
+in dem CAcert Community Agreement) wurden beschlossen. Die Assurer
+Training Events wollen versuchen, die ganzen Informationen unter's
+Volk zu bringen:
+
+- Welcher Satz fehlt auf alten CAP Formularen?
+- Warum soll ich mir R/L/O einpraegen?
+- Wie verhaelst du dich,
+ wenn du ein fremdes Ausweisdokument das ersteMal pruefst?
+
+Antworten auf diese und weitere Fragen erhaelst du bei den
+Assurer Training Events (ATEs).
+
+Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung
+trainiert und auditiert, um die Qualitaet der Assurances in der
+taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und
+Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die
+Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren,
+wie diese vermieden werden koennen.
+
+Wie IanG sagte: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers, and include parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+Die kommende Veranstaltung in deiner Naehe findet statt am:
+
+- Freitag, den 16. August 2013
+- in der Zeit von: 19:00 - ca. 22:00 Uhr
+- Realraum Graz
+- Jakomistraße 16
+- 8010 Graz
+
+
+Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
+Wiki [http://wiki.cacert.org/Events/2013-08-16ATE-Graz]
+Blog [http://blog.cacert.org/2013/07/ate-graz-at-2013-08-16/]
+
+Teilnehmer Registrierung mit Rueckantwort:
+ 'Ich moechte am ATE-Graz teilnehmen'
+
+Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
+
+Kontakt: events@cacert.org
+
+
+
+[English]
+
+During the last year many changes took place inside CAcert. Many "oral"
+rules have been put into Policies. New procedures
+(e.g. Assurer Challenge) and obligations
+(e.g. CAcert Community Agreement) have been put into live.
+The Assurer Training Events (ATE) try to spread this information:
+
+- What is missing on the "old" CAP forms?
+- Why should I remember R/L/O?
+- What can you do if an Assuree shows an ID document unknown to you?
+
+These and more questions will be answered during the
+Assurer Training Events (ATEs)
+
+Furthermore, the ATE trains how to do assurances and audits assurances,
+to measure the quality of assurances in the daily routine. Here are some
+possible errors and pitfalls which need to be found. Assurers have the
+opportunity to see those errors and how to avoid them.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers and includes parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+The next event held in your area will be:
+
+- Friday 16. August 2013
+- during 19:00 - ca. 22:00
+- Realraum Graz
+- Jakomistraße 16
+- 8010 Graz
+
+Details to the location can be found:
+Wiki [http://wiki.cacert.org/Events/2013-08-16ATE-Graz]
+Blog [http://blog.cacert.org/2013/07/ate-graz-at-2013-08-16/]
+
+User reply for registration: 'I will attend the ATE-Graz'
+
+The event team is looking forward for your attendance:
+
+Contact: events@cacert.org
diff --git a/scripts/51at-ate-graz-mail.php.txt b/scripts/51at-ate-graz-mail.php.txt new file mode 100644 index 0000000..56dd4ff --- /dev/null +++ b/scripts/51at-ate-graz-mail.php.txt @@ -0,0 +1,126 @@ +#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2013 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("51at-ate-graz-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+
+// CAcert Assurance and Keysigning event at FUDcon, Lawrence, KS, Jan 19th 2013
+// $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+// $eventname = "CAcert Assurance and Keysigning at FUDcon Lawrence, KS";
+// $city = "January 19th 2013";
+
+// ATE-Kiel 2013-02-11
+// $locid = 919560; // Kiel, Schleswig-Holstein, Germany
+// $eventname = "ATE-Kiel";
+// $city = "11. Februar 2013";
+
+// Linuxtag, Berlin, May 22-25, 2013,
+// $locid = 228950; // Berlin
+// $eventname = "Linuxtag Berlin";
+// $city = "22.-25. Mai, 2013";
+
+// $locid = 1117395; // Lubeck Hansestadt, Schleswig-Holstein, Germany
+// $eventname = "ATE-Luebeck";
+// $city = "07. Juni 2013";
+
+ $locid = 675661; // Graz, Steiermark, Austria
+ $eventname = "ATE-Graz";
+ $city = "16. August 2013";
