diff options
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/account/10.php | 65 | ||||
| -rw-r--r-- | pages/account/12.php | 29 | ||||
| -rw-r--r-- | pages/account/13.php | 31 | ||||
| -rw-r--r-- | pages/account/15.php | 2 | ||||
| -rw-r--r-- | pages/account/16.php | 102 | ||||
| -rw-r--r-- | pages/account/18.php | 9 | ||||
| -rw-r--r-- | pages/account/19.php | 2 | ||||
| -rw-r--r-- | pages/account/20.php | 61 | ||||
| -rw-r--r-- | pages/account/21.php | 4 | ||||
| -rw-r--r-- | pages/account/22.php | 10 | ||||
| -rw-r--r-- | pages/account/23.php | 2 | ||||
| -rw-r--r-- | pages/account/3.php | 131 | ||||
| -rw-r--r-- | pages/account/43.php | 1873 | ||||
| -rw-r--r-- | pages/account/44.php | 27 | ||||
| -rw-r--r-- | pages/account/5.php | 39 | ||||
| -rw-r--r-- | pages/account/52.php | 107 | ||||
| -rw-r--r-- | pages/account/55.php | 234 | ||||
| -rw-r--r-- | pages/account/56.php | 82 | ||||
| -rw-r--r-- | pages/account/57.php | 26 | ||||
| -rw-r--r-- | pages/account/58.php | 4 | ||||
| -rw-r--r-- | pages/account/59.php | 385 | ||||
| -rw-r--r-- | pages/account/6.php | 14 | ||||
| -rw-r--r-- | pages/gpg/2.php | 19 | ||||
| -rw-r--r-- | pages/index/52.php | 33 | ||||
| -rw-r--r-- | pages/wot/1.php | 22 | ||||
| -rw-r--r-- | pages/wot/10.php | 30 | ||||
| -rw-r--r-- | pages/wot/15.php | 2 | ||||
| -rw-r--r-- | pages/wot/5.php | 47 | ||||
| -rw-r--r-- | pages/wot/6.php | 15 | ||||
| -rw-r--r-- | pages/wot/9.php | 25 |
30 files changed, 2138 insertions, 1294 deletions
diff --git a/pages/account/10.php b/pages/account/10.php index 8908400..17999a7 100644 --- a/pages/account/10.php +++ b/pages/account/10.php @@ -30,17 +30,66 @@ <p><?=_("If you are a valid organisation and would like the organisation name in the certificates you can apply for an organisation assurance. Contact us via support@cacert.org for more information.")?></p> <form method="post" action="account.php"> +<p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="80" size="80" /> +</p> +<p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br /> + <textarea id="CSR" name="CSR" cols="80" rows="15"></textarea> +</p> + +<fieldset> +<legend> + <input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" /> + <label for="expertbox"><?=_("Advanced Options")?></label> +</legend> +<div id="advanced_options"> + <? if($_SESSION['profile']['points'] >= 50) { ?> -<input type="radio" name="rootcert" value="1"/> <?=_("Sign by class 1 root certificate")?><br /> -<input type="radio" name="rootcert" value="2" checked/> <?=_("Sign by class 3 root certificate")?><br /> +<ul class="no_indent"> + <li> + <input type="radio" id="root1" name="rootcert" value="1" /> + <label for="root1"><?=_("Sign by class 1 root certificate")?></label> + </li> + <li> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> + <label for="root2"><?=_("Sign by class 3 root certificate")?></label> + </li> +</ul> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <? } ?> -<p><?=_("Optional comment, only used in the certificate overview")?><br> - <input type="text" name="description" maxlength="80" size=80/></p> -<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p> -<textarea name="CSR" cols="80" rows="15"></textarea><br /> -<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> - <?=_("Please Note: You need to accept the CCA to proceed.")?></p> + +<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p> +<ul class="no_indent"> +<? +foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { +?> + <li> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label> + </li> +<? +} +?> +</ul> + +</div> +</fieldset> + +<p><input type="checkbox" id="CCA" name="CCA" /> <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please note: You need to accept the CCA to proceed.")?></label></p> <input type="submit" name="process" value="<?=_("Submit")?>" /> <input type="hidden" name="oldid" value="<?=$id?>" /> </form> + + +<script language="javascript"> +function showExpert(a) +{ + var options=document.getElementById("advanced_options"); + options.style.display = (a) ? "" : "none"; + + var checkbox=document.getElementById("expertbox"); + checkbox.style.display = ""; +} +showExpert(false); +</script> diff --git a/pages/account/12.php b/pages/account/12.php index 9058a07..f4428aa 100644 --- a/pages/account/12.php +++ b/pages/account/12.php @@ -19,7 +19,7 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> + <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> @@ -34,17 +34,20 @@ $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`, UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`, - `domaincerts`.`expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`, + `domaincerts`.`expire`, + `domaincerts`.`revoked` as `revoke`, + UNIX_TIMESTAMP(`revoked`) as `revoked`, + if (`domaincerts`.`expire`=0,CURRENT_TIMESTAMP(),`domaincerts`.`modified`) as `modified`, + `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`, `domaincerts`.`description` from `domaincerts`,`domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` "; if($viewall != 1) { $query .= "AND `revoked`=0 AND `renewed`=0 "; - $query .= "HAVING `timeleft` > 0 "; + $query .= "HAVING `timeleft` > 0 or `expire` = 0 "; } - $query .= "ORDER BY `domaincerts`.`modified` desc"; + $query .= "ORDER BY `modified` desc"; //echo $query."<br>\n"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -69,24 +72,24 @@ ?> <tr> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td> + <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/></td> <? } else if($verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/></td> <? } else { ?> <td class="DataTD"> </td> <? } ?> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="account.php?id=15&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> + <td class="DataTD"><a href="account.php?id=15&cert=<?=intval($row['id'])?>"><?=htmlspecialchars($row['CN'])?></a></td> <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> - <td class="DataTD"><?=$row['expires']?></td> - <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> - <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> + <td class="DataTD"><?=$row['expire']?></td> + <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="8"> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> + <a href="account.php?id=12&viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> </td> </tr> <tr> @@ -104,6 +107,6 @@ <td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td> </tr> </table> -<input type="hidden" name="oldid" value="<?=$id?>"/> +<input type="hidden" name="oldid" value="<?=intval($id)?>"/> <input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/> </form> diff --git a/pages/account/13.php b/pages/account/13.php index 08f325d..ea28c0e 100644 --- a/pages/account/13.php +++ b/pages/account/13.php @@ -52,22 +52,22 @@ <? if($_SESSION['profile']['points'] == 0) { ?> <tr> <td class="DataTD" width="125"><?=_("First Name")?>: </td> - <td class="DataTD" width="125"><input type="text" name="fname" value="<?=$user['fname']?>"></td> + <td class="DataTD" width="125"><input type="text" name="fname" value="<?=sanitizeHTML($user['fname'])?>"></td> </tr> <tr> <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> (<?=_("optional")?>) </td> - <td class="DataTD"><input type="text" name="mname" value="<?=$user['mname']?>"></td> + <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($user['mname'])?>"></td> </tr> <tr> <td class="DataTD"><?=_("Last Name")?>: </td> - <td class="DataTD"><input type="text" name="lname" value="<?=$user['lname']?>"></td> + <td class="DataTD"><input type="text" name="lname" value="<?=sanitizeHTML($user['lname'])?>"></td> </tr> <tr> <td class="DataTD"><?=_("Suffix")?><br> (<?=_("optional")?>)</td> - <td class="DataTD"><input type="text" name="suffix" value="<?=$user['suffix']?>"></td> + <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($user['suffix'])?>"></td> </tr> <tr> <td class="DataTD"><?=_("Date of Birth")?><br> @@ -100,22 +100,22 @@ <? } else { ?> <tr> <td class="DataTD" width="125"><?=_("First Name")?>: </td> - <td class="DataTD" width="125"><?=$user['fname']?></td> + <td class="DataTD" width="125"><?=sanitizeHTML($user['fname'])?></td> </tr> <tr> <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> (<?=_("optional")?>) </td> - <td class="DataTD"><?=$user['mname']?></td> + <td class="DataTD"><?=sanitizeHTML($user['mname'])?></td> </tr> <tr> <td class="DataTD"><?=_("Last Name")?>: </td> - <td class="DataTD"><?=$user['lname']?></td> + <td class="DataTD"><?=sanitizeHTML($user['lname'])?></td> </tr> <tr> <td class="DataTD"><?=_("Suffix")?><br> (<?=_("optional")?>)</td> - <td class="DataTD"><?=$user['suffix']?></td> + <td class="DataTD"><?=sanitizeHTML($user['suffix'])?></td> </tr> <tr> <td class="DataTD"><?=_("Date of Birth")?><br> @@ -124,19 +124,12 @@ </tr> <? } ?> <tr> - <td colspan="2" class="title"><a href="account.php?id=13&showdetails=<?=!$showdetails?>"><?=_("View secret question & answers and OTP phrases")?></a></td> - </tr> - <? if($showdetails){ ?> - <tr> - <td class="DataTD"><?=_("OTP Hash")?><br> - (<?=_("Not displayed")?>)</td> - <td class="DataTD"><input type="text" name="otphash"></td> + <td colspan="2" class="title"><a href="account.php?id=59&oldid=13&userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td> </tr> <tr> - <td class="DataTD"><?=_("OTP PIN")?><br> - (<?=_("Not displayed")?>)</td> - <td class="DataTD"><input type="text" name="otppin"></td> + <td colspan="2" class="title"><a href="account.php?id=13&showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers")?