diff options
Diffstat (limited to 'pages/account')
58 files changed, 4192 insertions, 0 deletions
diff --git a/pages/account/0.php b/pages/account/0.php new file mode 100644 index 0000000..84b581e --- /dev/null +++ b/pages/account/0.php @@ -0,0 +1,33 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<H3><?=_("My Account")?></H3> +<p><?=_("Welcome to your account section of the website. Below is a description of the different sections and what they're for.")?></p> +<H4><?=_("CAcert.org")?></H4> +<p><?=_("If you would like to view news items or change languages you can click the logout or go home links. Go home doesn't log you out of the system, just returns you to the front of the website. Logout logs you out of the system.")?></p> +<H4><?=_("My Details")?></H4> +<p><?=_("In this section you will be able to edit your personal information (if you haven't been assured), update your pass phrase, and lost pass phrase questions. You will also be able to set your location for the Web of Trust, it also effects the email announcement settings which among other things can be set to notify you if you're within 200km of a planned assurance event. You'll also be able to set additional contact information when you become fully trusted, so others can contact you to meet up outside official events.")?></p> +<h4><?=_("Email Accounts and Client Certificates")?></h4> +<p><?=_("The email account section is for adding/updating/removing email accounts which can be used to issue client certificates against. The client certificate section steps you through generating a certificate signing request for one or more emails you've registered in the email account section.")?></p> +<h4><?=_("Domains and Server Certificates.")?></h4> +<p><?=_("Before you can start issuing certificates for your website, irc server, smtp server, pop3, imap etc you will need to add domains to your account under the domain menu. You can also remove domains from here as well. Once you've added a domain you are free then to go into the Server Certificate section and start pasting CSR into the website and have the website return you a valid certificate for up to 2 years if you have 50 trust points, or 6 months for no trust points.")?></p> +<h4><?=_("Org Client and Server Certificates")?></h4> +<p><?=_("Once you have verified your company you will see these menu options. They allow you to issue as many certificates as you like without proving individual email accounts as you like, further more you are able to get your company details on the certificate.")?></p> +<h4><?=_("CAcert Web of Trust")?></h4> +<p><?=_("The Web of Trust system CAcert uses is similar to that many involved with GPG/PGP use, they hold face to face meetings to verify each others photo identities match their GPG/PGP key information. CAcert differs however in that we have modified things to work within the PKI framework, for you to gain trust in the system you must first locate someone already trusted. The trust person depending how many people they've trusted or meet before will determine how many points they can issue to you (the number of points they can issue is listed in the locate assurer section). Once you've met up you can show your ID and you will need to fill out a CAP form which the person assuring your details must retain for verification reasons.")?></p> +<p><b><?=_("The former TTP (Trusted Third Party) System has been stopped, and is currently not available.")?></b></p> +<? // "You can also get trust points via the Trust Third Party system where you go to a lawyer, bank manager, accountant, or public notary/juctise of the peace and they via your ID and fill in the TTP form to state they have viewed your ID documents and it appears authentic and true. More information on the TTP system can be found in the TTP sub-menu</p> ?> diff --git a/pages/account/1.php b/pages/account/1.php new file mode 100644 index 0000000..f3cd1f2 --- /dev/null +++ b/pages/account/1.php @@ -0,0 +1,35 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Add Email")?></td> + </tr> + + <tr> + <td class="DataTD" width="125"><?=_("Email Address")?>: </td> + <td class="DataTD" width="125"><input type="text" name="newemail" value="<?=array_key_exists('newemail',$_SESSION['profile'])?sanitizeHTML($_SESSION['profile']['newemail']):''?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("I own or am authorised to control this email address")?>"/></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="csrf" value="<?=make_csrf('addemail')?>" /> +</form> +<p><?=_("Currently we only issue certificates for Punycode domains if the person requesting them has code signing attributes attached to their account, as these have potentially slightly higher security risk.")?></p> diff --git a/pages/account/10.php b/pages/account/10.php new file mode 100644 index 0000000..704a05c --- /dev/null +++ b/pages/account/10.php @@ -0,0 +1,41 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/shutdown.php"); +?> +<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3> +<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p> + +<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p> + +<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/policy/">http://www.cacert.org/policy/</a></p> + +<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> + +<p><b>*** <?=_("Please Note. All information on your certificate will be removed except the CommonName and SubjectAltName field, this is because it's an automated service and cannot automatically verify other details on your certificates are valid or not. If you are a valid organisation and would like more details to appear on certificates, you will need to have at least 50 assurance points and you need to send us a copy of your document of incorporation. Then we can add those details to your certificates. Contact us for more information on our organisational services.")?> ***</b></p> + +<form method="post" action="account.php"> +<? if($_SESSION['profile']['points'] >= 50) { ?> +<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br> +<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br> +<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> +<? } ?> +<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p> +<textarea name="CSR" cols="80" rows="15"></textarea><br> +<input type="submit" name="process" value="<?=_("Submit")?>"> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/11.php b/pages/account/11.php new file mode 100644 index 0000000..4e070cb --- /dev/null +++ b/pages/account/11.php @@ -0,0 +1,53 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<p> +<?=_("Please make sure the following details are correct before proceeding any further.")?> +</p> +<?// print_r($_SESSION['_config']['altrows']); ?> +<p> +<? if(is_array($_SESSION['_config']['rows'])) + foreach($_SESSION['_config']['rows'] as $row) { ?> +<?=_("CommonName")?>: <?=$row?><br> +<? } ?> +<? if(is_array($_SESSION['_config']['altrows'])) + foreach($_SESSION['_config']['altrows'] as $row) { ?> +<?=_("subjectAltName")?>: <?=$row?><br> +<? } ?> +<? if(1 == 0) { ?> +<?=_("Organisation")?>: <?=$_SESSION['_config']['O']?><br> +<?=_("Org. Unit")?>: <?=$_SESSION['_config']['OU']?><br> +<?=_("Location")?>: <?=$_SESSION['_config']['L']?><br> +<?=_("State/Province")?>: <?=$_SESSION['_config']['ST']?><br> +<?=_("Country")?>: <?=$_SESSION['_config']['C']?><br> +<?=_("Email Address")?>: <?=$_SESSION['_config']['emailAddress']?><br> +<? } ?> +<?=_("No additional information will be included on certificates because it can not be automatically checked by the system.")?> +<? if(array_key_exists('rejected',$_SESSION['_config']) && is_array($_SESSION['_config']['rejected'])) { ?> +<br><br><?=_("The following hostnames were rejected because the system couldn't link them to your account, if they are valid please verify the domains against your account.")?><br> +<? foreach($_SESSION['_config']['rejected'] as $row) { ?> +<?=_("Rejected")?>: <a href="account.php?id=7&newdomain=<?=$row?>"><?=$row?></a><br> +<? } } ?> +<? if(is_array($_SESSION['_config']['rows']) || is_array($_SESSION['_config']['altrows'])) { ?> +<form method="post" action="account.php"> +<input type="submit" name="process" value="<?=_("Submit")?>"> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> +<? } else { ?> +<br><br><b><?=_("Unable to continue as no valid commonNames or subjectAltNames were present on your certificate request.")?></b> +<? } ?> +</p> diff --git a/pages/account/12.php b/pages/account/12.php new file mode 100644 index 0000000..40135be --- /dev/null +++ b/pages/account/12.php @@ -0,0 +1,90 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=_("CommonName")?></td> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=_("Expires")?></td> + </tr> +<? + $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`, + UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, + UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`, + `domaincerts`.`expire` as `expires`, `revoked` as `revoke`, + UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`id` as `id` + from `domaincerts`,`domains` + where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` "; + if($viewall != 1) + { + $query .= "AND `revoked`=0 AND `renewed`=0 "; + $query .= "HAVING `timeleft` > 0 "; + } + $query .= "ORDER BY `domaincerts`.`modified` desc"; +//echo $query."<br>\n"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { +?> + <tr> + <td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td> + </tr> +<? } else { + while($row = mysql_fetch_assoc($res)) + { + if($row['timeleft'] > 0) + $verified = _("Valid"); + if($row['timeleft'] < 0) + $verified = _("Expired"); + if($row['expired'] == 0) + $verified = _("Pending"); + if($row['revoked'] > 0) + $verified = _("Revoked"); + if($row['revoked'] == 0) + $row['revoke'] = _("Not Revoked"); +?> + <tr> +<? if($verified != _("Pending") && $verified != _("Revoked")) { ?> + <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> +<? } else if($verified != _("Revoked")) { ?> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> +<? } else { ?> + <td class="DataTD"> </td> +<? } ?> + <td class="DataTD"><?=$verified?></td> + <td class="DataTD"><a href="account.php?id=15&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> + <td class="DataTD"><?=$row['revoke']?></td> + <td class="DataTD"><?=$row['expires']?></td> + </tr> +<? } ?> + <tr> + <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     + <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> + </tr> +<? } ?> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" /> +</form> +<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> diff --git a/pages/account/13.php b/pages/account/13.php new file mode 100644 index 0000000..e8dad73 --- /dev/null +++ b/pages/account/13.php @@ -0,0 +1,161 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0"; + $res = mysql_query($query); + $user = mysql_fetch_assoc($res); + + $year = intval(substr($user['dob'], 0, 4)); + $month = intval(substr($user['dob'], 5, 2)); + $day = intval(substr($user['dob'], 8, 2)); + + $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n"; + $body .= _("You receive this automatic mail since you yourself or")."\n"; + $body .= _("someone else looked up your secret questions and answers")."\n"; + $body .= _("for a forgotten password.")."\n\n"; + $body .= _("If it was you who looked up or changed that data, or clicked")."\n"; + $body .= _("through the menu in your account, everything is in best order and")."\n"; + $body .= _("you can ignore this mail.")."\n\n"; + $body .= _("But if you received this mail without a recognisable reason,")."\n"; + $body .= _("there is a danger that an unauthorised person accessed your")."\n"; + $body .= _("account, and you should promptly change your password and your")."\n"; + $body .= _("secret questions and answers.")."\n\n"; + + $body .= _("With kind regards,")."\n\n"._("CAcert Support"); + + sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); +?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> + <tr> + <td colspan="2" class="title"><?=_("My Details")?></td> + </tr> +<? if($_SESSION['profile']['points'] == 0) { ?> + <tr> + <td class="DataTD" width="125"><?=_("First Name")?>: </td> + <td class="DataTD" width="125"><input type="text" name="fname" value="<?=$user['fname']?>"></td> + </tr> + <tr> + <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> + (<?=_("optional")?>) + </td> + <td class="DataTD"><input type="text" name="mname" value="<?=$user['mname']?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Last Name")?>: </td> + <td class="DataTD"><input type="text" name="lname" value="<?=$user['lname']?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Suffix")?><br> + (<?=_("optional")?>)</td> + <td class="DataTD"><input type="text" name="suffix" value="<?=$user['suffix']?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Date of Birth")?><br> + (<?=_("dd/mm/yyyy")?>)</td> + <td class="DataTD"><nobr><select name="day"> +<? + for($i = 1; $i <= 31; $i++) + { + echo "<option"; + if($day == $i) + echo " selected='selected'"; + echo ">$i</option>"; + } +?> + </select> + <select name="month"> +<? + for($i = 1; $i <= 12; $i++) + { + echo "<option value='$i'"; + if($month == $i) + echo " selected='selected'"; + echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>"; + } +?> + </select> + <input type="text" name="year" value="<?=$year?>" size="4"></nobr> + </td> + </tr> +<? } else { ?> + <tr> + <td class="DataTD" width="125"><?=_("First Name")?>: </td> + <td class="DataTD" width="125"><?=$user['fname']?></td> + </tr> + <tr> + <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> + (<?=_("optional")?>) + </td> + <td class="DataTD"><?=$user['mname']?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Last Name")?>: </td> + <td class="DataTD"><?=$user['lname']?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Suffix")?><br> + (<?=_("optional")?>)</td> + <td class="DataTD"><?=$user['suffix']?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Date of Birth")?><br> + (<?=_("dd/mm/yyyy")?>)</td> + <td class="DataTD"><?=$day?> <?=ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$month,1,1))))?> <?=$year?></td> + </tr> +<? } ?> + <tr> + <td class="DataTD"><?=_("OTP Hash")?><br> + (<?=_("Not displayed")?>)</td> + <td class="DataTD"><input type="text" name="otphash"></td> + </tr> + <tr> + <td class="DataTD"><?=_("OTP PIN")?><br> + (<?=_("Not displayed")?>)</td> + <td class="DataTD"><input type="text" name="otppin"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td> + </tr> + <tr> + <td class="DataTD">1) <input type="text" name="Q1" size="15" value="<?=sanitizeHTML($user['Q1'])?>"></td> + <td class="DataTD"><input type="text" name="A1" value="<?=sanitizeHTML($user['A1'])?>"></td> + </tr> + <tr> + <td class="DataTD">2) <input type="text" name="Q2" size="15" value="<?=sanitizeHTML($user['Q2'])?>"></td> + <td class="DataTD"><input type="text" name="A2" value="<?=sanitizeHTML($user['A2'])?>"></td> + </tr> + <tr> + <td class="DataTD">3) <input type="text" name="Q3" size="15" value="<?=sanitizeHTML($user['Q3'])?