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/cron/removedead.php b/scripts/cron/removedead.php index aadda81..2257dc8 100755 --- a/scripts/cron/removedead.php +++ b/scripts/cron/removedead.php @@ -19,7 +19,8 @@ require_once(dirname(__FILE__).'/../../includes/mysql.php'); require_once(dirname(__FILE__).'/../../includes/lib/l10n.php'); - + require_once(dirname(__FILE__).'/../../includes/notary.inc.php'); + $query = "select * from `users` where `users`.`verified`=0 and (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`users`.`created`)) >= 172800"; $res = mysql_query($query); @@ -27,6 +28,7 @@ { mysql_query("delete from `email` where `memid`='".$row['id']."'"); mysql_query("delete from `users` where `id`='".$row['id']."'"); + delete_user_agreement($row['id']); } $query = "delete from `domains` where `hash`!='' and diff --git a/scripts/cron/warning.php b/scripts/cron/warning.php index 18e89da..0c97ba2 100755 --- a/scripts/cron/warning.php +++ b/scripts/cron/warning.php @@ -24,7 +24,7 @@ foreach($days as $day => $warning) { $query = "SELECT `emailcerts`.`id`,`users`.`fname`,`users`.`lname`,`users`.`email`,`emailcerts`.`memid`, - `emailcerts`.`subject`, `emailcerts`.`crt_name`,`emailcerts`.`CN`, + `emailcerts`.`subject`, `emailcerts`.`crt_name`,`emailcerts`.`CN`, `emailcerts`.`serial`, (UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP(NOW())) / 86400 as `daysleft` FROM `users`,`emailcerts` WHERE UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP(NOW()) > -7 * 86400 and @@ -56,7 +56,11 @@ $body = sprintf(_("Hi %s"), $row['fname']).",\n\n"; $body .= _("You are receiving this email as you are the listed contact for:")."\n\n"; $body .= $row['subject']."\n\n"; - $body .= sprintf(_("Your certificate is set to expire in approximately %s days time, you can renew this by going to the following URL:"), $row['daysleft'])."\n\n"; + $body .= sprintf(_("Your certificate with the serial number %s is ". + "set to expire in approximately %s days time. You can ". + "renew it by going to the following URL:"), + $row['serial'], + $row['daysleft'])."\n\n"; $body .= "https://www.cacert.org/account.php?id=5\n\n"; $body .= _("Best Regards")."\n"._("CAcert Support"); sendmail($row['email'], "[CAcert.org] "._("Your Certificate is about to expire"), $body, "support@cacert.org", "", "", "CAcert Support"); @@ -68,16 +72,37 @@ echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['memid foreach($days as $day => $warning) { - $query = "SELECT `domaincerts`.`id`, `users`.`fname`, `users`.`lname`, `users`.`email`, - `domains`.`memid`, `domaincerts`.`subject`, `domaincerts`.`crt_name`, - `domaincerts`.`CN`, - (UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP(NOW())) / 86400 AS `daysleft` - FROM `users`, `domaincerts`, `domlink`, `domains` - WHERE UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP(NOW()) > -7 * 86400 AND - UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP(NOW()) < $day * 86400 AND - `domaincerts`.`renewed`=0 AND `domaincerts`.`warning` <= '$warning' AND - `domaincerts`.`revoked`=0 AND `users`.`id` = `domains`.`memid` AND - `domlink`.`certid` = `domaincerts`.`id` AND `domains`.`id` = `domlink`.`domid`"; + $select_clause = + "`domaincerts`.`id`, + `users`.`fname`, `users`.`lname`, `users`.`email`, + `domains`.`memid`, + `domaincerts`.`subject`, `domaincerts`.`crt_name`, + `domaincerts`.`CN`, + `domaincerts`.`serial`, + (UNIX_TIMESTAMP(`domaincerts`.`expire`) - + UNIX_TIMESTAMP(NOW())) / 86400 AS `daysleft`"; + $where_clause = + "UNIX_TIMESTAMP(`domaincerts`.`expire`) - + UNIX_TIMESTAMP(NOW()) > -7 * 86400 + AND UNIX_TIMESTAMP(`domaincerts`.`expire`) - + UNIX_TIMESTAMP(NOW()) < $day * 86400 + AND `domaincerts`.`renewed` = 0 + AND `domaincerts`.`warning` <= '$warning' + AND `domaincerts`.`revoked` = 0 + AND `domains`.`memid` = `users`.`id`"; + $query = + "SELECT $select_clause + FROM `users`, `domaincerts`, `domains` + WHERE $where_clause + AND `domaincerts`.`domid` = `domains`.`id` + UNION DISTINCT + SELECT $select_clause + FROM `users`, + `domaincerts` LEFT JOIN `domlink` ON + (`domaincerts`.`id` = `domlink`.`certid`), + `domains` + WHERE $where_clause + AND `domlink`.`domid` = `domains`.`id`"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { @@ -88,7 +113,11 @@ echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['memid $body = sprintf(_("Hi %s"), $row['fname']).",\n\n"; $body .= _("You are receiving this email as you are the listed contact for:")."\n\n"; $body .= $row['subject']."\n\n"; - $body .= sprintf(_("Your certificate is set to expire in approximately %s days time, you can renew this by going to the following URL:"), $row['daysleft'])."\n\n"; + $body .= sprintf(_("Your certificate with the serial number %s is ". + "set to expire in approximately %s days time. You can ". + "renew it by going to the following URL:"), + $row['serial'], + $row['daysleft'])."\n\n"; $body .= "https://www.cacert.org/account.php?id=12\n\n"; $body .= _("Best Regards")."