></a></td> </tr> + <? if($showdetails){ ?> <tr> <td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td> </tr> @@ -167,5 +160,5 @@ </tr> </table> <input type="hidden" name="csrf" value="<?=make_csrf('perschange')?>" /> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> </form> diff --git a/pages/account/15.php b/pages/account/15.php index 6cd3115..405cb44 100644 --- a/pages/account/15.php +++ b/pages/account/15.php @@ -30,7 +30,7 @@ } $row = mysql_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname"); ?> <h3><?=_("Below is your Server Certificate")?></h3> <pre> diff --git a/pages/account/16.php b/pages/account/16.php index 564463e..8783bc5 100644 --- a/pages/account/16.php +++ b/pages/account/16.php @@ -25,47 +25,101 @@ <tr> <td class="DataTD"><?=_("Add")?></td> <td class="DataTD"><?=_("Address")?></td> -<? if(array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) - foreach($_SESSION['_config']['emails'] as $val) { ?> +<? +if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) { + $i = 1; + foreach($_SESSION['_config']['emails'] as $val) { +?> <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"/></td> + <td class="DataTD"><label for="email<?=$i?>"><?=_("Email")?></label></td> + <td class="DataTD"><input type="text" id="email<?=$i?>" name="emails[]" value="<?=$val?>"/></td> </tr> -<? } ?> +<? + $i++; + } +} ?> <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><input type="text" name="emails[]"/></td> + <td class="DataTD"><label for="email0"><?=_("Email")?></td> + <td class="DataTD"><input type="text" id="email0" name="emails[]"/></td> </tr> <tr> - <td class="DataTD"><?=_("Name")?>:</td> - <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td> + <td class="DataTD"><label for="name"><?=_("Name")?></label></td> + <td class="DataTD"><input type="text" id="name" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td> </tr> <tr> - <td class="DataTD"><?=_("Department")?>:</td> - <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td> + <td class="DataTD"><label for="OU"><?=_("Department")?></label></td> + <td class="DataTD"><input type="text" id="OU" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?(sanitizeHTML($_SESSION['_config']['OU'])):''?>"/></td> </tr> - <tr> + + <tr name="expertoff" style="display:none"> + <td class="DataTD"> + <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" /> + </td> + <td class="DataTD"> + <label for="expertbox"><?=_("Show advanced options")?></label> + </td> + </tr> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br /> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br /> + <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 60))?> + </td> + </tr> + + <tr name="expert"> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br /> - <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br /> - <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?> + <?=_("Hash algorithm used when signing the certificate:")?><br /> + <? + foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { + ?> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br /> + <? + } + ?> </td> </tr> + <? if($_SESSION['profile']['codesign'] && $_SESSION['profile']['points'] >= 100) { ?> - <tr> - <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <input type="checkbox" id="codesign" name="codesign" value="1" /> + <label for="codesign"><?=_("Code Signing")?></label> + </td> </tr> <? } ?> - <tr> - <td class="DataTD" colspan="2" align="left"> - <?=_("Optional comment, only used in the certificate overview")?><br /> - <input type="text" name="description" maxlength="80" size=80 /> - </td> + <tr> + <td class="DataTD" colspan="2" align="left"> + <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="80" size="80" /> + </td> </tr> <tr> - <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>"> - <input type="submit" name="process" value="<?=_("Next")?>" /></td> + <td class="DataTD" colspan="2"> + <input type="submit" name="add_email" value="<?=_("Add Another Email Address")?>"> + <input type="submit" name="process" value="<?=_("Next")?>" /> + </td> </tr> </table> <input type="hidden" name="oldid" value="<?=$id?>"> </form> + +<script language="javascript"> +function showExpert(a) +{ + b=document.getElementsByName("expert"); + for(i=0;b.length>i;i++) + { + if(!a) {b[i].setAttribute("style","display:none"); } + else {b[i].removeAttribute("style");} + } + b=document.getElementsByName("expertoff"); + for(i=0;b.length>i;i++) + { + b[i].removeAttribute("style"); + } + +} +showExpert(false); +</script> diff --git a/pages/account/18.php b/pages/account/18.php index 9ab13b2..ca0a3c8 100644 --- a/pages/account/18.php +++ b/pages/account/18.php @@ -79,6 +79,7 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`, `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`, UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`, + if (`oemail`.`expire`=0,CURRENT_TIMESTAMP(),`oemail`.`modified`) as `modified`, `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`, `oemail`.`description`, `oemail`.`ou`, `orginfo`.`O` from `orgemailcerts` as `oemail`, `org`, `orginfo` @@ -92,17 +93,17 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c if(0==$status) { $query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 "; - $query .= "HAVING `timeleft` > 0 AND `revoked`=0 "; + $query .= "HAVING `timeleft` > 0 AND `revoked`=0 or `expires` = 0 "; } switch ($sorting){ case 0: - $query .= "ORDER BY `orginfo`.`O`, `oemail`.`expire` desc"; + $query .= "ORDER BY `orginfo`.`O`, `modified` desc"; break; case 1: - $query .= "ORDER BY `orginfo`.`O`, `oemail`.`ou`, `oemail`.`expire` desc"; + $query .= "ORDER BY `orginfo`.`O`, `oemail`.`ou`, `modified` desc"; break; case 2: - $query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `oemail`.`expire` desc"; + $query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `modified` desc"; break; } $res = mysql_query($query); diff --git a/pages/account/19.php b/pages/account/19.php index 6a2749c..959111f 100644 --- a/pages/account/19.php +++ b/pages/account/19.php @@ -31,7 +31,7 @@ } $row = mysql_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname"); if($row['keytype'] == "NS") { diff --git a/pages/account/20.php b/pages/account/20.php index ee16dd4..89bbc30 100644 --- a/pages/account/20.php +++ b/pages/account/20.php @@ -27,13 +27,60 @@ <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> <form method="post" action="account.php"> -<input type="radio" name="rootcert" value="1" /> <?=_("Sign by class 1 root certificate")?><br /> -<input type="radio" name="rootcert" value="2" checked /> <?=_("Sign by class 3 root certificate")?><br /> -<p> <?=_("Optional comment, only used in the certificate overview")?><br /> - <input type="text" name="description" maxlength="80" size=80 /></p> +<p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="80" size="80" /> +</p> +<p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br /> + <textarea id="CSR" name="CSR" cols="80" rows="15"></textarea> +</p> + +<fieldset> +<legend> + <input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" /> + <label for="expertbox"><?=_("Advanced Options")?></label> +</legend> +<div id="advanced_options"> +<ul class="no_indent"> + <li> + <input type="radio" id="root1" name="rootcert" value="1" /> + <label for="root1"><?=_("Sign by class 1 root certificate")?></label> + </li> + <li> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> + <label for="root2"><?=_("Sign by class 3 root certificate")?></label> + </li> +</ul> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> -<p><?=_("Paste your CSR below...")?></p> -<textarea name="CSR" cols="80" rows="15"></textarea><br /> + +<p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p> +<ul class="no_indent"> +<? +foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { +?> + <li> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label> + </li> +<? +} +?> +</ul> + +</div> +</fieldset> + <input type="submit" name="process" value="<?=_("Submit")?>" /> <input type="hidden" name="oldid" value="<?=$id?>" /> -</form>