>"></td> + <td class="DataTD"><input type="text" name="A3" value="<?=sanitizeHTML($user['A3'])?>"></td> + </tr> + <tr> + <td class="DataTD">4) <input type="text" name="Q4" size="15" value="<?=sanitizeHTML($user['Q4'])?>"></td> + <td class="DataTD"><input type="text" name="A4" value="<?=sanitizeHTML($user['A4'])?>"></td> + </tr> + <tr> + <td class="DataTD">5) <input type="text" name="Q5" size="15" value="<?=sanitizeHTML($user['Q5'])?>"></td> + <td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> + </tr> +</table> +<input type="hidden" name="csrf" value="<?=make_csrf('perschange')?>" /> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/14.php b/pages/account/14.php new file mode 100644 index 0000000..342ab46 --- /dev/null +++ b/pages/account/14.php @@ -0,0 +1,46 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> + <tr> + <td colspan="2" class="title"><?=_("Change Pass Phrase")?></td> + </tr> +<? if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname']) { ?> + <tr> + <td class="DataTD"><?=_("Old Pass Phrase")?>: </td> + <td class="DataTD"><input type="password" name="oldpassword"></td> + </tr> +<? } ?> + <tr> + <td class="DataTD"><?=_("New Pass Phrase")?><font color="red">*</font>: </td> + <td class="DataTD"><input type="password" name="pword1"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td> + <td class="DataTD"><input type="password" name="pword2"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol (all white spaces at the beginning and end are removed).")?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Pass Phrase")?>"></td> + </tr> +</table> +<input type="hidden" name="csrf" value="<?=make_csrf('pwchange')?>" /> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/15.php b/pages/account/15.php new file mode 100644 index 0000000..6cd3115 --- /dev/null +++ b/pages/account/15.php @@ -0,0 +1,38 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']); + + $query = "select * from `domaincerts`,`domains` where `domaincerts`.`id`='$certid' and + `domains`.`memid`='".intval($_SESSION['profile']['id'])."' and + `domains`.`id`=`domaincerts`.`domid`"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { + echo _("No such certificate attached to your account."); + showfooter(); + exit; + } + $row = mysql_fetch_assoc($res); + $crtname=escapeshellarg($row['crt_name']); + $cert = `/usr/bin/openssl x509 -in $crtname`; +?> +<h3><?=_("Below is your Server Certificate")?></h3> +<pre> +<?=$cert?> +</pre> diff --git a/pages/account/16.php b/pages/account/16.php new file mode 100644 index 0000000..3e582e3 --- /dev/null +++ b/pages/account/16.php @@ -0,0 +1,65 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/shutdown.php"); +?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("New Client Certificate")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Add")?></td> + <td class="DataTD"><?=_("Address")?></td> +<? if(array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) + foreach($_SESSION['_config']['emails'] as $val) { ?> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td> + </tr> +<? } ?> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><input type="text" name="emails[]"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Name")?>:</td> + <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Department")?>:</td> + <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2" align="left"> + <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br> + <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br> + <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?> + </td> + </tr> +<? if($_SESSION['profile']['codesign'] && $_SESSION['profile']['points'] >= 100) { ?> + <tr> + <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td> + </tr> +<? } ?> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Another Email")?>"> + <input type="submit" name="process" value="<?=_("Next")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/17.php b/pages/account/17.php new file mode 100644 index 0000000..2ba5390 --- /dev/null +++ b/pages/account/17.php @@ -0,0 +1,137 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> +<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec"> +<?=_("You must enable ActiveX for this to work.")?> +</object> +<form method="post" action="account.php" name="CertReqForm"><p> +<input type="hidden" name="session" value="UsedXenroll"> +<?=_("Key Strength:")?> <select name="CspProvider"></select> +<input type="hidden" name="oldid" value="<?=$id?>"> +<INPUT TYPE=HIDDEN NAME="CSR"> +<input type="hidden" name="keytype" value="MS"> +<?=_("'Enhanced Provider' is generally the best option, which has a key size of 1024bit. If you need a bigger key size you will need to use a different browser.")?> +<input type="submit" name="GenReq" value="Create Certificate"><br> +</p></form> +<script type="text/vbscript" language="vbscript"> +<!-- +Function GetProviderList() + Dim CspList, cspIndex, ProviderName + On Error Resume Next + + count = 0 + base = 0 + enhanced = 0 + CspList = "" + ProviderName = "" + + For ProvType = 0 to 13 + cspIndex = 0 + cec.ProviderType = ProvType + ProviderName = cec.enumProviders(cspIndex,0) + + while ProviderName <> "" + Set oOption = document.createElement("OPTION") + oOption.text = ProviderName + oOption.value = ProvType + Document.CertReqForm.CspProvider.add(oOption) + if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then + base = count + end if + if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then + enhanced = count + end if + cspIndex = cspIndex +1 + ProviderName = "" + ProviderName = cec.enumProviders(cspIndex,0) + count = count + 1 + wend + Next + Document.CertReqForm.CspProvider.selectedIndex = base + if enhanced then + Document.CertReqForm.CspProvider.selectedIndex = enhanced + end if +End Function + +Function CSR(keyflags) + CSR = "" + szName = "" + cec.HashAlgorithm = "MD5" + err.clear + On Error Resume Next + set options = document.all.CspProvider.options + index = options.selectedIndex + cec.providerName = options(index).text + tmpProviderType = options(index).value + cec.providerType = tmpProviderType + cec.KeySpec = 2 + if tmpProviderType < 2 Then + cec.KeySpec = 1 + end if + cec.GenKeyFlags = &h04000001 OR keyflags + CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + if len(CSR)<>0 then Exit Function + cec.GenKeyFlags = &h04000000 OR keyflags + CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + if len(CSR)<>0 then Exit Function + if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then + if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then + cec.providerName = "Microsoft Base Cryptographic Provider v1.0" + else + Exit Function + end if + end if + cec.GenKeyFlags = 1 OR keyflags + CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + if len(CSR)<>0 then Exit Function + cec.GenKeyFlags = keyflags + CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + if len(CSR)<>0 then Exit Function + cec.GenKeyFlags = 0 + CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") +End Function + +Sub GenReq_OnClick + Dim TheForm + Set TheForm = Document.CertReqForm + err.clear + result = CSR(2) + if len(result)=0 Then + result = MsgBox("Unable to generate PKCS#10.", 0, "Alert") + Exit Sub + end if + TheForm.CSR.Value = result + TheForm.Submit + Exit Sub +End Sub + +GetProviderList() +--> +</script> +<? } else { ?> +<p> +<form method="post" action="account.php"> +<input type="hidden" name="keytype" value="NS"> +<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>"> + + +<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>"> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> +</p> +<? } ?> diff --git a/pages/account/18.php b/pages/account/18.php new file mode 100644 index 0000000..5ee1a3b --- /dev/null +++ b/pages/account/18.php @@ -0,0 +1,94 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=_("CommonName")?></td> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=_("Expires")?></td> + +<? + $query = "select UNIX_TIMESTAMP(`created`) as `created`, + UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`, + UNIX_TIMESTAMP(`expire`) as `expired`, + `expire` as `expires`, `revoked` as `revoke`, + UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `id` + from `orgemailcerts`, `org` + where `memid`='".intval($_SESSION['profile']['id'])."' and + `org`.`orgid`=`orgemailcerts`.`orgid` "; + if($viewall != 1) + { + $query .= "AND `revoked`=0 AND `renewed`=0 "; + $query .= "HAVING `timeleft` > 0 AND `revoked`=0 "; + } + $query .= "ORDER BY `modified` desc"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { +?> + <tr> + <td colspan="5" class="DataTD"><?=_("No client certificates are currently listed.")?></td> + </tr> +<? } else { + while($row = mysql_fetch_assoc($res)) + { + if($row['timeleft'] > 0) + $verified = _("Valid"); + if($row['timeleft'] < 0) + $verified = _("Expired"); + if($row['expired'] == 0) + $verified = _("Pending"); + if($row['revoked'] > 0) + $verified = _("Revoked"); + if($row['revoked'] == 0) + $row['revoke'] = _("Not Revoked"); +?> + <tr> +<? if($verified == _("Valid") || $verified == _("Expired")) { ?> + <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><?=$verified?></td> + <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> +<? } else if($verified == _("Pending")) { ?> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><?=$verified?></td> + <td class="DataTD"><?=$row['CN']?></td> +<? } else { ?> + <td class="DataTD"> </td> + <td class="DataTD"><?=$verified?></td> + <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> +<? } ?> + <td class="DataTD"><?=$row['revoke']?></td> + <td class="DataTD"><?=$row['expires']?></td> + </tr> +<? } ?> + <tr> + <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     + <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> + </tr> +<? } ?> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" /> +</form> +<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> diff --git a/pages/account/19.php b/pages/account/19.php new file mode 100644 index 0000000..6a2749c --- /dev/null +++ b/pages/account/19.php @@ -0,0 +1,116 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']); + + $query = "select * from `orgemailcerts`,`org` where `orgemailcerts`.`id`='".intval($certid)."' and + `org`.`memid`='".intval($_SESSION['profile']['id'])."' and + `org`.`orgid`=`orgemailcerts`.`orgid`"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { + showheader(_("My CAcert.org Account!")); + echo _("No such certificate attached to your account."); + showfooter(); + exit; + } + $row = mysql_fetch_assoc($res); + $crtname=escapeshellarg($row['crt_name']); + $cert = `/usr/bin/openssl x509 -in $crtname`; + + if($row['keytype'] == "NS") + { + if(array_key_exists('install',$_REQUEST) && $_REQUEST['install'] == 1) + { + header("Content-Type: application/x-x509-user-cert"); + header("Content-Length: ".strlen($cert)); + $fname=sanitizeFilename($row['CN']); + if($fname=="") $fname="certificate"; + header('Content-Disposition: inline; filename="'.$fname.'.crt"'); + echo $cert; + exit; + } else { + showheader(_("My CAcert.org Account!")); + echo "<h3>"._("Installing your certificate")."</h3>\n"; + echo "<p>"._("You are about to install a certificate, if you are using mozilla/netscape based browsers you will not be informed that the certificate was installed successfully, you can go into the options dialog box, security and manage certificates to view if it was installed correctly however.")."</p>\n"; + echo "<p><a href='account.php?id=19&cert=$certid&install=1'>"._("Click here")."</a> "._("to install your certificate.")."</p>\n"; + showfooter(); + exit; + } + } else { + showheader(_("My CAcert.org Account!")); +?> +<h3><?=_("Installing your certificate")?></h3> + +<p><?=_("Hit the 'Install your Certificate' button below to install the certificate into MS IE 5.x and above.")?> + +<OBJECT classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec"> +<?=_("You must enable ActiveX for this to work.")?> +</OBJECT> +<FORM > +<INPUT TYPE=BUTTON NAME="CertInst" VALUE="<?=_("Install Your Certificate")?>"> +</FORM> + +</P> + +<SCRIPT LANGUAGE=VBS> + Sub CertInst_OnClick + certchain = _ +<? + $lines = explode("\n", $cert); + if(is_array($lines)) + foreach($lines as $line) + { + $line = trim($line); + if($line != "-----END CERTIFICATE-----") + echo "\"$line\" & _\n"; + else { + echo "\"$line\"\n"; + break; + } + } +?> + + On Error Resume Next + cec.DeleteRequestCert = FALSE + err.clear + + cec.WriteCertToCSP = TRUE + cec.acceptPKCS7(certchain) + if err.number <> 0 Then + cec.WriteCertToCSP = FALSE + end if + err.clear + cec.acceptPKCS7(certchain) + if err.number <> 0 then + errorMsg = "<?=_("Certificate installation failed!")?>" & chr(13) & chr(10) & _ + "(Error code " & err.number & ")" + msgRes = MsgBox(errorMsg, 0, "<?=_("Certificate Installation Error")?>") + else + okMsg = "<?=_("Personal Certificate Installed.")?>" & chr(13) & chr(10) & _ + "See Tools->Internet Options->Content->Certificates" + msgRes = MsgBox(okMsg, 0, "<?=_("Certificate Installation Complete!")?>") + end if + End Sub +</SCRIPT> + +<? + showfooter(); + exit; + } +?> diff --git a/pages/account/2.php b/pages/account/2.php new file mode 100644 index 0000000..36421f9 --- /dev/null +++ b/pages/account/2.php @@ -0,0 +1,61 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="4" class="title"><?=_("Email Accounts")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Default")?></td> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=_("Delete")?></td> + <td class="DataTD"><?=_("Address")?></td> + +<? + $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + if($row['hash'] == "") + $verified = _("Verified"); + else + $verified = _("Unverified"); +?> + <tr> + <td class="DataTD"><? if($row['hash'] == "") { ?><input type="radio" name="emailid" value="<?=$row['id']?>" + <? if($row['email'] == $_SESSION['profile']['email']) echo " checked"; ?>><? } else { echo " "; } ?></td> + <td class="DataTD"><?=$verified?></td> +<? if($row['email'] == $_SESSION['profile']['email']) { ?> + <td class="DataTD"><?=_("N/A")?></td> +<? } else { ?> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> +<? } ?> + <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> + </tr> +<? } ?> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="makedefault" value="<?=_("Make Default")?>"></td> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Delete")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="csrf" value="<?=make_csrf('chgdef')?>" /> +</form> +<p> +<?=_("Please Note: You can not set an unverified account as a default account, and you can not remove a default account. To remove the default account you must set another verified account as the default.")?> +</p> diff --git a/pages/account/20.php b/pages/account/20.php new file mode 100644 index 0000000..510b708 --- /dev/null +++ b/pages/account/20.php @@ -0,0 +1,37 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/shutdown.php"); +?