\n"._("CAcert Support"); sendmail($row['email'], "[CAcert.org] "._("Your Certificate is about to expire"), $body, "support@cacert.org", "", "", "CAcert Support"); diff --git a/www/certs/CAcert_Root_Certificates.msi b/www/certs/CAcert_Root_Certificates.msi Binary files differnew file mode 100644 index 0000000..f60567e --- /dev/null +++ b/www/certs/CAcert_Root_Certificates.msi diff --git a/www/disputes.php b/www/disputes.php index 5b78c1e..4944d8c 100644 --- a/www/disputes.php +++ b/www/disputes.php @@ -236,6 +236,23 @@ exit; } + //check if email belongs to locked account + $res = mysql_query("select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)"); + if(mysql_num_rows($res) > 0) + { + showheader(_("Email Dispute")); + printf(_("Sorry, the email address '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($email),"<a href='mailto:support@cacert.org'>support@cacert.org</a>"); + $duser=$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']; + $body = sprintf("Someone has just attempted to dispute this email '%s', which belongs to a locked account:\n". + "Username(ID): %s (%s)\n". + "email: %s\n". + "IP/Hostname: %s\n", $email, $duser, $_SESSION['profile']['id'], $_SESSION['profile']['email'], $_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")); + sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $duser); + + showfooter(); + exit; + } + $res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''"); if(mysql_num_rows($res) > 0) { @@ -264,7 +281,7 @@ echo _("You aren't allowed to dispute your own email addresses. Can't continue."); showfooter(); exit; - } + } $res = mysql_query("select * from `users` where `id`='$oldmemid'"); $user = mysql_fetch_assoc($res); @@ -308,6 +325,23 @@ exit; } + //check if domain belongs to locked account + $res = mysql_query("select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)"); + if(mysql_num_rows($res) > 0) + { + showheader(_("Domain Dispute")); + printf(_("Sorry, the domain '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($domain),"<a href='mailto:support@cacert.org'>support@cacert.org</a>"); + $duser=$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']; + $body = sprintf("Someone has just attempted to dispute this domain '%s', which belongs to a locked account:\n". + "Username(ID): %s (%s)\n". + "email: %s\n". + "IP/Hostname: %s\n", $domain, $duser, $_SESSION['profile']['id'], $_SESSION['profile']['email'], $_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")); + sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $duser); + + showfooter(); + exit; + } + $query = "select * from `disputedomain` where `domain`='$domain' and hash!=''"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) @@ -319,12 +353,20 @@ } unset($oldid); $query = "select * from `domains` where `domain`='$domain' and `deleted`=0"; - $email = ""; if(array_key_exists('email',$_REQUEST)) $email=trim(mysql_real_escape_string($_REQUEST['email'])); $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { + $query = "select 1 from `orgdomains` where `domain`='$domain'"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + showheader(_("Domain Dispute")); + printf(_("The domain '%s' is included in an organisation account. Please send a mail to %s to dispute this domain."), sanitizeHTML($domain),'<a href="mailto:support@cacert.org">support@cacert.org</a>'); + showfooter(); + exit; + } showheader(_("Domain Dispute")); - printf(_("The domain '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($email)); + printf(_("The domain '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($domain)); showfooter(); exit; } @@ -336,7 +378,7 @@ echo _("You aren't allowed to dispute your own domains. Can't continue."); showfooter(); exit; - } + } $domainid = $row['id']; $_SESSION['_config']['domainid'] = $domainid; diff --git a/www/index.php b/www/index.php index 35d22d7..c7cc03e 100644 --- a/www/index.php +++ b/www/index.php @@ -18,6 +18,7 @@ require_once('../includes/lib/l10n.php'); + $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; @@ -544,6 +545,8 @@ require_once('../includes/lib/l10n.php'); `regional`='".$_SESSION['signup']['regional']."', `radius`='".$_SESSION['signup']['radius']."'"; mysql_query($query); + include_once("../includes/notary.inc.php"); + write_user_agreement($memid, "CCA", "account creation", "", 1); $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; diff --git a/www/styles/default.css b/www/styles/default.css index c97e429..f2b3c95 100644 --- a/www/styles/default.css +++ b/www/styles/default.css @@ -86,11 +86,9 @@ padding-left: 5px; border-left: 0px; } -ul { +ul.no_indent { list-style: none; -margin: 0px 0px 0px 15px; -padding-left: 5px; -border-left: 1px dotted #000; +padding: 0px; } /***********************************************/ diff --git a/www/wot.php b/www/wot.php index 9e41891..1b84f51 100644 --- a/www/wot.php +++ b/www/wot.php @@ -115,6 +115,7 @@ function send_reminder() + loadem("account"); if(array_key_exists('date',$_POST) && $_POST['date'] != "") $_SESSION['_config']['date'] = $_POST['date']; @@ -126,6 +127,40 @@ function send_reminder() if($oldid == 12) $id = $oldid; + + if($oldid == 4) + { + if ($_POST['ttp']!