\ No newline at end of file +</form> + +<script language="javascript"> +function showExpert(a) +{ + var options=document.getElementById("advanced_options"); + options.style.display = (a) ? "" : "none"; + + var checkbox=document.getElementById("expertbox"); + checkbox.style.display = ""; +} +showExpert(false); +</script> diff --git a/pages/account/21.php b/pages/account/21.php index 75827fb..c5832b9 100644 --- a/pages/account/21.php +++ b/pages/account/21.php @@ -41,7 +41,7 @@ if (is_array($_SESSION['_config']['altrows'])) { } echo _("Organisation"), ": {$org['O']}<br>\n"; -echo _("Org. Unit"), ": {$_SESSION['_config']['OU']}<br>\n"; +echo _("Org. Unit"), ": ", sanitizeHTML($_SESSION['_config']['OU']), "<br>\n"; echo _("Location"), ": {$org['L']}<br>\n"; echo _("State/Province"), ": {$org['ST']}<br>\n"; echo _("Country"), ": {$org['C']}<br>\n"; @@ -52,7 +52,7 @@ echo _("Country"), ": {$org['C']}<br>\n"; <input type="submit" name="process" value="<?=_("Submit")?>"> <input type="hidden" name="oldid" value="<?=$id?>"> </p> - + <? if ($_SESSION['profile']['admin'] == 1) { ?> diff --git a/pages/account/22.php b/pages/account/22.php index 0413da0..7b7db2d 100644 --- a/pages/account/22.php +++ b/pages/account/22.php @@ -78,7 +78,9 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_ UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`, `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`, - UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, + UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoked`, + if (`orgdomaincerts`.`expire`=0,CURRENT_TIMESTAMP(),`orgdomaincerts`.`modified`) as `modified`, + `CN`, `orgdomaincerts`.`serial`, `orgdomaincerts`.`id` as `id`, `orgdomaincerts`.`description`, `orginfo`.`O` @@ -94,14 +96,14 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_ if(0==$status) { $query .= "AND `revoked`=0 AND `renewed`=0 "; - $query .= "HAVING `timeleft` > 0 "; + $query .= "HAVING `timeleft` > 0 or `expires` = 0 "; } switch ($sorting){ case 0: - $query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`expire` desc"; + $query .= "ORDER BY `orginfo`.`O`, `modified` desc"; break; case 1: - $query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`CN`, `orgdomaincerts`.`expire` desc"; + $query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`CN`, `modified` desc"; break; } diff --git a/pages/account/23.php b/pages/account/23.php index 4ec56c3..4255b47 100644 --- a/pages/account/23.php +++ b/pages/account/23.php @@ -30,7 +30,7 @@ } $row = mysql_fetch_assoc($res); $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname"); ?> <h3><?=_("Below is your Server Certificate")?></h3> <pre> diff --git a/pages/account/3.php b/pages/account/3.php index 7e34300..cd62ce0 100644 --- a/pages/account/3.php +++ b/pages/account/3.php @@ -34,6 +34,7 @@ <tr> <td class="DataTD"><?=_("Add")?></td> <td class="DataTD"><?=_("Address")?></td> + </tr> <? $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''"; @@ -41,8 +42,8 @@ while($row = mysql_fetch_assoc($res)) { ?> <tr> - <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td> - <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> + <td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id'])?>" name="addid[]" value="<?=intval($row['id'])?>"></td> + <td class="DataTD" align="left"><label for="addid<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></label></td> </tr> <? } if($_SESSION['profile']['points'] >= 50) @@ -52,81 +53,120 @@ if($_SESSION['profile']['points'] >= 50) $lname = $_SESSION['profile']['lname']; $suffix = $_SESSION['profile']['suffix']; ?> - <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br /> - <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br /> - <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?> - </td> - </tr> <tr> <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="incname" value="0" checked /> <?=_("No Name")?><br /> - <? if($fname && $lname) { ?><input type="radio" name="incname" value="1" /> <?=_("Include")?> '<?=$fname." ".$lname?>'<br /><? } ?> - <? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br /><? } ?> - <? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3" /> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br /><? } ?> - <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br /><? } ?> + <input type="radio" id="incname0" name="incname" value="0" checked="checked" /> + <label for="incname0"><?=_("No Name")?></label><br /> + <? if($fname && $lname) { ?> + <input type="radio" id="incname1" name="incname" value="1" /> + <label for="incname1"><?=_("Include")?> '<?=$fname." ".$lname?>'</label><br /> + <? } ?> + <? if($fname && $mname && $lname) { ?> + <input type="radio" id="incname2" name="incname" value="2" /> + <label for="incname2"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'</label><br /> + <? } ?> + <? if($fname && $lname && $suffix) { ?> + <input type="radio" id="incname3" name="incname" value="3" /> + <label for="incname3"><?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'</label><br /> + <? } ?> + <? if($fname && $mname && $lname && $suffix) { ?> + <input type="radio" id="incname4" name="incname" value="4" /> + <label for="incname4"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'</label><br /> + <? } ?> </td> </tr> <? } ?> -<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> + <tr> <td class="DataTD"> - <input type="checkbox" name="codesign" value="1" /> + <input type="checkbox" id="login" name="login" value="1" checked="checked" /> </td> <td class="DataTD" align="left"> - <?=_("Code Signing")?><br /> - <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> + <label for="login"><?=_("Enable certificate login with this certificate")?><br /> + <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?></label> </td> </tr> -<? } ?> - <tr> + <td class="DataTD" colspan="2" align="left"> + <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br /> + <input type="text" id="description" name="description" maxlength="100" size="100" /> + </td> + </tr> + + <tr name="expertoff" style="display:none"> <td class="DataTD"> - <input type="checkbox" name="login" value="1" checked="checked" /> + <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" /> </td> - <td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br /> - <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/> + <td class="DataTD" align="left"> + <label for="expertbox"><?=_("Show advanced options")?></label> </td> </tr> - <tr> - <td class="DataTD" colspan="2" align="left"> - <?=_("Optional comment, only used in the certificate overview")?><br /> - <input type="text" name="description" maxlength="100" size="100" /> - </td> + +<? +if($_SESSION['profile']['points'] >= 50) +{ +?> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br /> + <input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br /> + <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 125))?> + </td> </tr> +<? } ?> - <tr name="expertoff" style="display:none"> + <tr name="expert"> + <td class="DataTD" colspan="2" align="left"> + <?=_("Hash algorithm used when signing the certificate:")?><br /> + <? + foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) { + ?> + <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> + <label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br /> + <? + } + ?> + </td> + </tr> + +<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> + <tr name="expert"> <td class="DataTD"> - <input type="checkbox" name="expertbox" onchange="showExpert(this.checked)" /> + <input type="checkbox" id="codesign" name="codesign" value="1" /> </td> + <td class="DataTD" align="left"> + <label for="codesign"><?=_("Code Signing")?><br /> + <?=_("Please note: By ticking this box you will automatically have your name included in the certificate.")?></label> + </td> + </tr> +<? } ?> + + <tr name="expert"> <td class="DataTD"> - <?=_("Show advanced options")?> + <input type="checkbox" id="SSO" name="SSO" value="1" /> + </td> + <td class="DataTD" align="left"> + <label for="SSO"><?=_("Add Single Sign On ID Information")?><br /> + <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?> + <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a></label> </td> </tr> <tr name="expert"> - <td class="DataTD" colspan="2" align="left"> - <input type="radio" name="SSO" value="0" checked /> <?=_("No Single Sign On ID")?><br /> - <input type="radio" name="SSO" value="1" /> <?=_("Add Single Sign On ID Information")?><br /> - <?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?> - <a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a> + <td class="DataTD" colspan="2"> + <label for="optionalCSR"><?=_("Optional Client CSR, no information on the certificate will be used")?></label><br /> + <textarea id="optionalCSR" name="optionalCSR" cols="80" rows="5"></textarea> </td> </tr> - <tr name="expert"> - <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td> - </tr> - <tr name="expert"> - <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td> - </tr> - <tr> + <tr> <td class="DataTD"> - <input type="checkbox" name="CCA" /> + <input type="checkbox" id="CCA" name="CCA" /> </td> <td class="DataTD" align="left"> - <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> - <?=_("Please Note: You need to accept the CCA to proceed.")?> + <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> + <?=_("Please note: You need to accept the CCA to proceed.")?></label> </td> </tr> <tr> @@ -154,4 +194,3 @@ function showExpert(a) } showExpert(false); </script> - diff --git a/pages/account/43.php b/pages/account/43.php index 53b24d3..c889ce3 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -14,30 +14,30 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? +*/ + include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); +$ticketno=''; +$ticketvalidation=FALSE; - if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0) - { - $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); - $row = 0; - $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); - if ($res) { - $row = mysql_fetch_assoc($res); - } - mysql_query("delete from `notary` where `id`='$assurance'"); - if ($row) { - fix_assurer_flag($row['to']); - } - } +if (isset($_SESSION['ticketno'])) { + $ticketno = $_SESSION['ticketno']; + $ticketvalidation = valid_ticket_number($ticketno); +} +if (isset($_SESSION['ticketmsg'])) { + $ticketmsg = $_SESSION['ticketmsg']; +} else { + $ticketmsg = ''; +} - if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) - { + +// search for an account by email search, if more than one is found display list to choose +if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) +{ $_REQUEST['userid'] = 0; - $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email'])); + $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email'])); //Disabled to speed up the queries //if(!strstr($email, "%")) @@ -45,877 +45,1036 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); // bug-975 ted+uli changes --- begin if(preg_match("/^[0-9]+$/", $email)) { - // $email consists of digits only ==> search for IDs - // Be defensive here (outer join) if primary mail is not listed in email table - $query = "select `users`.