> +<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3> +<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p> + +<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p> + +<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/policy/">http://www.cacert.org/policy/</a></p> + +<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> + +<form method="post" action="account.php"> +<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br> +<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br> +<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> +<p><?=_("Paste your CSR below...")?></p> +<textarea name="CSR" cols="80" rows="15"></textarea><br> +<input type="submit" name="process" value="<?=_("Submit")?>"> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/21.php b/pages/account/21.php new file mode 100644 index 0000000..6c3786b --- /dev/null +++ b/pages/account/21.php @@ -0,0 +1,54 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $org = $_SESSION['_config']['row']; + if($org['id'] <= 0) + $org = $_SESSION['_config']['altrow']; +?> +<p> +<?=_("Please make sure the following details are correct before proceeding any further.")?> +</p> + +<p> +<? if(is_array($_SESSION['_config']['rows'])) + foreach($_SESSION['_config']['rows'] as $row) { ?> +<?=_("CommonName")?>: <?=$row?><br> +<? } ?> +<? if(is_array($_SESSION['_config']['altrows'])) + foreach($_SESSION['_config']['altrows'] as $row) { ?> +<?=_("subjectAltName")?>: <?=$row?><br> +<? } ?> +<?=_("Organisation")?>: <?=$org['O']?><br> +<?=_("Org. Unit")?>: <?=($_SESSION['_config']['OU'])?><br> +<?=_("Location")?>: <?=$org['L']?><br> +<?=_("State/Province")?>: <?=$org['ST']?><br> +<?=_("Country")?>: <?=$org['C']?><br> + + +<form method="post" action="account.php"> +<input type="submit" name="process" value="<?=_("Submit")?>"> +<input type="hidden" name="oldid" value="<?=$id?>"> + + +<? if($_SESSION['profile']['admin'] == 1) { ?> +<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> +<input type="checkbox" name="ocspcert" value="OCSPCert"/> <?=_("OCSP certificate")?> +<? } ?> + +</form> +</p> diff --git a/pages/account/22.php b/pages/account/22.php new file mode 100644 index 0000000..565cb5f --- /dev/null +++ b/pages/account/22.php @@ -0,0 +1,90 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=_("CommonName")?></td> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=_("Expires")?></td> + +<? + $query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`, + UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, + UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`, + `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`, + UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`id` as `id` + from `orgdomaincerts`,`org` + where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` "; + if($viewall != 1) + { + $query .= "AND `revoked`=0 AND `renewed`=0 "; + $query .= "HAVING `timeleft` > 0 "; + } + $query .= "ORDER BY `orgdomaincerts`.`modified` desc"; +//echo $query."<br>\n"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { +?> + <tr> + <td colspan="5" class="DataTD"><?=_("No domains are currently listed.")?></td> + </tr> +<? } else { + while($row = mysql_fetch_assoc($res)) + { + if($row['timeleft'] > 0) + $verified = _("Valid"); + if($row['timeleft'] < 0) + $verified = _("Expired"); + if($row['expired'] == 0) + $verified = _("Pending"); + if($row['revoked'] > 0) + $verified = _("Revoked"); + if($row['revoked'] == 0) + $row['revoke'] = _("Not Revoked"); +?> + <tr> +<? if($verified == _("Valid") || $verified == _("Expired")) { ?> + <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> +<? } else if($verified == _("Pending")) { ?> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> +<? } else { ?> + <td class="DataTD"> </td> +<? } ?> + <td class="DataTD"><?=$verified?></td> + <td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> + <td class="DataTD"><?=$row['revoke']?></td> + <td class="DataTD"><?=$row['expires']?></td> + </tr> +<? } ?> + <tr> + <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     + <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> + </tr> +<? } ?> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" /> +</form> +<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> diff --git a/pages/account/23.php b/pages/account/23.php new file mode 100644 index 0000000..4ec56c3 --- /dev/null +++ b/pages/account/23.php @@ -0,0 +1,38 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']); + + $query = "select * from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$certid' and + `org`.`memid`='".intval($_SESSION['profile']['id'])."' and + `org`.`orgid`=`orgdomaincerts`.`orgid`"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { + echo _("No such certificate attached to your account."); + showfooter(); + exit; + } + $row = mysql_fetch_assoc($res); + $crtname=escapeshellarg($row['crt_name']); + $cert = `/usr/bin/openssl x509 -in $crtname`; +?> +<h3><?=_("Below is your Server Certificate")?></h3> +<pre> +<?=$cert?> +</pre> diff --git a/pages/account/24.php b/pages/account/24.php new file mode 100644 index 0000000..19faa9f --- /dev/null +++ b/pages/account/24.php @@ -0,0 +1,52 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("New Organisation")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Organisation Name")?>:</td> + <td class="DataTD"><input type="text" name="O" value="<?=array_key_exists('O',$_SESSION['_config'])?$_SESSION['_config']['O']:""?>" maxlength="50"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Contact Email")?>:</td> + <td class="DataTD"><input type="text" name="contact" value="<?=array_key_exists('contact',$_SESSION['_config'])?$_SESSION['_config']['contact']:""?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Town/Suburb")?>:</td> + <td class="DataTD"><input type="text" name="L" value="<?=array_key_exists('L',$_SESSION['_config'])?$_SESSION['_config']['L']:""?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("State/Province")?>:</td> + <td class="DataTD"><input type="text" name="ST" value="<?=array_key_exists('ST',$_SESSION['_config'])?$_SESSION['_config']['ST']:""?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Country")?>:</td> + <td class="DataTD"><input type="text" name="C" value="<?=array_key_exists('C',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['C']):""?>" size="5">(2 letter <a href="http://www.iso.org/iso/english_country_names_and_code_elements">ISO code</a>)</td> + </tr> + <tr> + <td class="DataTD"><?=_("Comments")?>:</td> + <td class="DataTD"><textarea name="comments" cols="35" rows="5"><?=array_key_exists('comments',$_SESSION['_config'])?$_SESSION['_config']['comments']:""?></textarea></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/25.php b/pages/account/25.php new file mode 100644 index 0000000..ab0e6b2 --- /dev/null +++ b/pages/account/25.php @@ -0,0 +1,50 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="700"> + <tr> + <td colspan="5" class="title"><?=_("Organisations")?></td> + </tr> + <tr> + <td class="DataTD" width="350"><?=_("Organisation")?></td> + <td class="DataTD"><?=_("Domains")?></td> + <td class="DataTD"><?=_("Admins")?></td> + <td class="DataTD"><?=_("Edit")?></td> + <td class="DataTD"><?=_("Delete")?></td> + </tr> +<? + $query = "select * from `orginfo` ORDER BY `id`"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + $r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'"); + $admincount = mysql_num_rows($r2); + $r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'"); + $domcount = mysql_num_rows($r2); +?> + <tr> + <td class="DataTD"><?=htmlspecialchars($row['O'])?>, <?=htmlspecialchars($row['ST'])?> <?=htmlspecialchars($row['C'])?></td> + <td class="DataTD"><a href="account.php?id=26&orgid=<?=intval($row['id'])?>"><?=_("Domains")?> (<?=$domcount?>)</a></td> + <td class="DataTD"><a href="account.php?id=32&orgid=<?=$row['id']?>"><?=_("Admins")?> (<?=$admincount?>)</a></td> + <td class="DataTD"><a href="account.php?id=27&orgid=<?=$row['id']?>"><?=_("Edit")?></a></td> + <td class="DataTD"><a href="account.php?id=31&orgid=<?=$row['id']?>"><?=_("Delete")?></a></td> + <? if(array_key_exists('viewcomment',$_REQUEST) && $_REQUEST['viewcomment']!='') { ?> + <td class="DataTD"><?=sanitizeHTML($row['comments'])?></td> + <? } ?> + </tr> +<? } ?> +</table> diff --git a/pages/account/26.php b/pages/account/26.php new file mode 100644 index 0000000..f8b195d --- /dev/null +++ b/pages/account/26.php @@ -0,0 +1,42 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; + $row = mysql_fetch_assoc(mysql_query($query)); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> + <tr> + <td colspan="3" class="title"><? printf(_("%s's Domains"), $row['O']); ?> (<a href="account.php?id=28&orgid=<?=intval($row['id'])?>"><?=_("Add")?></a>)</td> + </tr> + <tr> + <td class="DataTD"><?=_("Domain")?></td> + <td class="DataTD"><?=_("Edit")?></td> + <td class="DataTD"><?=_("Delete")?></td> + </tr> +<? + $query = "select * from `orgdomains` where `orgid`='".intval($_REQUEST['orgid'])."'"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { ?> + <tr> + <td class="DataTD"><?=sanitizeHTML($row['domain'])?></a></td> + <td class="DataTD"><a href="account.php?id=29&orgid=<?=intval($row['orgid'])?>&domid=<?=intval($row['id'])?>"><?=_("Edit")?></a></td> + <td class="DataTD"><a href="account.php?id=30&orgid=<?=intval($row['orgid'])?>&domid=<?=intval($row['id'])?>"><?=_("Delete")?></a></td> + </tr> +<? } ?> +</table> diff --git a/pages/account/27.php b/pages/account/27.php new file mode 100644 index 0000000..2cd52a8 --- /dev/null +++ b/pages/account/27.php @@ -0,0 +1,57 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'")); +?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Edit Organisation")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Organisation Name")?>:</td> + <td class="DataTD"><input type="text" name="O" value="<?=$row['O']?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Contact Email")?>:</td> + <td class="DataTD"><input type="text" name="contact" value="<?=($row['contact'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Town/Suburb")?>:</td> + <td class="DataTD"><input type="text" name="L" value="<?=($row['L'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("State/Province")?>:</td> + <td class="DataTD"><input type="text" name="ST" value="<?=($row['ST'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Country")?>:</td> + <td class="DataTD"><input type="text" name="C" value="<?=($row['C'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Comments")?>:</td> + <td class="DataTD"><textarea name="comments" cols=15 rows=5><?=($row['comments'])?></textarea></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> +<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> +<input type="hidden" name="csrf" value="<?=make_csrf('orgdetchange')?>" /> +</form> diff --git a/pages/account/28.php b/pages/account/28.php new file mode 100644 index 0000000..1212f9c --- /dev/null +++ b/pages/account/28.php @@ -0,0 +1,38 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; + $row = mysql_fetch_assoc(mysql_query($query)); +?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><? printf(_("New Domain for %s"), sanitizeHTML($row['O'])); ?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Domain")?>:</td> + <td class="DataTD"><input type="text" name="domainname" value="<?=array_key_exists('domain',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['domain']):""?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> +<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> + +</form> diff --git a/pages/account/29.php b/pages/account/29.php new file mode 100644 index 0000000..c1a3def --- /dev/null +++ b/pages/account/29.php @@ -0,0 +1,44 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'"; + $row = mysql_fetch_assoc(mysql_query($query)); + $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; + $org = mysql_fetch_assoc(mysql_query($query)); + + $_SESSION['_config']['domain'] = $row['domain']; +?> +<h3><?=_("Warning!")?></h3> +<p><?=_("Hitting update will also revoke all existing certificates issued under this domain")?></p> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><? printf(_("Update Domain for %s"), ($org['O'])); ?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Domain")?>:</td> + <td class="DataTD"><input type="text" name="domainname" value="<?=sanitizeHTML($_SESSION['_config']['domain'])?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> +<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> + +</form> diff --git a/pages/account/3.php b/pages/account/3.php new file mode 100644 index 0000000..cad89a1 --- /dev/null +++ b/pages/account/3.php @@ -0,0 +1,135 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + include_once("../includes/shutdown.php"); +?> +<h3><?=_("CAcert Certficate Acceptable Use Policy")?></h3> +<p><?=_("Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p> + +<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p> + +<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/cps.php">http://www.cacert.org/cps.php</a></p> + +<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed andwill not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> + +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("New Client Certificate")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Add")?></td> + <td class="DataTD"><?=_("Address")?></td> + +<? + $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { ?> + <tr> + <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td> + <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> + </tr> +<? } +if($_SESSION['profile']['points'] >= 50) +{ + $fname = $_SESSION['profile']['fname']; + $mname = $_SESSION['profile']['mname']; + $lname = $_SESSION['profile']['lname']; + $suffix = $_SESSION['profile']['suffix']; +?> + <tr> + <td class="DataTD" colspan="2" align="left"> + <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br> + <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br> + <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?> + </td> + </tr> + <tr> + <td class="DataTD" colspan="2" align="left"> + <input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br> +<? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?> +<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?> +<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?> +<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?> + </td> + </tr> +<? } ?> +<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> + <tr> + <td class="DataTD" align="left"> + <input type="checkbox" name="codesign" value="1"> <?=_("Code Signing")?></td> + <td class="DataTD" align="left"> + <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> + </td> + </tr> +<? } ?> + + <tr> + <td class="DataTD" colspan="2" align="left"> + <input type="checkbox" name="login" value="1" checked="checked"> <?=_("Enable certificate login with this certificate")?><br> + <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/> + </td> + </tr> + + + <tr name="expertoff" style="display:none"> + <td class="DataTD" colspan="2" align="left"> + <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)"/><?=_("Show advanced options")?> + </td> + </tr> + + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <input type="radio" name="SSO" value="0" checked> <?=_("No Single Sign On ID")?><br> + <input type="radio" name="SSO" value="1"> <?