='') { + //This mail does not need to be translated + $body = "Hi TTP adminstrators,\n\n"; + $body .= "User ".$_SESSION['profile']['fname']." ". + $_SESSION['profile']['lname']." with email address '". + $_SESSION['profile']['email']."' is requesting a TTP assurances for ". + mysql_escape_string(stripslashes($_POST['country'])).".\n\n"; + if ($_POST['ttptopup']=='1') { + $body .= "The user is also requesting TTP TOPUP.\n\n"; + }else{ + $body .= "The user is NOT requesting TTP TOPUP.\n\n"; + } + $body .= "The user received ".intval($_SESSION['profile']['points'])." assurance points up to today.\n\n"; + $body .= "Please start the TTP assurance process."; + sendmail("support@cacert.org", "[CAcert.org] TTP request.", $body, "support@cacert.org", "", "", "CAcert Website"); + + //This mail needs to be translated + $body =_("You are receiving this email because you asked for TTP assurance.")."\n\n"; + if ($_POST['ttptopup']=='1') { + $body .=_("You are requesting TTP TOPUP.")."\n\n"; + }else{ + $body .=_("You are NOT requesting TTP TOPUP.")."\n\n"; + } + $body .= _("Best regards")."\n"; + $body .= _("CAcert Support Team"); + + sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You requested TTP assurances"), $body, "support@cacert.org", "", "", "CAcert Support"); + + } + + } if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6)) if (!is_assurer($_SESSION['profile']['id'])) @@ -293,18 +328,16 @@ $iecho= "c"; `location`='".mysql_escape_string(stripslashes($_POST['location']))."', `date`='".mysql_escape_string(stripslashes($_POST['date']))."', `when`=NOW()"; - if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0) - { - $query .= ",\n`method`='Temporary Increase'"; - $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)"; - $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'"; - } else if($_SESSION['profile']['board'] == 1) { - $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'"; - } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) { + if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) { $query .= ",\n`method`='TTP-Assisted'"; } mysql_query($query); fix_assurer_flag($_SESSION['_config']['notarise']['id']); + include_once("../includes/notary.inc.php"); +/*to be activated after CCA accept option is implemented in form + write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);}*/ +/* to be activated after the CCA recording is announced + write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']); */ if($_SESSION['profile']['points'] < 150) { @@ -321,6 +354,7 @@ $iecho= "c"; `method`='Administrative Increase', `when`=NOW()"; mysql_query($query); + // No need to fix_assurer_flag here, this should only happen for assurers... $_SESSION['profile']['points'] += $addpoints; } @@ -341,22 +375,13 @@ $iecho= "c"; if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0) { - $body .= _("You have at least 100 Assurance Points. If you want ". - "to become an assurer try the Assurer Challenge"). - " ( https://cats.cacert.org ).\n\n"; - $body .= _("To make it easier for others in your area to find ". - "you, it's helpful to list yourself as an assurer (this ". - "is voluntary), as well as a physical location where you ". - "live or work the most. You can flag your account to be ". - "listed, and add a comment to the display by going to:")."\n"; + $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the Assurer Challenge")." ( https://cats.cacert.org )\n\n"; + $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n"; $body .= "https://www.cacert.org/wot.php?id=8\n\n"; $body .= _("You can list your location by going to:")."\n"; $body .= "https://www.cacert.org/wot.php?id=13\n\n"; } - if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0) - $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n"; - $body .= _("Best regards")."\n"; $body .= _("CAcert Support Team"); @@ -370,20 +395,11 @@ $iecho= "c"; else $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n"; - if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0) - $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n"; $body .= _("Best regards")."\n"; $body .= _("CAcert Support Team"); sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support"); - if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0) - { - $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n"; - - sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website"); - } - showheader(_("My CAcert.org Account!")); echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>"; ?><form method="post" action="wot.php"> |