`id` as `id`, `email`.`email` as `email` - from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) - where (`email`.`id`='$email' or `users`.`id`='$email') - and `users`.`deleted`=0 - group by `users`.`id` limit 100"; + // $email consists of digits only ==> search for IDs + // Be defensive here (outer join) if primary mail is not listed in email table + $query = "select `users`.`id` as `id`, `email`.`email` as `email` + from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) + where (`email`.`id`='$email' or `users`.`id`='$email') + and `users`.`deleted`=0 + group by `users`.`id` limit 100"; } else { - // $email contains non-digits ==> search for mail addresses - // Be defensive here (outer join) if primary mail is not listed in email table - $query = "select `users`.`id` as `id`, `email`.`email` as `email` - from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) - where (`email`.`email` like '$emailsearch' - or `users`.`email` like '$emailsearch') - and `users`.`deleted`=0 - group by `users`.`id` limit 100"; + // $email contains non-digits ==> search for mail addresses + // Be defensive here (outer join) if primary mail is not listed in email table + $query = "select `users`.`id` as `id`, `email`.`email` as `email` + from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) + where (`email`.`email` like '$emailsearch' + or `users`.`email` like '$emailsearch') + and `users`.`deleted`=0 + group by `users`.`id` limit 100"; } // bug-975 ted+uli changes --- end $res = mysql_query($query); - if(mysql_num_rows($res) > 1) { ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td> - </tr> - <tr> - <td class="DataTD"><?=_("User ID")?></td> - <td class="DataTD"><?=_("Email")?></td> - </tr> -<? - while($row = mysql_fetch_assoc($res)) - { ?> - <tr> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> - </tr> -<? } if(mysql_num_rows($res) >= 100) { ?> - <tr> - <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td> - </tr> -<? } else { ?> - <tr> - <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> - </tr> -<? } ?> -</table><br><br> -<? } elseif(mysql_num_rows($res) == 1) { - $row = mysql_fetch_assoc($res); - $_REQUEST['userid'] = $row['id']; - } else { - printf(_("No users found matching %s"), sanitizeHTML($email)); - } - } - - if(intval($_REQUEST['userid']) > 0) - { - $userid = intval($_REQUEST['userid']); - $query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) <= 0) - { - echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); - } else { - $row = mysql_fetch_assoc($res); - $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'")); + if(mysql_num_rows($res) > 1) { ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("First Name")?>:</td> - <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;"> - <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" /> - <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Middle Name")?>:</td> - <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Last Name")?>:</td> - <td class="DataTD"> <input type="hidden" name="oldid" value="43"> - <input type="hidden" name="action" value="updatedob"> - <input type="hidden" name="userid" value="<?=intval($userid)?>"> - <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Suffix")?>:</td> - <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Date of Birth")?>:</td> - <td class="DataTD"> -<? - $year = intval(substr($row['dob'], 0, 4)); - $month = intval(substr($row['dob'], 5, 2)); - $day = intval(substr($row['dob'], 8, 2)); - ?><nobr><select name="day"> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("User ID")?></td> + <td class="DataTD"><?=_("Email")?></td> + </tr> <? - for($i = 1; $i <= 31; $i++) + while($row = mysql_fetch_assoc($res)) { - echo "<option"; - if($day == $i) - echo " selected='selected'"; - echo ">$i</option>"; - } ?> - </select> - <select name="month"> + <tr> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> + </tr> <? - for($i = 1; $i <= 12; $i++) - { - echo "<option value='$i'"; - if($month == $i) - echo " selected='selected'"; - echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>"; } + + if(mysql_num_rows($res) >= 100) { ?> - </select> - <input type="text" name="year" value="<?=$year?>" size="4"> - <input type="submit" value="Go"></form></nobr></td> - </tr> - <tr> - <td class="DataTD"><?=_("CCA accepted")?>:</td> - <td class="DataTD"><a href="account.php?id=57&userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Trainings")?>:</td> - <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Is Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&assurer=<?=intval($row['id'])?>&csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Blocked Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Account Locking")?>:</td> - <td class="DataTD"><a href="account.php?id=43&locked=<?=$row['id']?>&csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Code Signing")?>:</td> - <td class="DataTD"><a href="account.php?id=43&codesign=<?=$row['id']?>&csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Org Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&orgadmin=<?=$row['id']?>&csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("TTP Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&ttpadmin=<?=$row['id']?>&csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Location Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&admin=<?=$row['id']?>&csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Ad Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td> - </tr> - <tr> - <td class="DataTD"><?=_("Tverify Account")?>:</td> - <td class="DataTD"><a href="account.php?id=43&tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("General Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&general=<?=$row['id']?>"><?=$alerts['general']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Country Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&country=<?=$row['id']?>"><?=$alerts['country']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Regional Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Within 200km Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Change Password")?>:</td> - <td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Delete Account")?>:</td> - <td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>&csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td> - </tr> + <tr> + <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td> + </tr> <? - // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!! - if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") { + } else { ?> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q1:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A1:</td> - <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q2:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A2:</td> - <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q3:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A3:</td> - <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q4:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A4:</td> - <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q5:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A5:</td> - <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td> - </tr> -<? } else { ?> - <tr> - <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td> - </tr> -<? } ?> - <tr> - <td class="DataTD"><?=_("Assurance Points")?>:</td> - <td class="DataTD"><?=intval($drow['points'])?></td> - </tr> -</table> -<br><? - $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`='' - and `email`!='".mysql_escape_string($row['email'])."'"; - $dres = mysql_query($query); - if(mysql_num_rows($dres) > 0) { ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td> - </tr><? - $rc = mysql_num_rows($dres); - while($drow = mysql_fetch_assoc($dres)) - { ?> - <tr> - <td class="DataTD"><?=_("Secondary Emails")?>:</td> - <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td> - </tr> -<? } ?> -</table> -<br><? } ?> + <tr> + <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> + </tr> <? - $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''"; - $dres = mysql_query($query); - if(mysql_num_rows($dres) > 0) { ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><?=_("Verified Domains")?></td> - </tr><? - $rc = mysql_num_rows($dres); - while($drow = mysql_fetch_assoc($dres)) - { ?> - <tr> - <td class="DataTD"><?=_("Domain")?>:</td> - <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td> - </tr> -<? } ?> -</table> -<br> -<? } ?> -<? // Begin - Debug infos ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="2" class="title"><?=_("Account State")?></td> - </tr> - -<? - // --- bug-975 begin --- - // potential db inconsistency like in a20110804.1 - // Admin console -> don't list user account - // User login -> impossible - // Assurer, assure someone -> user displayed - /* regular user account search with regular settings - - --- Admin Console find user query - $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` - where `users`.`id`=`email`.`memid` and - (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and - `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 - group by `users`.