=_("Add Single Sign On ID Information")?><br> + <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?> + <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a> + </td> + </tr> + <tr name="expert"> + <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td> + </tr> + <tr name="expert"> + <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> + +<script language="javascript"> +function showExpert(a) +{ + b=document.getElementsByName("expert"); + for(i=0;b.length>i;i++) + { + if(!a) {b[i].setAttribute("style","display:none"); } + else {b[i].removeAttribute("style");} + } + b=document.getElementsByName("expertoff"); + for(i=0;b.length>i;i++) + { + b[i].removeAttribute("style"); + } + +} +showExpert(false); +</script> + diff --git a/pages/account/30.php b/pages/account/30.php new file mode 100644 index 0000000..30c86f3 --- /dev/null +++ b/pages/account/30.php @@ -0,0 +1,45 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'"; + $row = mysql_fetch_assoc(mysql_query($query)); + $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; + $org = mysql_fetch_assoc(mysql_query($query)); + + $_SESSION['_config']['domain'] = $row['domain']; +?> +<h3><?=_("Warning!")?></h3> +<p><?=_("Hitting delete will also revoke all existing certificates issued under this domain")?></p> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><? printf(_("Delete Domain for %s"), ($org['O'])); ?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this domain?"), sanitizeHTML($row['domain'])); ?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>"> + <input type="submit" name="process" value="<?=_("Delete")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> +<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> +<input type="hidden" name="domain" value="<?=sanitizeHTML($row['domain'])?>"> + +</form> diff --git a/pages/account/31.php b/pages/account/31.php new file mode 100644 index 0000000..d91a77a --- /dev/null +++ b/pages/account/31.php @@ -0,0 +1,39 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; + $org = mysql_fetch_assoc(mysql_query($query)); + +?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><? printf(_("Delete Organisation"), ($org['O'])); ?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this organisation?"), sanitizeHTML($org['O'])); ?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>"> + <input type="submit" name="process" value="<?=_("Delete")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> +<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> + +</form> diff --git a/pages/account/32.php b/pages/account/32.php new file mode 100644 index 0000000..00dc1ea --- /dev/null +++ b/pages/account/32.php @@ -0,0 +1,52 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; + $row = mysql_fetch_assoc(mysql_query($query)); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="500"> + <tr> + <td colspan="5" class="title"><? printf(_("%s's Administrators"), $row['O']); ?> (<a href="account.php?id=33&orgid=<?=$row['id']?>"><?=_("Add")?></a>)</td> + </tr> + <tr> + <td class="DataTD"><?=_("Administrator")?></td> + <td class="DataTD"><?=_("Master Account")?></td> + <td class="DataTD"><?=_("Department")?></td> + <td class="DataTD"><?=_("Comments")?></td> + <td class="DataTD"><?=_("Delete")?></td> + </tr> +<? + $query = "select * from `org` where `orgid`='".intval($_REQUEST['orgid'])."'"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['memid'])."'")); +?> + <tr> + <td class="DataTD"><a href='mailto:<?=$user['email']?>'><?=($user['fname'])?> <?=($user['lname'])?></a></td> + <td class="DataTD"><?=($row['masteracc'])?></a></td> + <td class="DataTD"><?=($row['OU'])?></a></td> + <td class="DataTD"><?=($row['comments'])?></a></td> +<? if($row['masteracc'] == 0 || $_SESSION['profile']['orgadmin'] == 1) { ?> + <td class="DataTD"><a href="account.php?id=34&orgid=<?=$row['orgid']?>&memid=<?=$row['memid']?>"><?=_("Delete")?></a></td> +<? } else { ?> + <td class="DataTD">N/A</td> +<? } ?> + </tr> +<? } ?> +</table> diff --git a/pages/account/33.php b/pages/account/33.php new file mode 100644 index 0000000..4da8bed --- /dev/null +++ b/pages/account/33.php @@ -0,0 +1,55 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; + $row = mysql_fetch_assoc(mysql_query($query)); +?> +<form method="post" action="account.php"> +<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><? printf(_("New Admin for %s"), ($row['O'])); ?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['email']):""?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Department")?>:</td> + <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?$_SESSION['_config']['OU']:""?>"></td> + </tr> +<? if($_SESSION['profile']['orgadmin'] == 1) { ?> + <tr> + <td class="DataTD"><?=_("Master Account")?>:</td> + <td class="DataTD"><select name="masteracc"> + <option value="0">No</option> + <option value="1"<? if(array_key_exists('masteracc',$_SESSION['_config']) && $_SESSION['_config']['masteracc'] == 1) echo " selected='selected'"; ?>>Yes</option> + </select></td> + </tr> +<? } ?> + <tr> + <td class="DataTD"><?=_("Comments")?>:</td> + <td class="DataTD"><input type="text" name="comments" value="<?=array_key_exists('comments',$_SESSION['_config'])?$_SESSION['_config']['comments']:""?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="csrf" value="<?=make_csrf('orgadmadd')?>" /> +</form> diff --git a/pages/account/34.php b/pages/account/34.php new file mode 100644 index 0000000..25ad1db --- /dev/null +++ b/pages/account/34.php @@ -0,0 +1,45 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $query = "select * from `orgdomains` where `id`='".intval($_REQUEST['orgid'])."'"; + $row = mysql_fetch_assoc(mysql_query($query)); + $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"; + $org = mysql_fetch_assoc(mysql_query($query)); + $query = "select * from `users` where `id`='".intval($_REQUEST['memid'])."'"; + $user = mysql_fetch_assoc(mysql_query($query)); + + $_SESSION['_config']['domain'] = $row['domain']; +?> +<form method="post" action="account.php"> +<input type="hidden" name="memid" value="<?=intval($_REQUEST['memid'])?>"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><? printf(_("Delete Admin for %s"), ($org['O'])); ?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s from administering this organisation?"), sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])); ?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>"> + <input type="submit" name="process" value="<?=_("Delete")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> +<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>"> + +</form> diff --git a/pages/account/35.php b/pages/account/35.php new file mode 100644 index 0000000..3a4714f --- /dev/null +++ b/pages/account/35.php @@ -0,0 +1,58 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> + <tr> + <td colspan="3" class="title"><?=_("Organisations")?></td> + </tr> + <tr> + <td class="DataTD">#</td> + <td class="DataTD"><?=_("Organisation")?></td> + <td class="DataTD"><?=_("Admins")?></td> + </tr> +<? + $query = "select * from `orginfo`,`org` where `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".intval($_SESSION['profile']['id'])."'"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + //number of admins for the org + $r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'"); + $admincount = mysql_num_rows($r2); + + // number of domains for the org + $r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'"); + $domcount = mysql_num_rows($r2); +?> + <tr> + <td class="DataTD"><?=intval($row['id'])?></td> + <td class="DataTD"><?=($row['O'])?>, <?=($row['ST'])?> <?=sanitizeHTML($row['C'])?></td> + <td class="DataTD"><a href="account.php?id=32&orgid=<?=$row['id']?>"><?=_("Admins")?> (<?=$admincount?>)</a></td> + </tr> +<? + // display the domains of each organisation + $query3 = "select * from `orgdomains` where `orgid`='".intval($row['id'])."'"; + $res3 = mysql_query($query3); + while($detailorg = mysql_fetch_assoc($res3)) + { +?> + <tr> + <td class="DataTD"><?=intval($detailorg['id'])?></td> + <td class="DataTD"><?=_("Domain available")?></td> + <td class="DataTD"><?=sanitizeHTML($detailorg['domain'])?></td> + </tr> +<? } } ?> +</table> diff --git a/pages/account/36.php b/pages/account/36.php new file mode 100644 index 0000000..be0f590 --- /dev/null +++ b/pages/account/36.php @@ -0,0 +1,35 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> + <tr> + <td colspan="2" class="title"><?=_("My Alert Settings")?></td> + </tr> + <tr> + <td class="DataTD" valign="top"><b><?=_("Alert me if")?></b>: </td> + <td class="DataTD" align="left"><input type="checkbox" name="general" value="1"<? if(array_key_exists('general',$_REQUEST) && $_REQUEST['general']) echo " checked='checked'"; ?>><?=_("General Announcements")?><br> + <input type="checkbox" name="country" value="1"<? if(array_key_exists('country',$_REQUEST) && $_REQUEST['country']) echo " checked='checked'"; ?>><?=_("Country Announcements")?><br> + <input type="checkbox" name="regional" value="1"<? if(array_key_exists('regional',$_REQUEST) && $_REQUEST['regional']) echo " checked='checked'"; ?>><?=_("Regional Announcements")?><br> + <input type="checkbox" name="radius" value="1"<? if(array_key_exists('radius',$_REQUEST) && $_REQUEST['radius']) echo " checked='checked'"; ?>><?=_("Within 200km Announcements")?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update My Settings")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/37.php b/pages/account/37.php new file mode 100755 index 0000000..4b021e0 --- /dev/null +++ b/pages/account/37.php @@ -0,0 +1,31 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<H3><?=_("About CAcert.org")?></H3> + +<p><?=_("CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free.")?></p> + +<p><? printf(_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically with the X.509 family of standards. We have compiled a %sdocument base%s that has helpful hints and tips on setting up encryption with common software, and general information about Public Key Infrastructures (PKI)."), "<a href='http://wiki.cacert.org/'>", "</a>"); ?></p> + +<p><?=_("For the enthusiast looking to dip their toe in the water, we have an easy way of obtaining certificates you can use with your email program. You can use these not only to encrypt, but to prove to your friends and family that your email really does come from you.")?></p> + +<p><?=_("For administrators looking to protect the services they offer, we provide host and wild card certificates which you can issue almost immediately. Not only can you use these to protect websites, but also POP3, SMTP and IMAP connections, to list but a few. Unlike other certificate authorities, we don't limit the strength of the certificates, or the use of wild card certificates. Everyone should have the right to security and to protect their privacy, not just those looking to run ecommerce sites.")?></p> + +<p><?=_("If you're extremely serious about encryption, you can join CAcert's Assurance Programme and Web of Trust. This allows you to have your identity verified to obtain added benefits, including longer length certificates and the ability to include your name on email certificates."); ?></p> + +<p><?=_("CAcert Inc. is a non-profit association, incorporated in New South Wales Australia.")?></p> +<p><?=_("More information about CAcert Incorporated:")?><a href="http://wiki.cacert.org/wiki/CAcertIncorporated">http://wiki.cacert.org/wiki/CAcertIncorporated</a></p> diff --git a/pages/account/38.php b/pages/account/38.php new file mode 100755 index 0000000..34cbea4 --- /dev/null +++ b/pages/account/38.php @@ -0,0 +1,40 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<H3><?=_("Donations")?></H3><br> + +<h4><?=_("If I'd like to donate to CAcert Inc., how can I do it?")?></h4> + +<p><?=_("CAcert Inc. is a non-profit association which is legally able to accept donations. CAcert adheres to strict guidelines about how this money can to be used. If you'd like to make a donation, you can do so via")?> + +<form action="https://www.paypal.com/cgi-bin/webscr" method="post"> +<input type="hidden" name="cmd" value="_s-xclick"> +<input type="image" src="/images/payment2.png" border="0" name="submit" alt="<?=_("CAcert Donation through PayPal")?>"> +<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHRwYJKoZIhvcNAQcEoIIHODCCBzQCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYCA1pOad7SD8OtSdvHxI3CItmi2sb2eq/1UZbQboNkJTwlaTbTZfoWzBuFmimBR/Qz21Z+L7wFa7XxfhwRLC4V/X4uTJVAIDaKsdTXFNx51EMu+LyiP1O+7GxcdNR7njwvndIaHN0HZIdidpG8jFPP/8ZsLaPe2/Dh2S7344wSuUDELMAkGBSsOAwIaBQAwgcQGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIYn0dsk7tIRmAgaBNejWqE2RRr+Tsb3fVlcbuG98Bq+zaMO5g8n8i3DnBjIoSJNb+ZuSj53oWrh/+HCY4EY1Rg3qHiUSMOS/o9k75UR7C+ez0R9tmZ2eQrdxlqTVuvENRA0W5z6iTJYog5XhMoKScOFUBaIr9zxjETUY2Y1V3X8qRFIe0YWlYRYbePs2p/IDatirUFhOJSff0ancU2GZULRy0PiZHtzbm8Gy/oIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcxMTAzMDcxMDI1WjAjBgkqhkiG9w0BCQQxFgQU8tPwGUvNb8eYe8Pfhe9YutgXm/YwDQYJKoZIhvcNAQEBBQAEgYBpwhhgz5ED5qxBosfMaifzIr2anV5ScQqqQbC1hphWBQ4e2PT5+TQWCcQkrTh2UTp3vC81Y8vYZ+fussa+zPBE8DmeFDfzpLJo+TQHZUiKxWUDu6drv3o3mV3VjAkaqIhAdubhEOxj2bbKND3IRT1lfIVVSUipndKzRjukZJK39A==-----END PKCS7-----"> +</form> + +<p><?=_("If you are located in Australia, please use bank transfer instead:")?></p> + +<pre> +Account Name: CAcert Inc +BSB: 032073 +Account No.: 180264 +</pre> + +<p><?=_("ANY amount will be appreciated - the more funding CAcert receives, the sooner it can achieve the goals of the community.")?></p> + +<p><?=_("Thank you very much for your support, your donations help CAcert to continue to operate.")?></p> diff --git a/pages/account/39.php b/pages/account/39.php new file mode 100755 index 0000000..f89187d --- /dev/null +++ b/pages/account/39.php @@ -0,0 +1,90 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<h3><?=_("Privacy Policy")?></h3> + +<p> +<?=_("This policy discloses what information we gather about you when you visit any of our Web site, and when you issue or use our certificates. It describes how we use that information and how you can control it.")?> +</p> + +<h4>1. <?=_("Website information")?></h4> +<p> +<?=_("We collect two kinds of information about website users: 1) data that users volunteer by signing up to our website or when you send us an email via our contact form; and 2) aggregated tracking data we collect when users interact with our site.")?> +</p> + +<h4>2. <?=_("Personal information")?></h4> +<p> +<?=_("When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address, date of birth and some lost pass phrase question and answers.")?> +</p> +<p> +<?=_("We only share your information with any other organisation when so instructed by a CAcert arbitrator.")?> +</p> + +<h4>3. <?=_("Aggregated tracking information")?></h4> +<p> +<?=_("We analyse visitors' use of our sites by tracking information such as page views, traffic flow, search terms, and click through. We use this information to improve our sites. We also share this anonymous traffic and demographic information in aggregate form with advertisers and other business partners. We do not share any information with advertisers that can identify an individual user.")