`id` limit 100"; - => requirements - 1. email.hash = '' - 2. email.deleted = 0 - 3. users.deleted = 0 - 4. email.email = primary-email (???) or'd - not covered by admin console find user routine, but may block users login - 5. users.verified = 0|1 - further "special settings" - 6. users.locked (setting displayed in display form) - 7. users.assurer_blocked (setting displayed in display form) - - --- User login user query - select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or - `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 - => requirements - 1. users.verified = 1 - 2. users.deleted = 0 - 3. users.locked = 0 - 4. users.email = primary-email - - --- Assurer, assure someone find user query - select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' - and `deleted`=0 - => requirements - 1. users.deleted = 0 - 2. users.email = primary-email - Admin User Assurer - bit Console Login assure someone - - 1. email.hash = '' Yes No No - 2. email.deleted = 0 Yes No No - 3. users.deleted = 0 Yes Yes Yes - 4. users.verified = 1 No Yes No - 5. users.locked = 0 No Yes No - 6. users.email = prim-email No Yes Yes - 7. email.email = prim-email Yes No No - - full usable account needs all 7 requirements fulfilled - so if one setting isn't set/cleared there is an inconsistency either way - if eg email.email is not avail, admin console cannot open user info - but user can login and assurer can display user info - if user verified is not set to 1, admin console displays user record - but user cannot login, but assurer can search for the user and the data displays - - consistency check: - 1. search primary-email in users.email - 2. search primary-email in email.email - 3. userid = email.memid - 4. check settings from table 1. - 5. - - */ - - $inconsistency = 0; - $inconsistencydisp = ""; - $inccause = ""; - // current userid intval($row['id']) - $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked` - from `users` where `id`='".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $uemail = $drow['uemail']; - $udeleted = $drow['udeleted']; - $uverified = $drow['verified']; - $ulocked = $drow['locked']; - - $query = "select `hash`, `email` as `eemail` from `email` - where `memid`='".intval($row['id'])."' and - `email` ='".$uemail."' and - `deleted` = 0"; - $dres = mysql_query($query); - if ($drow = mysql_fetch_assoc($dres)) { - $drow['edeleted'] = 0; - } else { - // try if there are deleted entries - $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email` - where `memid`='".intval($row['id'])."' and - `email` ='".$uemail."'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - } - - if ($drow) { - $eemail = $drow['eemail']; - $edeleted = $drow['edeleted']; - $ehash = $drow['hash']; - if ($udeleted!=0) { - $inconsistency += 1; - $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted"); - } - if ($uverified!=1) { - $inconsistency += 2; - $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set"); - } - if ($ulocked!=0) { - $inconsistency += 4; - $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set"); - } - if ($edeleted!=0) { - $inconsistency += 8; - $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); - } - if ($ehash!='') { - $inconsistency += 16; - $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); - } - } else { - $inconsistency = 32; - $inccause = _("Prim. email, Email record doesn't exist"); - } - if ($inconsistency>0) { - // $inconsistencydisp = _("Yes"); -?> - <tr> - <td class="DataTD"><?=_("Account inconsistency")?>:</td> - <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td> - </tr> - <tr> - <td colspan="2" class="DataTD" style="max-width: 75ex"> - <?=_("Account inconsistency can cause problems in daily account ". - "operations and needs to be fixed manually through arbitration/critical ". - "team.")?> - </td> - </tr> -<? } - - // --- bug-975 end --- + } ?> -</table> -<br> + </table><br><br> <? - // End - Debug infos -?> + } elseif(mysql_num_rows($res) == 1) { + $row = mysql_fetch_assoc($res); + $_REQUEST['userid'] = $row['id']; + } else { + printf(_("No users found matching %s"), sanitizeHTML($email)); + } +} + +// display user information for given user id +if(intval($_REQUEST['userid']) > 0) { + $userid = intval($_REQUEST['userid']); + $res =get_user_data($userid); + if(mysql_num_rows($res) <= 0) { + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); + } else { + $row = mysql_fetch_assoc($res); + $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0"; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $alerts =get_alerts(intval($row['id'])); -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="6" class="title"><?=_("Certificates")?></td> - </tr> - - <tr> - <td class="DataTD"><?=_("Cert Type")?>:</td> - <td class="DataTD"><?=_("Total")?></td> - <td class="DataTD"><?=_("Valid")?></td> - <td class="DataTD"><?=_("Expired")?></td> - <td class="DataTD"><?=_("Revoked")?></td> - <td class="DataTD"><?=_("Latest Expire")?></td> - </tr> -<!-- server certificates --> - <tr> - <td class="DataTD"><?=_("Server")?>:</td> - <? - $query = "select COUNT(*) as `total`, - MAX(`domaincerts`.`expire`) as `maxexpire` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - and `revoked` = '0000-00-00 00:00:00' - and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - and `revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> -<!-- client certificates --> - <tr> - <td class="DataTD"><?=_("Client")?>:</td> - <? - $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` - from `emailcerts` - where `memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `revoked` = '0000-00-00 00:00:00' - and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> -<!-- gpg certificates --> - <tr> - <td class="DataTD"><?=_("GPG")?>:</td> - <? - $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` - from `gpg` - where `memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `gpg` - where `memid` = '".intval($row['id'])."' - and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `gpg` - where `memid` = '".intval($row['id'])."' - and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> -<!-- org server certificates --> - <tr> - <td class="DataTD"><a href="account.php?id=58&userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td> - <? - $query = "select COUNT(*) as `total`, - MAX(`orgcerts`.`expire`) as `maxexpire` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` = '0000-00-00 00:00:00' - and `orgcerts`.`expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> -<!-- org client certificates --> - <tr> - <td class="DataTD"><?=_("Org Client")?>:</td> - <? - $query = "select COUNT(*) as `total`, - MAX(`orgcerts`.`expire`) as `maxexpire` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` = '0000-00-00 00:00:00' - and `orgcerts`.`expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> - <tr> - <td colspan="6" class="title"> - <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> - <input type="hidden" name="action" value="revokecert"> - <input type="hidden" name="oldid" value="43"> - <input type="hidden" name="userid" value="<?=intval($userid)?>"> - <input type="submit" value="<?=_('revoke certificates')?>"> - </form> - </td> - </tr> -</table> -<br> - - -<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> - (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) -<br /> -<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby"><?=_("Show Assurances the user gave")?></a> - (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby15"><?=_("New calculation")?></a>) -<br /> +//display account data -<? -// if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") { +//deletes an assurance + if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true) + { + if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno)) { + $ticketmsg=_("Writing to the admin log failed. Can't continue."); + } else { + $assurance = intval($_REQUEST['assurance']); + $trow = 0; + $res = mysql_query("select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0"); + if ($res) { + $trow = mysql_fetch_assoc($res); + if ($trow) { + mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'"); + fix_assurer_flag($trow['to']); + } + } + } + } elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) { + $ticketmsg=_('No assurance revoked. Ticket number is missing!'); + } -function showassuredto() -{ -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="8" class="title"><?=_("Assurance Points")?></td> - </tr> - <tr> - <td class="DataTD"><b><?=_("ID")?></b></td> - <td class="DataTD"><b><?=_("Date")?></b></td> - <td class="DataTD"><b><?=_("Who")?></b></td> - <td class="DataTD"><b><?=_("Email")?></b></td> - <td class="DataTD"><b><?=_("Points")?></b></td> - <td class="DataTD"><b><?=_("Location")?></b></td> - <td class="DataTD"><b><?=_("Method")?></b></td> - <td class="DataTD"><b><?=_("Revoke")?></b></td> - </tr> -<? - $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'"; - $dres = mysql_query($query); - $points = 0; - while($drow = mysql_fetch_assoc($dres)) - { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'")); - $points += $drow['points']; +//Ticket number ?> - <tr> - <td class="DataTD"><?=$drow['id']?></td> - <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td> - <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> - <td class="DataTD"><?=intval($drow['points'])?></td> - <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> - <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> - </tr> -<? } ?> - <tr> - <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD" colspan="3"> </td> - </tr> -</table> -<? } ?> +<form method="post" action="account.php?id=43&userid=<?=intval($_REQUEST['userid'])?>"> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_('Ticket handling') ?></td> + </tr> + <tr> + <td class="DataTD"><?=_('Ticket no')?>:</td> + <td class="DataTD"><input type="text" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/></td> + </tr> + <tr> + <td colspan="2" class="DataTDError"><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?> + </tr> + <tr> + <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td> + </tr> + </table> +</form> +<br/> + + +<!-- display data table --> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("First Name")?>:</td> + <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;"> + <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" /> + <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Middle Name")?>:</td> + <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Last Name")?>:</td> + <td class="DataTD"> <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="action" value="updatedob"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Suffix")?>:</td> + <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Date of Birth")?>:</td> + <td class="DataTD"> + <? + $year = intval(substr($row['dob'], 0, 4)); + $month = intval(substr($row['dob'], 5, 2)); + $day = intval(substr($row['dob'], 8, 2)); + ?> + <nobr> + <select name="day"> + <? + for($i = 1; $i <= 31; $i++) { + echo "<option"; + if($day == $i) { + echo " selected='selected'"; + } + echo ">$i</option>"; + } + ?> + </select> + <select name="month"> + <? + for($i = 1; $i <= 12; $i++) { + echo "<option value='$i'"; + if($month == $i) + echo " selected='selected'"; + echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>"; + } + ?> + </select> + <input type="text" name="year" value="<?=$year?>" size="4"> + <input type="submit" value="Go"> + <input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/> + </form> + </nobr> + </td> + </tr> + + <? // list of flags ?> + <tr> + <td class="DataTD"><?=_("CCA accepted")?>:</td> + <td class="DataTD"><a href="account.php?id=57&userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'], 'CCA')) ? _("Yes") : _("No") ?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Trainings")?>:</td> + <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Is Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&assurer=<?=intval($row['id'])?>&csrf=<?=make_csrf('admsetassuret')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Blocked Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&assurer_blocked=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer_blocked'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Account Locking")?>:</td> + <td class="DataTD"><a href="account.php?id=43&locked=<?=intval($row['id'])?>&csrf=<?=make_csrf('admactlock')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['locked'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Code Signing")?>:</td> + <td class="DataTD"><a href="account.php?id=43&codesign=<?=intval($row['id'])?>&csrf=<?=make_csrf('admcodesign')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['codesign'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Org Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&orgadmin=<?=intval($row['id'])?>&csrf=<?=make_csrf('admorgadmin')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['orgadmin'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("TTP Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&ttpadmin=<?=intval($row['id'])?>&csrf=<?=make_csrf('admttpadmin')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['ttpadmin'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Location Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&locadmin=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=$row['locadmin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&admin=<?=intval($row['id'])?>&csrf=<?=make_csrf('admsetadmin')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['admin'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Ad Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&adadmin=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['adadmin'])?></a> (0 = none, 1 = submit, 2 = approve)</td> + </tr> + <!-- presently not needed + <tr> + <td class="DataTD"><?=_("Tverify Account")?>:</td> + <td class="DataTD"><a href="account.php?id=43&tverify=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['tverify'])?></a></td> + </tr> + --> + <tr> + <td class="DataTD"><?=_("General Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&general=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['general'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Country Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&country=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['country'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Regional Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&regional=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['regional'])?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Within 200km Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&radius=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['radius'])?></a></td> + </tr> + <? //change password, view secret questions and delete account section ?> + <tr> + <td class="DataTD"><?=_("Change Password")?>:</td> + <td class="DataTD"><a href="account.php?id=44&userid=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Change Password")?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Delete Account")?>:</td> + <td class="DataTD"><a href="account.php?id=50&userid=<?=intval($row['id'])?>&csrf=<?=make_csrf('admdelaccount')?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Delete Account")?></a></td> + </tr> + <? + // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!! + if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) { + if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno)) { + ?> + <tr> + <td class="DataTD" colspan="2"><?=_("Writing to the admin log failed. Can't continue.")?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=intval($row['id'])?>&showlostpw=yes&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td> + </tr> + <? + } else { + ?> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q1:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A1:</td> + <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q2:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A2:</td> + <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q3:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A3:</td> + <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q4:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A4:</td> + <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q5:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A5:</td> + <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td> + </tr> + <? + } + } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) { + ?> + <tr> + <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=intval($row['id'])?>&showlostpw=yes&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td> + </tr> + <? + } else { + ?> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=intval($row['id'])?>&showlostpw=yes&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td> + </tr> + <? } + + // list assurance points + ?> + <tr> + <td class="DataTD"><?=_("Assurance Points")?>:</td> + <td class="DataTD"><?=intval($drow['points'])?></td> + </tr> + <? + // show account history + ?> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=59&oldid=43&userid=<?=intval($row['id'])?>&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_('Show account history')?></a></td> + </tr> + </table> + <br/> + <? + //list secondary email addresses + $dres = get_email_addresses(intval($row['id']),$row['email']); + if(mysql_num_rows($dres) > 0) { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td> + </tr> + <? + while($drow = mysql_fetch_assoc($dres)) { + ?> + <tr> + <td class="DataTD"><?=_("Secondary Emails")?>:</td> + <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td> + </tr> + <? + } + ?> + </table> + <br/> + <? + } + + // list of domains + $dres=get_domains(intval($row['id'])); + if(mysql_num_rows($dres) > 0) { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Verified Domains")?></td> + </tr> + <? + while($drow = mysql_fetch_assoc($dres)) { + ?> + <tr> + <td class="DataTD"><?=_("Domain")?>:</td> + <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td> + </tr> + <? + } + ?> + </table> + <br/> + <? + } + ?> + <? // Begin - Debug infos ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Account State")?></td> + </tr> + + <? + // --- bug-975 begin --- + // potential db inconsistency like in a20110804.1 + // Admin console -> don't list user account + // User login -> impossible + // Assurer, assure someone -> user displayed + /* regular user account search with regular settings + + --- Admin Console find user query + $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` + where `users`.`id`=`email`.