?> +</p> + +<h4>4. <?=_("Cookies")?></h4> +<p> +<?=_("Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them.")?> +</p> +<p> +<?=_("We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer.")?> +</p> + +<h4>5. <?=_("Notification of changes")?></h4> +<p> +<?=_("If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information.")?> +</p> + +<h4>6. <?=_("How to update, correct, or delete your information")?></h4> +<p> +<?=_("You are able to update, add and remove your information at any time via our web interface, log into the 'My Account' and then click on the 'My Details' section, and then click the relevant link")?> +</p> + +<h4>7. <?=_("Privacy of certificates")?></h4> +<p> +<?=_("CAcert does not automatically publish the certificates through a directory service or the website to other people than the user who requested the certificate. In the future, the user might be able to opt-in for publication of the certificates through a directory server by CAcert.")?> +</p> + +<h4>8. <?=_("Privacy of user data")?></h4> +<p> +<?=_("CAcert Assurers can see the name, birthday and the number of points by looking up the correct email address. No other person related data is published by CAcert.")?> +</p> + +<h4>9. <?=_("Exceptions")?></h4> +<p> +<?=_("A CAcert arbitrator may override this policy in a dispute.")?> +<?=_("To obtain access to confidential data, a dispute has to be filed.")?> +</p> + +<h4>10. <?=_("Legal mandates")?></h4> +<p> +<?=_("CAcert adopts the Australian privacy regulations.")?> +<?=_("Please see <a href='http://www.privacy.gov.au/'>http://www.privacy.gov.au/</a> for further details.")?> +<?=_("Governmental warrants and civil supoenas will be processed through the dispute resolution system, which ensures that valid authority is given to whoever complies with the supoena or the warrant.")?> +</p> + + +<p><?=_("If you need to contact us in writing, address your mail to:")?></p> +<p> +CAcert Inc.<br> +P.O. Box 4107<br> +Denistone East NSW 2112<br> +Australia +</p> diff --git a/pages/account/4.php b/pages/account/4.php new file mode 100644 index 0000000..a4d6597 --- /dev/null +++ b/pages/account/4.php @@ -0,0 +1,190 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> +<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec"> +<?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?><?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?> +</object> +<form method="post" action="account.php" name="CertReqForm"><p> +<input type="hidden" name="session" value="UsedXenroll"> +<?=_("Key Strength:")?> <select name="CspProvider"></select> +<input type="hidden" name="oldid" value="<?=$id?>"> +<INPUT TYPE=HIDDEN NAME="CSR"> +<input type="hidden" name="keytype" value="MS"> +<input type="submit" name="GenReq" value="Create Certificate"><br> +</p></form> +<script type="text/vbscript" language="vbscript"> +<!-- +Function GetProviderList() + Dim CspList, cspIndex, ProviderName + On Error Resume Next + + count = 0 + base = 0 + enhanced = 0 + CspList = "" + ProviderName = "" + + // Vista: + Set csps = CreateObject("X509Enrollment.CCspInformations") + If IsObject(csps) Then + csps.AddAvailableCsps() + Document.CertReqForm.keytype.value="VI" + For j = 0 to csps.Count-1 + Set oOption = document.createElement("OPTION") + oOption.text = csps.ItemByIndex(j).Name + oOption.value = j + Document.CertReqForm.CspProvider.add(oOption) + Next + + Else + + // 2000,XP: + + For ProvType = 0 to 13 + cspIndex = 0 + cec.ProviderType = ProvType + ProviderName = cec.enumProviders(cspIndex,0) + + while ProviderName <> "" + Set oOption = document.createElement("OPTION") + oOption.text = ProviderName + oOption.value = ProvType + Document.CertReqForm.CspProvider.add(oOption) + if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then + base = count + end if + if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then + enhanced = count + end if + cspIndex = cspIndex +1 + ProviderName = "" + ProviderName = cec.enumProviders(cspIndex,0) + count = count + 1 + wend + Next + Document.CertReqForm.CspProvider.selectedIndex = base + if enhanced then + Document.CertReqForm.CspProvider.selectedIndex = enhanced + end if + End If +End Function + +Function CSR(keyflags) + CSR = "" + szName = "" + + + // Vista + if Document.CertReqForm.keytype.value="VI" Then + + Dim g_objClassFactory + Dim obj + Dim objPrivateKey + Dim g_objRequest + Dim g_objRequestCMC + + Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") + Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") + Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") + Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") + //Msgbox exit function + objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text + // "Microsoft Enhanced RSA and AES Cryptographic Provider" + objPrivateKey.ProviderType = "24" + objPrivateKey.KeySpec = "1" + objPrivateKey.ExportPolicy = 1 + objRequest.InitializeFromPrivateKey 1, objPrivateKey, "" + Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") + objDN.Encode("CN=CAcertRequest") + objRequest.Subject = objDN + + // obj.Initialize(1) + obj.InitializeFromRequest(objRequest) + obj.CertificateDescription="Description" + obj.CertificateFriendlyName="FriendlyName" + CSR=obj.CreateRequest(1) + If len(CSR)<>0 Then Exit Function + Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>" + + else + // XP + + cec.HashAlgorithm = "MD5" + err.clear + On Error Resume Next + set options = document.all.CspProvider.options + index = options.selectedIndex + cec.providerName = options(index).text + tmpProviderType = options(index).value + cec.providerType = tmpProviderType + cec.KeySpec = 2 + if tmpProviderType < 2 Then + cec.KeySpec = 1 + end if + cec.GenKeyFlags = &h04000001 OR keyflags + CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + if len(CSR)<>0 then Exit Function + cec.GenKeyFlags = &h04000000 OR keyflags + CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + if len(CSR)<>0 then Exit Function + if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then + if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then + cec.providerName = "Microsoft Base Cryptographic Provider v1.0" + else + Exit Function + end if + end if + cec.GenKeyFlags = 1 OR keyflags + CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + if len(CSR)<>0 then Exit Function + cec.GenKeyFlags = keyflags + CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + if len(CSR)<>0 then Exit Function + cec.GenKeyFlags = 0 + CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + End if +End Function + +Sub GenReq_OnClick + Dim TheForm + Set TheForm = Document.CertReqForm + err.clear + result = CSR(2) + if len(result)=0 Then + result = MsgBox("Unable to generate PKCS#10.", 0, "Alert") + Exit Sub + end if + TheForm.CSR.Value = result + TheForm.Submit + Exit Sub +End Sub + +GetProviderList() +--> +</script> +<? } else { ?> +<p> +<form method="post" action="account.php"> +<input type="hidden" name="keytype" value="NS"> +<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>"> + +<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>"> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> +</p> +<? } ?> diff --git a/pages/account/40.php b/pages/account/40.php new file mode 100755 index 0000000..1b76f9c --- /dev/null +++ b/pages/account/40.php @@ -0,0 +1,86 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ +if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['secrethash'] = md5(date("YmdHis").rand(0, intval(date("u")))); +?> +<H3><?=_("Contact Us")?></H3> + +<p><b><?=_("General Questions")?></b></p> +<p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be over looked, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a reply quicker.")?></b></p> +<p><b><?=_("If you are contacting us about advertising, please use the form at the bottom of the website, the first contact form is not the correct place.")?></b></p> +<p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p> +<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="http://www.CAcert.org/help.php"><?=_("Go here for more details.")?></a></p> +<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p> +<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p> +<p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p> +<form method="post" name="form1"> + <input type="hidden" name="oldid" value="<?=$id?>"> + <input type="hidden" name="support" value="yes"> + <input type="hidden" name="secrethash2" value=""> + <table border="0"> + <tr><td width="90"><?=_("Your Name")?>:</td><td><input type="text" name="who"></td><td> </td></tr> + <tr><td><?=_("Your Email")?>:</td><td><input type="text" name="email"></td></tr> + <tr><td><?=_("Subject")?>:</td><td><input type="text" name="subject"></td></tr> + <tr><td colspan="2"><textarea name="message" cols="40" rows="10"></textarea></td></tr> + <tr><td colspan="3"><font color="#ff0000"><?=_("Warning: Please do not enter confidential data into this form, it is being sent to a public mailinglist. Use the form further below instead.")?></font></td></tr> + <tr><td colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td></tr> + </table> +</form> + +<p><b>IRC</b></p> +<p><a href="irc://irc.CAcert.org/CAcert">irc://irc.CAcert.org/CAcert</a></p> +<p><b>Secure IRC</b></p> +<p><a href="ircs://irc.CAcert.org:7000/CAcert">ircs://irc.CAcert.org:7000/CAcert</a></p> + +<p><b><?=_("Other Mailing Lists")?></b></p> +<p><?=_("There are a number of other mailing lists CAcert runs, some are general discussion, others are technical (such as the development list) or platform specific help (such as the list for Apple Mac users)")?></p> +<p><a href="http://lists.cacert.org/"><?=_("Click here to view all lists available")?></a></p> + +<p><b><?=_("Sensitive Information")?></b></p> +<p><?=_("If you have questions, comments or otherwise and information you're sending to us contains sensitive details, you should use the contact form below. Due to the large amounts of support emails we receive, sending general questions via this contact form will generally take longer then using the support mailing list. Also sending queries in anything but english could cause delays in supporting you as we'd need to find a translator to help.")?></p> +<form method="post" action="https://www.cacert.org/index.php" name="form2"> + <input type="hidden" name="secrethash2" value=""> + <input type="hidden" name="oldid" value="<?=$id?>"> + <table border="0"> + <tr><td><?=_("Your Name")?>:</td><td><input type="text" name="who"></td></tr> + <tr><td><?=_("Your Email")?>:</td><td><input type="text" name="email"></td></tr> + <tr><td><?=_("Subject")?>:</td><td><input type="text" name="subject"></td></tr> + <tr><td colspan="2"><textarea name="message" cols="40" rows="10"></textarea></td></tr> + <tr><td colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td></tr> + </table> +</form> + +<p><b><?=_("Security Issues")?></b></p> +<p><?=_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on <a href='https://bugs.cacert.org/'>bugs.cacert.org</a> and mark it as private.")?></p> + +<p><b><?=_("Snail Mail")?></b></p> +<p><?=_("Alternatively you can get in contact with us via the following methods:")?></p> + +<p><?=_("Postal Address:")?><br> +CAcert Inc.<br> +P.O. Box 4107<br> +Denistone East NSW 2112<br> +Australia</p> + +<script type="text/javascript"> +<!-- + var pagehash = '<?=$_SESSION['_config']['secrethash']?>'; + + document.form1.secrethash2.value = pagehash; + document.form2.secrethash2.value = pagehash; +--> +</script> diff --git a/pages/account/41.php b/pages/account/41.php new file mode 100644 index 0000000..e44eec9 --- /dev/null +++ b/pages/account/41.php @@ -0,0 +1,87 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> + <tr> + <td colspan="2" class="title"><?=_("My Language Settings")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("My prefered language")?>:</td> + <td class="DataTD"><select name="lang"> +<? +echo $_SESSION['_config']['language']; + foreach($_SESSION['_config']['translations'] as $key => $val) + { + echo "<option value='$key'"; + if($key == $_SESSION['_config']['language']) + echo " selected"; + echo ">$val</option>\n"; + } +?> + </select> + </td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="action" value="default"> +<input type="hidden" name="csrf" value="<?=make_csrf('mainlang')?>" /> +</form> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> + <tr> + <td colspan="2" class="title"><?=_("Additional Language Preferences")?></td> + </tr> +<? + $query = "select * from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."'"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'")); +?> + <tr> + <td class="DataTD"><?=_("Additional Language")?>:</td> + <td class="DataTD" align="left"><? echo "${lang['lang']} - ${lang['country']}"; ?> + <a href="account.php?oldid=41&action=dellang&remove=<?=$row['lang']?>&csrf=<?=make_csrf('seclang')?>"><?=_("Delete")?></a></td> + </tr> +<? } ?> + <tr> + <td class="DataTD"><?=_("Secondary languages")?>:</td> + <td class="DataTD"><select name="addlang"> +<? + $query = "select * from `languages` order by `locale`"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + echo "<option value='".sanitizeHTML($row['locale'])."'"; + echo ">".$row['country']." - ".$row['lang']."</option>\n"; + } +?> + </select> + </td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="action" value="addsec"> +<input type="hidden" name="csrf" value="<?=make_csrf('seclang')?>" /> +</form> diff --git a/pages/account/42.php b/pages/account/42.php new file mode 100644 index 0000000..8decae4 --- /dev/null +++ b/pages/account/42.php @@ -0,0 +1,33 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Find User")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):''?>" size="30" title="<?=_("use % as wildcard")?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/43.php b/pages/account/43.php new file mode 100644 index 0000000..a286ec6 --- /dev/null +++ b/pages/account/43.php @@ -0,0 +1,417 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0) + { + $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); + $row = 0; + $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); + if ($res) { + $row = mysql_fetch_assoc($res); + } + mysql_query("delete from `notary` where `id`='$assurance'"); + if ($row) { + fix_assurer_flag($row['to']); + } + } + + if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) + { + $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email'])); + + //Disabled to speed up the queries + //if(!strstr($email, "%")) + // $emailsearch = "%$email%"; + + if(intval($email) > 0) + $emailsearch = ""; + + $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` + where `users`.`id`=`email`.`memid` and + (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and + `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 1) { ?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("User ID")?></td> + <td class="DataTD"><?=_("Email")?></td> + </tr> +<? + while($row = mysql_fetch_assoc($res)) + { ?> + <tr> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> + </tr> +<? } if(mysql_num_rows($res) >= 100) { ?