`memid` and + (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and + `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + => requirements + 1. email.hash = '' + 2. email.deleted = 0 + 3. users.deleted = 0 + 4. email.email = primary-email (???) or'd + not covered by admin console find user routine, but may block users login + 5. users.verified = 0|1 + further "special settings" + 6. users.locked (setting displayed in display form) + 7. users.assurer_blocked (setting displayed in display form) + + --- User login user query + select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or + `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 + => requirements + 1. users.verified = 1 + 2. users.deleted = 0 + 3. users.locked = 0 + 4. users.email = primary-email + + --- Assurer, assure someone find user query + select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' + and `deleted`=0 + => requirements + 1. users.deleted = 0 + 2. users.email = primary-email + + Admin User Assurer + bit Console Login assure someone + + 1. email.hash = '' Yes No No + 2. email.deleted = 0 Yes No No + 3. users.deleted = 0 Yes Yes Yes + 4. users.verified = 1 No Yes No + 5. users.locked = 0 No Yes No + 6. users.email = prim-email No Yes Yes + 7. email.email = prim-email Yes No No + + full usable account needs all 7 requirements fulfilled + so if one setting isn't set/cleared there is an inconsistency either way + if eg email.email is not avail, admin console cannot open user info + but user can login and assurer can display user info + if user verified is not set to 1, admin console displays user record + but user cannot login, but assurer can search for the user and the data displays + + consistency check: + 1. search primary-email in users.email + 2. search primary-email in email.email + 3. userid = email.memid + 4. check settings from table 1. - 5. + + */ + + $inconsistency = 0; + $inconsistencydisp = ""; + $inccause = ""; + + // current userid intval($row['id']) + $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked` + from `users` where `id`='".intval($row['id'])."' "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $uemail = $drow['uemail']; + $udeleted = $drow['udeleted']; + $uverified = $drow['verified']; + $ulocked = $drow['locked']; + + $query = "select `hash`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and + `email` ='".$uemail."' and + `deleted` = 0"; + $dres = mysql_query($query); + if ($drow = mysql_fetch_assoc($dres)) { + $drow['edeleted'] = 0; + } else { + // try if there are deleted entries + $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and + `email` ='".$uemail."'"; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + } + + if ($drow) { + $eemail = $drow['eemail']; + $edeleted = $drow['edeleted']; + $ehash = $drow['hash']; + if ($udeleted!=0) { + $inconsistency += 1; + $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted"); + } + if ($uverified!=1) { + $inconsistency += 2; + $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set"); + } + if ($ulocked!=0) { + $inconsistency += 4; + $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set"); + } + if ($edeleted!=0) { + $inconsistency += 8; + $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); + } + if ($ehash!='') { + $inconsistency += 16; + $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); + } + } else { + $inconsistency = 32; + $inccause = _("Prim. email, Email record doesn't exist"); + } + if ($inconsistency>0) { + // $inconsistencydisp = _("Yes"); + ?> + <tr> + <td class="DataTD"><?=_("Account inconsistency")?>:</td> + <td class="DataTD"><?=$inccause?><br>code: <?=intval($inconsistency)?></td> + </tr> + <tr> + <td colspan="2" class="DataTD" style="max-width: 75ex;"> + <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?> + </td> + </tr> + <? + } + + // --- bug-975 end --- + ?> + </table> + <br /> + <? + // End - Debug infos + + // certificate overview + ?> + + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="6" class="title"><?=_("Certificates")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Cert Type")?>:</td> + <td class="DataTD"><?=_("Total")?></td> + <td class="DataTD"><?=_("Valid")?></td> + <td class="DataTD"><?=_("Expired")?></td> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=_("Latest Expire")?></td> + </tr> + <!-- server certificates --> + <tr> + <td class="DataTD"><?=_("Server")?>:</td> + <? + $query = " + select COUNT(*) as `total`, + MAX(`domaincerts`.`expire`) as `maxexpire` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + and `revoked` = '0000-00-00 00:00:00' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + and `revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- client certificates --> + <tr> + <td class="DataTD"><?=_("Client")?>:</td> + <? + $query = " + select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `revoked` = '0000-00-00 00:00:00' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- gpg certificates --> + <tr> + <td class="DataTD"><?=_("GPG")?>:</td> + <? + $query = " + select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` + from `gpg` + where `memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `gpg` + where `memid` = '".intval($row['id'])."' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `gpg` + where `memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- org server certificates --> + <tr> + <td class="DataTD"><a href="account.php?id=58&userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td> + <? + $query = " + select COUNT(*) as `total`, + MAX(`orgcerts`.`expire`) as `maxexpire` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` = '0000-00-00 00:00:00' + and `orgcerts`.`expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- org client certificates --> + <tr> + <td class="DataTD"><?=_("Org Client")?>:</td> + <? + $query = " + select COUNT(*) as `total`, + MAX(`orgcerts`.`expire`) as `maxexpire` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` = '0000-00-00 00:00:00' + and `orgcerts`.`expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <tr> + <td colspan="6" class="title"> + <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> + <input type="hidden" name="action" value="revokecert"> + <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="submit" value="<?=_('revoke certificates')?>"> + <input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/> + </form> + </td> + </tr> + </table> + <br /> + <? // list assurances ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"> + <a href="account.php?id=43&userid=<?=intval($row['id'])?>&shownotary=assuredto&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user got")?></a> + (<a href="account.php?id=43&userid=<?=intval($row['id'])?>&shownotary=assuredto15&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>) + </td> + </tr> + <tr> + <td class="DataTD"> + <a href="account.php?id=43&userid=<?=intval($row['id'])?>&shownotary=assuredby&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user gave")?></a> + (<a href="account.php?id=43&userid=<?=intval($row['id'])?>&shownotary=assuredby15&ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>) + </td> + </tr> + </table> + <? + // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") { + + + function showassuredto($ticketno) + { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="8" class="title"><?=_("Assurance Points")?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_("ID")?></b></td> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Who")?></b></td> + <td class="DataTD"><b><?=_("Email")?></b></td> + <td class="DataTD"><b><?=_("Points")?></b></td> + <td class="DataTD"><b><?=_("Location")?></b></td> + <td class="DataTD"><b><?=_("Method")?></b></td> + <td class="DataTD"><b><?=_("Revoke")?></b></td> + </tr> + <? + $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0"; + $dres = mysql_query($query); + $points = 0; + while($drow = mysql_fetch_assoc($dres)) { + $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'")); + $points += $drow['points']; + ?> + <tr> + <td class="DataTD"><?=$drow['id']?></td> + <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> + <td class="DataTD"><?=intval($drow['points'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>&ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td> + </tr> + <? + } + ?> + <tr> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD"><?=intval($points)?></td> + <td class="DataTD" colspan="3"> </td> + </tr> + </table> + <? + } + + function showassuredby($ticketno) + { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_("ID")?></b></td> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Who")?></b></td> + <td class="DataTD"><b><?=_("Email")?></b></td> + <td class="DataTD"><b><?=_("Points")?></b></td> + <td class="DataTD"><b><?=_("Location")?></b></td> + <td class="DataTD"><b><?=_("Method")?></b></td> + <td class="DataTD"><b><?=_("Revoke")?></b></td> + </tr> + <? + $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0"; + $dres = mysql_query($query); + $points = 0; + while($drow = mysql_fetch_assoc($dres)) { + $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['to'])."'")); + $points += intval($drow['points']); + ?> + <tr> + <td class="DataTD"><?=intval($drow['id'])?></td> + <td class="DataTD"><?=$drow['date']?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['fname']." ".$fromuser['lname'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> + <td class="DataTD"><?=intval($drow['points'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>&ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td> + </tr> + <? + } + ?> + <tr> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD"><?=intval($points)?></td> + <td class="DataTD" colspan="3"> </td> + </tr> + </table> + <?} ?> +<br/><br/> <? -function showassuredby() -{ -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td> - </tr> - <tr> - <td class="DataTD"><b><?