> + <tr> + <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td> + </tr> +<? } else { ?> + <tr> + <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> + </tr> +<? } ?> +</table><br><br> +<? } elseif(mysql_num_rows($res) == 1) { + $row = mysql_fetch_assoc($res); + $_REQUEST['userid'] = $row['id']; + } else { + printf(_("No users found matching %s"), sanitizeHTML($email)); + } + } + + if(intval($_REQUEST['userid']) > 0) + { + $id = intval($_REQUEST['userid']); + $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + } else { + $row = mysql_fetch_assoc($res); + $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'"; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'")); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("First Name")?>:</td> + <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;"> + <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" /> + <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Middle Name")?>:</td> + <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Last Name")?>:</td> + <td class="DataTD"> <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="action" value="updatedob"> + <input type="hidden" name="userid" value="<?=intval($id)?>"> + <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Suffix")?>:</td> + <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Date of Birth")?>:</td> + <td class="DataTD"> +<? + $year = intval(substr($row['dob'], 0, 4)); + $month = intval(substr($row['dob'], 5, 2)); + $day = intval(substr($row['dob'], 8, 2)); + ?><nobr><select name="day"> +<? + for($i = 1; $i <= 31; $i++) + { + echo "<option"; + if($day == $i) + echo " selected='selected'"; + echo ">$i</option>"; + } +?> + </select> + <select name="month"> +<? + for($i = 1; $i <= 12; $i++) + { + echo "<option value='$i'"; + if($month == $i) + echo " selected='selected'"; + echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>"; + } +?> + </select> + <input type="text" name="year" value="<?=$year?>" size="4"> + <input type="submit" value="Go"></form></nobr></td> + </tr> + <tr> + <td class="DataTD"><?=_("Trainings")?>:</td> + <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Is Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&assurer=<?=intval($row['id'])?>&csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Blocked Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Account Locking")?>:</td> + <td class="DataTD"><a href="account.php?id=43&locked=<?=$row['id']?>&csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Code Signing")?>:</td> + <td class="DataTD"><a href="account.php?id=43&codesign=<?=$row['id']?>&csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Org Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&orgadmin=<?=$row['id']?>&csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("TTP Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&ttpadmin=<?=$row['id']?>&csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Location Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&admin=<?=$row['id']?>&csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Ad Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td> + </tr> + <tr> + <td class="DataTD"><?=_("Tverify Account")?>:</td> + <td class="DataTD"><a href="account.php?id=43&tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("General Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&general=<?=$row['id']?>"><?=$alerts['general']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Country Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&country=<?=$row['id']?>"><?=$alerts['country']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Regional Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Within 200km Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Change Password")?>:</td> + <td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Delete Account")?>:</td> + <td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>&csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td> + </tr> +<? + // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!! + if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") { +?> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q1:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A1:</td> + <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q2:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A2:</td> + <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q3:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A3:</td> + <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q4:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A4:</td> + <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q5:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A5:</td> + <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td> + </tr> +<? } else { ?> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td> + </tr> +<? } ?> + <tr> + <td class="DataTD"><?=_("Assurance Points")?>:</td> + <td class="DataTD"><?=intval($drow['points'])?></td> + </tr> +</table> +<br><? + $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`='' + and `email`!='".mysql_escape_string($row['email'])."'"; + $dres = mysql_query($query); + if(mysql_num_rows($dres) > 0) { ?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td> + </tr><? + $rc = mysql_num_rows($dres); + while($drow = mysql_fetch_assoc($dres)) + { ?> + <tr> + <td class="DataTD"><?=_("Secondary Emails")?>:</td> + <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td> + </tr> +<? } ?> +</table> +<br><? } ?> +<? + $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''"; + $dres = mysql_query($query); + if(mysql_num_rows($dres) > 0) { ?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Verified Domains")?></td> + </tr><? + $rc = mysql_num_rows($dres); + while($drow = mysql_fetch_assoc($dres)) + { ?> + <tr> + <td class="DataTD"><?=_("Domain")?>:</td> + <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td> + </tr> +<? } ?> +</table> +<br> +<? } ?> + +<? + if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") { +?> + +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="7" class="title"><?=_("Assurance Points")?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Who")?></b></td> + <td class="DataTD"><b><?=_("Email")?></b></td> + <td class="DataTD"><b><?=_("Points")?></b></td> + <td class="DataTD"><b><?=_("Location")?></b></td> + <td class="DataTD"><b><?=_("Method")?></b></td> + <td class="DataTD"><b><?=_("Revoke")?></b></td> + </tr> +<? + $query = "select * from `notary` where `to`='".intval($row['id'])."'"; + $dres = mysql_query($query); + $points = 0; + while($drow = mysql_fetch_assoc($dres)) + { + $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'")); + $points += $drow['points']; +?> + <tr> + <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> + <td class="DataTD"><?=intval($drow['points'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td> + </tr> +<? } ?> + <tr> + <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD" colspan="3"> </td> + </tr> +</table> +<? } else { ?> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&assuredto=yes"><?=_("Show Assurances the user got")?></a></td> + </tr> +<? } ?> +<br> +<? + if(array_key_exists('assuredby',$_GET) && $_GET['assuredby'] == "yes") { +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="7" class="title"><?=_("Assurance Points The User Issued")?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Who")?></b></td> + <td class="DataTD"><b><?=_("Email")?></b></td> + <td class="DataTD"><b><?=_("Points")?></b></td> + <td class="DataTD"><b><?=_("Location")?></b></td> + <td class="DataTD"><b><?=_("Method")?></b></td> + <td class="DataTD"><b><?=_("Revoke")?></b></td> + </tr> +<? + $query = "select * from `notary` where `from`='".$row['id']."' and `to`!='".$row['id']."'"; + $dres = mysql_query($query); + $points = 0; + while($drow = mysql_fetch_assoc($dres)) + { + $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'")); + $points += $drow['points']; +?> + <tr> + <td class="DataTD"><?=$drow['date']?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> + <td class="DataTD"><?=$drow['points']?></td> + <td class="DataTD"><?=$drow['location']?></td> + <td class="DataTD"><?=$drow['method']?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td> + </tr> +<? } ?> + <tr> + <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD" colspan="3"> </td> + </tr> +</table> +<? } else { ?> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&assuredby=yes"><?=_("Show Assurances the user gave")?></a></td> + </tr> +<? } ?> +<br><br> +<? } } ?> + diff --git a/pages/account/44.php b/pages/account/44.php new file mode 100644 index 0000000..fd34612 --- /dev/null +++ b/pages/account/44.php @@ -0,0 +1,38 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Change Password")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td> + </tr> + <tr> + <td class="DataTD"><?=_("New Password")?>:</td> + <td class="DataTD"><input type="text" name="newpass" value="<?=array_key_exists('newpass',$_REQUEST)?sanitizeHTML($_REQUEST['newpass']):""?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> + </tr> +</table> +<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>"> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/45.php b/pages/account/45.php new file mode 100644 index 0000000..23bce9d --- /dev/null +++ b/pages/account/45.php @@ -0,0 +1,23 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<p><?=_("Paste your CSR below...")?></p> +<form method="post" action="account.php"> +<textarea name="CSR" cols="80" rows="15"></textarea><br> +<input type="submit" name="process" value="<?=_("Submit")?>"> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/48.php b/pages/account/48.php new file mode 100644 index 0000000..8cdd7ac --- /dev/null +++ b/pages/account/48.php @@ -0,0 +1,33 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Find User by Domain")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Domain")?>:</td> + <td class="DataTD"><input type="text" name="domain" value="<?=array_key_exists('domain',$_POST)?sanitizeHTML($_POST['domain']):''?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/49.php b/pages/account/49.php new file mode 100644 index 0000000..8b22399 --- /dev/null +++ b/pages/account/49.php @@ -0,0 +1,101 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']); + if($userid <= 0) + { + $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain'])); + if(!strstr($domain, "%")) + $domainsearch = "%$domain%"; + if(preg_match("/^\d+$/",$domain)) + $domainsearch = ""; + $query = "select `users`.`id` as `id`, `domains`.`domain` as `domain` from `users`,`domains` + where `users`.`id`=`domains`.`memid` and + (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domain') and + `domains`.`deleted`=0 and `users`.`deleted`=0 and + `users`.`verified`=1 + group by `users`.`id` limit 100"; + $res = mysql_query($query); + if(mysql_num_rows($res) >= 1) { ?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td> + </tr> +<? + while($row = mysql_fetch_assoc($res)) + { ?> + <tr> + <td class="DataTD"><?=_("Domain")?>:</td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=$row['id']?>"><?=sanitizeHTML($row['domain'])?></a></td> + </tr> +<? } if(mysql_num_rows($res) >= 100) { ?> + <tr> + <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td> + </tr> +<? } else { ?> + <tr> + <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> + </tr> +<? } ?> +</table><br><br> +<? } elseif(mysql_num_rows($res) == 1) { + $row = mysql_fetch_assoc($res); + $_GET['userid'] = intval($row['id']); + } else { + printf(_("No personal domains found matching %s"), sanitizeHTML($domain)); + } + + $query = "select `orgid`,`domain` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100"; + $res = mysql_query($query); + if(mysql_num_rows($res) >= 1) { ?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td> + </tr> +<? + while($row = mysql_fetch_assoc($res)) + { ?> + <tr> + <td class="DataTD"><?=_("Domain")?>:</td> + <td class="DataTD"><a href="account.php?id=26&orgid=<?=intval($row['orgid'])?>"><?=sanitizeHTML($row['domain'])?></a></td> + </tr> +<? } if(mysql_num_rows($res) >= 100) { ?> + <tr> + <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td> + </tr> +<? } else { ?> + <tr> + <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> + </tr> +<? } ?> +</table><br><br> +<? } elseif(mysql_num_rows($res) == 1) { + $row = mysql_fetch_assoc($res); + $_GET['userid'] = intval($row['id']); + } else { + printf(_("No organisational domains found matching %s"), sanitizeHTML($domain)); + } + } + + if($userid > 0) + { + header("location: account.php?id=43&userid=".intval($_GET['userid'])); + exit; + } +?> + diff --git a/pages/account/5.php b/pages/account/5.php new file mode 100644 index 0000000..ee500c0 --- /dev/null +++ b/pages/account/5.php @@ -0,0 +1,114 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=_("Email Address")?></td> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=_("Expires")?></td> + <td class="DataTD"><?=_("Login")?></td> + +<? + $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, + UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, + UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`, + `emailcerts`.`expire` as `expires`, + `emailcerts`.`revoked` as `revoke`, + UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, + `emailcerts`.`id`, + `emailcerts`.`CN`, + emailcerts.disablelogin as `disablelogin` + from `emailcerts` + where `emailcerts`.`memid`='".$_SESSION['profile']['id']."' + "; + if($viewall != 1) + $query .= " AND `revoked`=0 AND `renewed`=0 "; + $query .= " GROUP BY `emailcerts`.`id` "; + if($viewall != 1) + $query .= " HAVING `timeleft` > 0 "; + $query .= " ORDER BY `emailcerts`.`modified` desc"; +// echo $query."<br>\n"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { +?> + <tr> + <td colspan="5" class="DataTD"><?=_("No client certificates are currently listed.")?></td> + </tr> +<? } else { + while($row = mysql_fetch_assoc($res)) + { + if($row['timeleft'] > 0) + $verified = _("Valid"); + if($row['timeleft'] < 0) + $verified = _("Expired"); + if($row['expired'] == 0) + $verified = _("Pending"); + if($row['revoked'] > 0) + $verified = _("Revoked"); + if($row['revoked'] == 0) + $row['revoke'] = _("Not Revoked"); +?> + <tr> +<? if($verified != _("Pending") && $verified != _("Revoked")) { ?> + <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><?=$verified?></td> + <td class="DataTD"><a href="account.php?id=6&cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td> +<? } else if($verified != _("Revoked")) { ?> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><?=$verified?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> +<? } else { ?> + <td class="DataTD"> </td> + <td class="DataTD"><?=$verified?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> +<? } ?> + <td class="DataTD"><?=$row['revoke']?></td> + <td class="DataTD"><?=$row['expires']?></td> + <td class="DataTD"> + <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/> + <input type="hidden" name="cert_<?=$row['id']?>" value="1"/> + </td> + </tr> +<? } ?> + <tr> + <td class="DataTD" colspan="8"> + <a href="account.php?id=5&viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> + </td> + </tr> + + <tr> + <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">     + <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> + + <td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td> + + </tr> +<? } ?> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" /> +</form> +<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> +<p><?=_("Login").": "._("By allowing certificate login, this certificate can be used to login into your account at https://secure.cacert.org/ .")?></p> diff --git a/pages/account/50.php b/pages/account/50.php new file mode 100644 index 0000000..1604156 --- /dev/null +++ b/pages/account/50.php @@ -0,0 +1,37 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? if($_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Change Password")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><?=_("Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.")?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="cancel" value="<?=_("No")?>"> <input type="submit" name="process" value="<?=_("Yes")?>"></td> + </tr> +</table> +<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>"> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/51.php b/pages/account/51.php new file mode 100644 index 0000000..7273840 --- /dev/null +++ b/pages/account/51.php @@ -0,0 +1,34 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?> +<? + $uid = intval($_GET['photoid']); + $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) { ?> +<img src="account.php?id=51&photoid=<?=$uid ?>&img=show" border="0" width="800"> +<? } else { + $query = "select * from `tverify` where `id`='$uid' and `modified`=1"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + echo _("This UID has already been voted on."); + } else { + echo _("Unable to locate a valid request for that UID."); + } + } } ?> diff --git a/pages/account/52.php b/pages/account/52.php new file mode 100644 index 0000000..77a3bae --- /dev/null +++ b/pages/account/52.php @@ -0,0 +1,102 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?> +<? + $uid = intval($_GET['uid']); + $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + $row = mysql_fetch_assoc($res); + $memid = intval($row['memid']); + + $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; + $rc2 = mysql_num_rows(mysql_query($query2)); + if($rc2 > 0) + { + showheader(_("My CAcert.org Account!")); + echo _("You have already voted on this request."); + showfooter(); + exit; + } + + $query = "select sum(`points`) as `points` from `notary` where `to`='$memid'"; + $notary = mysql_fetch_assoc(mysql_query($query)); + $query = "select * from `users` where `id`='$memid'"; + $user = mysql_fetch_assoc(mysql_query($query)); + $tobe = 50 - $notary['points']; + if($row['URL'] != '' && $row['photoid'] != '') + $tobe = 150 - $notary['points']; + else if($row['URL'] != '') + $tobe = 90 - $notary['points']; + if(intval($tobe) <= 0) + $tobe = 0; +?> +<?=_("Request Details")?>:<br> +<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br> +<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br> +<?=_("Certificate Subject")?>: <?=$row['CN']?><br> +<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?> +<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?> +<?=_("Current Points")?>: <?=intval($notary['points'])?><br> +<?=_("Potential Points")?>: <?=intval($tobe)?><br> +<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br> + +<br> +<form method="post" action="account.php"> +<?=_("Comment")?>: <input type="text" name="comment"><br> +<input type="submit" name="agree" value="<?=_("I agree with this Application")?>"> +<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>"> +<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>"> +<input type="hidden" name="uid" value="<?=$uid?>"> +</form> +<? } else { + $query = "select * from `tverify` where `id`='$uid' and `modified`=1"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + echo _("This UID has already been voted on.")."<br/>"; + } else { + if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>"; + } + + // Search for open requests: + $query = "select * from `tverify` where `modified`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + echo "<br/>"._("The following requests are still open:")."<br/><ul>"; + while($row = mysql_fetch_assoc($res)) + { + $uid=intval($row['id']); + $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; + $rc3 = mysql_num_rows(mysql_query($query3)); + if($rc3 <= 0) + { + echo "<li><a href='account.php?id=52&uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n"; + } + } + echo "</ul>\n<br>\n"; + } + else + { + echo "<br/>"._("There are no pending requests where you haven't voted yet."); + } + + + } } ?> diff --git a/pages/account/53.php b/pages/account/53.php new file mode 100644 index 0000000..cc9e2d6 --- /dev/null +++ b/pages/account/53.php @@ -0,0 +1,113 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):""; + $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0; + $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0; + $start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0; + $limit = 25; + + echo "<div id='listshow'><ul class='top'>\n<li>"; + echo "<a href='account.php?id=53'>"._("Home")."</a>\n"; + + $display = ""; + + if($regid > 0) + { + $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'")); + $display = "<ul class='top'>\n<li>\n". + "<a href='account.php?id=53&regid=$regid'>".sanitizeHTML($reg['name'])."</a> - <a href='account.php?action=add&id=54&regid=$regid'>"._("Add")."</a>\n". + $display; + $ccid = $_REQUEST['ccid'] = intval($reg['ccid']); + } + + if($ccid > 0) + { + $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='$ccid'")); + $display = "<ul class='top'>\n<li>\n". + "<a href='account.php?id=53&ccid=$ccid'>".sanitizeHTML($cnt['name'])."</a> - <a href='account.php?action=add&id=54&ccid=$ccid'>"._("Add")."</a>\n". + $display; + } + + if($display) + echo $display; + + if($ccid <= 0) + { + echo "<ul>\n"; + $query = "select * from `countries` order by `name`"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + echo "<li><a href='account.php?id=53&ccid=".intval($row['id'])."'>".sanitizeHTML($row['name'])."</a></li>\n"; + + echo "</ul>\n</li>\n</ul></div>\n<br>\n"; + } elseif($regid <= 0) { + echo "<ul>\n"; + $query = "select * from `regions` where `ccid`='$ccid' order by `name`"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + echo "<li>( <a href='account.php?action=edit&id=54®id=".intval($row['id'])."'>"._("edit")."</a> |"; + echo " <a href='account.php?action=delete&id=53®id=".intval($row['id'])."'"; + echo " onclick=\"return confirm('"._("Are you sure you want to delete this region and all connected locations?")."');\">"._("delete")."</a> )"; + echo " <a href='account.php?id=53&regid=".intval($row['id'])."'>".sanitizeHTML($row['name'])."</a></li>\n"; + } + + echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n"; + } elseif(intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0) <= 0) { + echo "<ul>\n"; + if($town != "") + { + $query = "select * from `locations` where `regid`='$regid' and `name` < '$town'"; + $start = mysql_num_rows(mysql_query($query)); + } + $query = "select * from `locations` where `regid`='$regid' order by `name` limit $start, $limit"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + echo "<li>( <a href='account.php?action=move&id=54&locid=".intval($row['id'])."'>"._("move")."</a> |"; + echo " <a href='account.php?action=aliases&id=54&locid=".intval($row['id'])."'>"._("aliases")."</a> |"; + echo " <a href='account.php?action=edit&id=54&locid=".intval($row['id'])."'>"._("edit")."</a> |"; + echo " <a href='account.php?action=delete&id=53&locid=".intval($row['id'])."'"; + echo " onclick=\"return confirm('Are you sure you want to delete this location?');\">"._("delete")."</a> ) ".sanitizeHTML($row['name'])." (".sanitizeHTML($row['lat']).",".sanitizeHTML($row['long']).")</li>\n"; + } + + echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n"; + $st="";$prev="";$end="";$next=""; + $rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='$regid'")); + if($start > 0) + { + $prev = $start - $limit; + if($prev < 0) + $prev = 0; + + $st = "[ <a href='account.php?id=53&regid=$regid'><< "._("Start")."</a> ] "; + $prev = "[ <a href='account.php?id=53&regid=$regid&start=$prev'>< "._("Previous")." $limit</a> ] "; + } + if($start < $rc - $limit) + { + $next = $start + $limit; + $last = $rc - $limit; + + $next = "[ <a href='account.php?id=53&regid=$regid&start=$next'>"._("Next")." $limit ></a> ] "; + $end = "[ <a href='account.php?id=53&regid=$regid&start=$last'>"._("End")." >></a> ]"; + } + echo "<div id='search1'>$st</div><div id='search3'>$end</div>\n"; + echo "<div id='search2'>$prev</div><div id='search4'>$next</div>\n"; + } +?> diff --git a/pages/account/54.php b/pages/account/54.php new file mode 100644 index 0000000..753b4af --- /dev/null +++ b/pages/account/54.php @@ -0,0 +1,209 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0; + $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0; + $locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0; + $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):""; + + if($ccid > 0 && $_REQUEST['action'] == "add") { ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Add Region")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Region")?>:</td> + <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td> + </tr> +</table> +<input type="hidden" name="action" value="add"> +<input type="hidden" name="ccid" value="<?=$ccid?>"> +<input type="hidden" name="oldid" value="54"> +</form> +<? } if($regid > 0 && $_REQUEST['action'] == "edit") { + $query = "select * from `regions` where `id`='$regid' order by `name`"; + $row = mysql_fetch_assoc(mysql_query($query)); + $name = $row['name']; +?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Edit Region")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Region")?>:</td> + <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> + </tr> +</table> +<input type="hidden" name="action" value="edit"> +<input type="hidden" name="regid" value="<?=$regid?>"> +<input type="hidden" name="oldid" value="54"> +</form> +<? } if($regid > 0 && $_REQUEST['action'] == "add") { ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Add Location")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Location")?>:</td> + <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Longitude")?>:</td> + <td class="DataTD"><input type="text" name="longitude" value="<?=array_key_exists('longitude',$_REQUEST)?sanitizeHTML($_REQUEST['longitude']):""?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Latitude")?>:</td> + <td class="DataTD"><input type="text" name="latitude" value="<?=array_key_exists('latitude',$_REQUEST)?sanitizeHTML($_REQUEST['latitude']):""?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td> + </tr> +</table> +<input type="hidden" name="action" value="add"> +<input type="hidden" name="regid" value="<?=$regid?>"> +<input type="hidden" name="oldid" value="54"> +</form> +<? } if($locid > 0 && $_REQUEST['action'] == "edit") { + $query = "select * from `locations` where `id`='$locid'"; + $row = mysql_fetch_assoc(mysql_query($query)); + + if($name == "") + $name = $row['name']; + if(!array_key_exists('longitude',$_REQUEST) || $_REQUEST['longitude'] == "") + $_REQUEST['longitude'] = $row['long']; + if(!array_key_exists('latitude',$_REQUEST) || $_REQUEST['latitude'] == "") + $_REQUEST['latitude'] = $row['lat']; +?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Edit Location")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Location")?>:</td> + <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Longitude")?>:</td> + <td class="DataTD"><input type="text" name="longitude" value="<?=sanitizeHTML($_REQUEST['longitude'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Latitude")?>:</td> + <td class="DataTD"><input type="text" name="latitude" value="<?=sanitizeHTML($_REQUEST['latitude'])?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> + </tr> +</table> +<input type="hidden" name="action" value="edit"> +<input type="hidden" name="locid" value="<?=$locid?>"> +<input type="hidden" name="oldid" value="54"> +</form> +<? } if($locid > 0 && $_REQUEST['action'] == "aliases") { + $query = "select * from `localias` where `locid`='".intval($locid)."'"; + $res = mysql_query($query); + $rc = mysql_num_rows($res); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Location Aliases")?> - <a href="javascript:Show_Stuff()"><?=_("Add")?></a></td> + </tr> + <tr ID="display1"> + <td colspan="2" class="DataTD"> + <form method="post" action="account.php" ACCEPTCHARSET="utf-8"> + <?=_("Location Alias")?>: <input type="text" name="name"> <input type="submit" value="Add"> + <input type="hidden" name="action" value="alias"> + <input type="hidden" name="locid" value="<?=intval($locid)?>"> + <input type="hidden" name="oldid" value="54"> + </form> + </td> + </tr> +<? + while($row = mysql_fetch_assoc($res)) + { +?> + <tr> + <td class="DataTD"><?=$row['name']?></td> + <td class="DataTD"><a href="account.php?id=54&locid=<?=$locid?>&name=<?=($row['name'])?>&action=delalias" onclick="return confirm('Are you sure you want to delete this location alias?');"><?=_("Delete")?></td> + </tr> +<? } ?> +</table> +<script language="JavaScript" type="text/javascript"> +<!-- +function Show_Stuff() +{ + if (document.getElementById("display1").style.display == "none") + { + document.getElementById("display1").style.display = ""; + } else { + document.getElementById("display1").style.display = "none"; + } +} + +document.getElementById("display1").style.display = "none"; +--> +</script> +<? } if($locid > 0 && $_REQUEST['action'] == "move") { + $query = "select * from `locations` where `id`='$locid'"; + $row = mysql_fetch_assoc(mysql_query($query)); + $newreg = $_REQUEST['newreg'] = $row['regid']; +?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Move Location")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Location")?>:</td> + <td class="DataTD"><?=$row['name']?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Set Region")?>:</td> + <td class="DataTD"><select name="newreg"> +<? + $query = "select * from `regions` where `ccid`='".intval($row['ccid'])."' order by `name`"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + echo "<option value='".intval($row['id'])."'"; + if($_REQUEST['newreg'] == $row['id']) + echo " selected='selected'"; + echo ">$row[name]</option>\n"; + } +?> + </select></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> + </tr> +</table> +<input type="hidden" name="action" value="move"> +<input type="hidden" name="locid" value="<?=$locid?>"> +<input type="hidden" name="oldid" value="54"> +</form> +<? } ?> + diff --git a/pages/account/55.php b/pages/account/55.php new file mode 100644 index 0000000..ec401a0 --- /dev/null +++ b/pages/account/55.php @@ -0,0 +1,112 @@ +<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
+ $user_id = intval($_SESSION['profile']['id']);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
+ </tr>
+</table>
+<?
+ } else {
+ $user_id = intval($_REQUEST['userid']);
+ $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ } else {
+ $row = mysql_fetch_assoc($res);
+ }
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
+ </tr>
+</table>
+
+<?
+ }
+?>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Test")?></b></td>
+ <td class="DataTD"><b><?=_("Variant")?></b></td>
+ </tr>
+<?
+ $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
+ " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
+ " ORDER BY `CP`.`pass_date`";
+
+ $res = mysql_query($query);
+
+ $HaveTest=0;
+ while($row = mysql_fetch_array($res, MYSQL_NUM))
+ {
+ if ($row[1] == "Assurer Challenge") {
+ $HaveTest=1;
+ }
+?>
+ <tr>
+ <td class="DataTD"><?=$row[0]?></td>
+ <td class="DataTD"><?=$row[1]?></td>
+ <td class="DataTD"><?=$row[2]?></td>
+ </tr>
+<? }
+?>
+</table>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+<?
+ if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
+?>
+ <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=$user_id ?>">back</a></td></tr>
+<? } else {
+ $query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
+ ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '.
+ ' GROUP BY `u`.id, `u`.`assurer`';
+ $res = mysql_query($query);
+ if (!$res) {
+ print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
+ } else {
+ $row = mysql_fetch_array($res, MYSQL_NUM);
+ if ($HaveTest && ($row[2]>=100)) {
+ if (!$row[1]) {
+ // This should not happen...
+ fix_assurer_flag($_SESSION['profile']['id']);
+ }
+?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td>
+<? } elseif (($row[2]>=100) && !$HaveTest) {
+?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td>
+<? } elseif ($HaveTest && ($row[2]<100)) {
+?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td>
+<? }
+ }
+ }
+?> </tr>
+</table>
+
diff --git a/pages/account/56.php b/pages/account/56.php new file mode 100644 index 0000000..348cc49 --- /dev/null +++ b/pages/account/56.php @@ -0,0 +1,41 @@ +<? /*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2008 CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?=_("List of Organisation Assurers:")?>
+
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="1" class="title"><?=_("Name")?></td>
+ <td colspan="1" class="title"><?=_("Email")?></td>
+ <td colspan="1" class="title"><?=_("Country")?></td>
+ </tr>
+ <?
+ $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ ?>
+ <tr>
+ <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td>
+ <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td>
+ <td><?=sanitizeHTML($row['name'])?></td>
+ </tr>
+ <?
+ }
+?>
+</table>
+
diff --git a/pages/account/6.php b/pages/account/6.php new file mode 100644 index 0000000..38af8e8 --- /dev/null +++ b/pages/account/6.php @@ -0,0 +1,136 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + $certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']); + + $query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { + showheader(_("My CAcert.org Account!")); + echo _("No such certificate attached to your account."); + showfooter(); + exit; + } + $row = mysql_fetch_assoc($res); + + $crtname=escapeshellarg($row['crt_name']); + $cert = `/usr/bin/openssl x509 -in $crtname`; + + if($row['keytype'] == "NS") + { + if(array_key_exists('install',$_REQUEST) && $_REQUEST['install'] == 1) + { + header("Content-Type: application/x-x509-user-cert"); + header("Content-Length: ".strlen($cert)); + $fname=sanitizeFilename($row['CN']); + if($fname=="") $fname="certificate"; + header('Content-Disposition: inline; filename="'.$fname.'.crt"'); + echo $cert; + exit; + } else { + showheader(_("My CAcert.org Account!")); + echo "<h3>"._("Installing your certificate")."</h3>\n"; + echo "<p>"._("You are about to install a certificate, if you are using mozilla/netscape based browsers you will not be informed that the certificate was installed successfully, you can go into the options dialog box, security and manage certificates to view if it was installed correctly however.")."</p>\n"; + echo "<p><a href='account.php?id=6&cert=$certid&install=1'>"._("Click here")."</a> "._("to install your certificate.")."</p>\n"; + showfooter(); + exit; + } + } else { + showheader(_("My CAcert.org Account!")); +?> +<h3><?=_("Installing your certificate")?></h3> + +<p><?=_("Hit the 'Install your Certificate' button below to install the certificate into MS IE 5.x and above.")?> + +<OBJECT classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec"> +<?=_("You must enable ActiveX for this to work.")?> +</OBJECT> +<FORM > +<INPUT TYPE=BUTTON NAME="CertInst" VALUE="<?=_("Install Your Certificate")?>"> +</FORM> + +</P> + +<SCRIPT LANGUAGE=VBS> + Sub CertInst_OnClick + certchain = _ +<? + $lines = explode("\n", $cert); + if(is_array($lines)) + foreach($lines as $line) + { + $line = trim($line); + if($line != "-----END CERTIFICATE-----") + echo "\"$line\" & _\n"; + else { + echo "\"$line\"\n"; + break; + } + } +?> + + On Error Resume Next + + Dim obj + Set obj=CreateObject("X509Enrollment.CX509Enrollment") + If IsObject(obj) Then + obj.Initialize(1) + obj.InstallResponse 0,certchain,0,"" + if err.number<>0 then + msgbox err.Description + else + msgbox "<?=_("Certificate installed successfully. Please don't forget to backup now")?>" + end if + else + + + + + cec.DeleteRequestCert = FALSE + err.clear + + cec.WriteCertToCSP = TRUE + cec.acceptPKCS7(certchain) + if err.number <> 0 Then + cec.WriteCertToCSP = FALSE + end if + err.clear + cec.acceptPKCS7(certchain) + if err.number <> 0 then + errorMsg = "<?=_("Certificate installation failed!")?>" & chr(13) & chr(10) & _ + "(Error code " & err.number & ")" + msgRes = MsgBox(errorMsg, 0, "<?=_("Certificate Installation Error")?>") + else + okMsg = "<?=_("Personal Certificate Installed.")?>" & chr(13) & chr(10) & _ + "See Tools->Internet Options->Content->Certificates" + msgRes = MsgBox(okMsg, 0, "<?=_("Certificate Installation Complete!")?>") + end if + End If + End Sub +</SCRIPT> + +<p><?=_("Your certificate:")?></p> +<pre><?=$cert?></pre> +<? + + showfooter(); + exit; + } +?> + diff --git a/pages/account/7.php b/pages/account/7.php new file mode 100644 index 0000000..564fd6d --- /dev/null +++ b/pages/account/7.php @@ -0,0 +1,36 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<p><?=_("Please Note: You only need to enter the main part of your domain, eg. mydomain.com rather then www.mydomain.com. Once you have verified your domain you are able to enter any sub-domain, such as www.mydomain.com or www.this.is.mydomain.com as the system checks from right to left, rather then specific hostnames when you upload a CSR to the system.")?></p> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + + <tr> + <td colspan="2" class="title"><?=_("Add Domain")?></td> + </tr> + <tr> + <td class="DataTD" width="125"><?=_("Domain")?>: </td> + <td class="DataTD" width="125"><input type="text" name="newdomain" value="<?=array_key_exists('newdomain',$_GET)?sanitizeHTML($_GET['newdomain']):''?>"></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("I own or am authorised to control this domain")?>"/></td> + </tr> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="csrf" value="<?=make_csrf('adddomain')?>" /> +</form> +<p><?=_("Currently we only issue certificates for Punycode domains if the person requesting them has code signing attributes attached to their account, as these have potentially slightly higher security risk.")?></p> diff --git a/pages/account/8.php b/pages/account/8.php new file mode 100644 index 0000000..6b3de01 --- /dev/null +++ b/pages/account/8.php @@ -0,0 +1,38 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + + <tr> + <td colspan="2" class="title"><?=_("Please choose an authority email address")?></td> + </tr> +<? $tagged=0; + if(is_array($_SESSION['_config']['addy'])) + foreach($_SESSION['_config']['addy'] as $add) { ?> + <tr> + <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?>></td> + <td class="DataTD" width="175"><?=$add?></td> + </tr> +<? } ?> + <tr> + <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Probe")?>"></td> + </tr> +</table> +<input type="hidden" name="csrf" value="<?=make_csrf('ctcinfo')?>" /> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/9.php b/pages/account/9.php new file mode 100644 index 0000000..1be45f5 --- /dev/null +++ b/pages/account/9.php @@ -0,0 +1,57 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<form method="post" action="account.php"> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="3" class="title"><?=_("Domains")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Delete")?></td> + <td class="DataTD"><?=_("Status")?></td> + <td class="DataTD"><?=_("Address")?></td> + +<? + $query = "select * from `domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { +?> + <tr> + <td colspan="3" class="DataTD"><?=_("No domains are currently listed.")?></td> + </tr> +<? } else { + while($row = mysql_fetch_assoc($res)) + { + if($row['hash'] == "") + $verified = _("Verified"); + else + $verified = _("Unverified"); +?> + <tr> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"></td> + <td class="DataTD"><?=$verified?></td> + <td class="DataTD"><?=sanitizeHTML($row['domain'])?></td> + </tr> +<? } ?> + <tr> + <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=_("Delete")?>"></td> + </tr> +<? } ?> +</table> +<input type="hidden" name="oldid" value="<?=$id?>"> +</form> diff --git a/pages/account/CVS/Entries b/pages/account/CVS/Entries new file mode 100644 index 0000000..9ebbf4d --- /dev/null +++ b/pages/account/CVS/Entries @@ -0,0 +1,56 @@ +/0.php/1.3/Sun Apr 6 19:45:25 2008// +/37.php/1.6/Sun Apr 6 19:45:25 2008// +/38.php/1.5/Sun Apr 6 19:45:25 2008// +/39.php/1.5/Sun Apr 6 19:45:25 2008// +/45.php/1.2/Sun Apr 6 19:45:25 2008// +/48.php/1.4/Mon Sep 1 22:28:13 2008// +/11.php/1.4/Wed Sep 3 18:06:26 2008// +/15.php/1.4/Wed Sep 3 18:06:26 2008// +/23.php/1.4/Wed Sep 3 18:06:26 2008// +/32.php/1.9/Wed Sep 3 18:06:26 2008// +/51.php/1.5/Wed Sep 3 18:06:26 2008// +/52.php/1.7/Wed Sep 3 18:06:26 2008// +/9.php/1.5/Wed Sep 3 18:06:26 2008// +/16.php/1.8/Wed Sep 3 18:44:17 2008// +/29.php/1.5/Wed Sep 3 18:44:17 2008// +/30.php/1.6/Wed Sep 3 18:44:17 2008// +/34.php/1.8/Wed Sep 3 18:44:17 2008// +/35.php/1.5/Wed Sep 3 18:44:17 2008// +/26.php/1.6/Thu Sep 4 13:54:37 2008// +/31.php/1.6/Thu Sep 4 13:54:37 2008// +/44.php/1.5/Fri Sep 5 15:50:04 2008// +/13.php/1.12/Sun Sep 7 22:20:30 2008// +/2.php/1.7/Sun Sep 7 22:20:30 2008// +/27.php/1.7/Sun Sep 7 22:20:30 2008// +/33.php/1.12/Sun Sep 7 22:20:30 2008// +/8.php/1.5/Sun Sep 7 22:20:30 2008// +/22.php/1.12/Fri Sep 19 19:10:01 2008// +/36.php/1.6/Sun Sep 21 04:01:52 2008// +/41.php/1.8/Sun Sep 21 04:01:52 2008// +/25.php/1.8/Mon Oct 6 21:29:19 2008// +/19.php/1.5/Sun Nov 23 05:09:09 2008// +/28.php/1.8/Sun Nov 23 05:09:09 2008// +/54.php/1.10/Sun Nov 23 05:09:09 2008// +/6.php/1.10/Sun Nov 23 05:09:09 2008// +/49.php/1.10/Mon Nov 24 10:42:42 2008// +/1.php/1.7/Mon Jan 5 10:34:38 2009// +/12.php/1.14/Mon Jan 5 10:34:38 2009// +/7.php/1.9/Mon Jan 5 10:34:38 2009// +/42.php/1.5/Tue Mar 10 01:50:31 2009// +/10.php/1.10/Sun Mar 22 00:39:31 2009// +/20.php/1.6/Sun Mar 22 00:39:31 2009// +/53.php/1.16/Sun Apr 5 00:44:03 2009// +/40.php/1.25/Fri Apr 10 23:09:07 2009// +/17.php/1.7/Fri May 22 05:12:13 2009// +/4.php/1.11/Fri May 22 05:12:13 2009// +/24.php/1.7/Sun May 31 00:41:14 2009// +/18.php/1.14/Sun May 31 16:50:59 2009// +/21.php/1.7/Sun May 31 16:50:59 2009// +/43.php/1.42/Sun May 31 16:50:59 2009// +/5.php/1.21/Sun May 31 16:50:59 2009// +/50.php/1.5/Sun May 31 16:50:59 2009// +/3.php/1.16/Thu Jun 25 20:09:31 2009// +/55.php/1.8/Thu Jun 25 20:09:31 2009// +/14.php/1.5/Mon Sep 7 22:36:31 2009// +/56.php/1.2/Sun Sep 6 18:46:20 2009// +D diff --git a/pages/account/CVS/Repository b/pages/account/CVS/Repository new file mode 100644 index 0000000..caa1c7e --- /dev/null +++ b/pages/account/CVS/Repository @@ -0,0 +1 @@ +cacert/pages/account diff --git a/pages/account/CVS/Root b/pages/account/CVS/Root new file mode 100644 index 0000000..a363882 --- /dev/null +++ b/pages/account/CVS/Root @@ -0,0 +1 @@ +/var/lib/cvs |