=_("ID")?></b></td> - <td class="DataTD"><b><?=_("Date")?></b></td> - <td class="DataTD"><b><?=_("Who")?></b></td> - <td class="DataTD"><b><?=_("Email")?></b></td> - <td class="DataTD"><b><?=_("Points")?></b></td> - <td class="DataTD"><b><?=_("Location")?></b></td> - <td class="DataTD"><b><?=_("Method")?></b></td> - <td class="DataTD"><b><?=_("Revoke")?></b></td> - </tr> -<? - $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'"; - $dres = mysql_query($query); - $points = 0; - while($drow = mysql_fetch_assoc($dres)) - { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'")); - $points += $drow['points']; -?> - <tr> - <td class="DataTD"><?=$drow['id']?></td> - <td class="DataTD"><?=$drow['date']?></td> - <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> - <td class="DataTD"><?=$drow['points']?></td> - <td class="DataTD"><?=$drow['location']?></td> - <td class="DataTD"><?=$drow['method']?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> - </tr> -<? } ?> - <tr> - <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD" colspan="3"> </td> - </tr> -</table> -<? } ?> -<br><br> -<? } } +} } if(isset($_GET['shownotary'])) { switch($_GET['shownotary']) { case 'assuredto': - showassuredto(); + showassuredto($ticketno); break; case 'assuredby': - showassuredby(); + showassuredby($ticketno); break; case 'assuredto15': - output_received_assurances(intval($_GET['userid']),1); + output_received_assurances(intval($_GET['userid']),1,$ticketno); break; case 'assuredby15': - output_given_assurances(intval($_GET['userid']),1); + output_given_assurances(intval($_GET['userid']),1, $ticketno); break; } } diff --git a/pages/account/44.php b/pages/account/44.php index fd34612..718f0e0 100644 --- a/pages/account/44.php +++ b/pages/account/44.php @@ -14,8 +14,28 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?> +*/ + +if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { + ?> + <div style="color: orange;">ERROR: <?=$_SESSION['_config']['error']?></div> + <? + unset($_SESSION['_config']['error']); +} + +$ticketno = ""; +if (array_key_exists('ticketno', $_SESSION)) { + $ticketno = $_SESSION['ticketno']; +} + +if (!valid_ticket_number($ticketno)) { + printf(_("I'm sorry, you did not enter a ticket number! %s You cannot reset the password."), '<br/>'); + echo '<br/><a href="account.php?id=43&userid='.intval($_REQUEST['userid']).'">'._('Back to previous page.').'</a>'; + showfooter(); + exit; + } +?> + <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> @@ -34,5 +54,6 @@ </tr> </table> <input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> +<input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/> </form> diff --git a/pages/account/5.php b/pages/account/5.php index 934ca0c..efed0ab 100644 --- a/pages/account/5.php +++ b/pages/account/5.php @@ -19,7 +19,7 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> + <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> @@ -34,23 +34,24 @@ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`, - `emailcerts`.`expire` as `expires`, + `emailcerts`.`expire`, `emailcerts`.`revoked` as `revoke`, UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, + if (`emailcerts`.`expire`=0,CURRENT_TIMESTAMP(),`emailcerts`.`modified`) as `modified` , `emailcerts`.`id`, `emailcerts`.`CN`, `emailcerts`.`serial`, `emailcerts`.`disablelogin` as `disablelogin`, `emailcerts`.`description` from `emailcerts` - where `emailcerts`.`memid`='".$_SESSION['profile']['id']."' + where `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."' "; if($viewall != 1) $query .= " AND `revoked`=0 AND `renewed`=0 "; $query .= " GROUP BY `emailcerts`.`id` "; if($viewall != 1) - $query .= " HAVING `timeleft` > 0 "; - $query .= " ORDER BY `emailcerts`.`modified` desc"; + $query .= " HAVING `timeleft` > 0 or `expire` = 0 "; + $query .= " ORDER BY `modified` desc"; // echo $query."<br>\n"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -75,32 +76,32 @@ ?> <tr> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"></td> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="account.php?id=6&cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td> + <td class="DataTD"><a href="account.php?id=6&cert=<?=intval($row['id'])?>"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></a></td> <? } else if($verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"></td> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td> <? } else { ?> <td class="DataTD"> </td> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td> <? } ?> - <td class="DataTD"><?=$row['serial']?></td> - <td class="DataTD"><?=$row['revoke']?></td> - <td class="DataTD"><?=$row['expires']?></td> + <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td> + <td class="DataTD"><?=sanitizeHTML($row['revoke'])?></td> + <td class="DataTD"><?=sanitizeHTML($row['expire'])?></td> <td class="DataTD"> - <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/> - <input type="hidden" name="cert_<?=$row['id']?>" value="1" /> + <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/> + <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" /> </td> - <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> - <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> + <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="9"> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> + <a href="account.php?id=5&viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> </td> </tr> @@ -119,7 +120,7 @@ </tr> <? } ?> </table> -<input type="hidden" name="oldid" value="<?=$id?>" /> +<input type="hidden" name="oldid" value="<?=intval($id)?>" /> <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" /> </form> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> diff --git a/pages/account/52.php b/pages/account/52.php index 77a3bae..6c00c26 100644 --- a/pages/account/52.php +++ b/pages/account/52.php @@ -14,45 +14,51 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?> -<? +*/ + +if($_SESSION['profile']['tverify'] <= 0) { + echo _("You don't have access to this area."); +} else { $uid = intval($_GET['uid']); - $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; + $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0"; $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { + if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); $memid = intval($row['memid']); - $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; - $rc2 = mysql_num_rows(mysql_query($query2)); - if($rc2 > 0) - { + $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'"; + $rc2 = mysql_num_rows(mysql_query($query2)); + if($rc2 > 0) { showheader(_("My CAcert.org Account!")); echo _("You have already voted on this request."); showfooter(); exit; } - $query = "select sum(`points`) as `points` from `notary` where `to`='$memid'"; + $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0"; $notary = mysql_fetch_assoc(mysql_query($query)); - $query = "select * from `users` where `id`='$memid'"; + $query = "select * from `users` where `id`='".intval($memid)."'"; $user = mysql_fetch_assoc(mysql_query($query)); $tobe = 50 - $notary['points']; - if($row['URL'] != '' && $row['photoid'] != '') + if($row['URL'] != '' && $row['photoid'] != '') { $tobe = 150 - $notary['points']; - else if($row['URL'] != '') + } else if($row['URL'] != '') { $tobe = 90 - $notary['points']; - if(intval($tobe) <= 0) + } + if(intval($tobe) <= 0) { $tobe = 0; + } ?> <?=_("Request Details")?>:<br> -<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br> -<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br> -<?=_("Certificate Subject")?>: <?=$row['CN']?><br> -<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?> -<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?> +<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br> +<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br> +<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br> +<? if($row['URL'] != '') { ?> +<?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br> +<? } ?> +<? if($row['photoid'] != '') { ?> +<?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br> +<? } ?> <?=_("Current Points")?>: <?=intval($notary['points'])?><br> <?=_("Potential Points")?>: <?=intval($tobe)?><br> <?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br> @@ -63,40 +69,37 @@ <input type="submit" name="agree" value="<?=_("I agree with this Application")?>"> <input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>"> <input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>"> -<input type="hidden" name="uid" value="<?=$uid?>"> +<input type="hidden" name="uid" value="<?=intval($uid)?>"> </form> -<? } else { - $query = "select * from `tverify` where `id`='$uid' and `modified`=1"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { - echo _("This UID has already been voted on.")."<br/>"; +<? } else { - if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>"; - } - - // Search for open requests: - $query = "select * from `tverify` where `modified`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) - { - echo "<br/>"._("The following requests are still open:")."<br/><ul>"; - while($row = mysql_fetch_assoc($res)) - { - $uid=intval($row['id']); - $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; - $rc3 = mysql_num_rows(mysql_query($query3)); - if($rc3 <= 0) - { - echo "<li><a href='account.php?id=52&uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n"; + $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) { + echo _("This UID has already been voted on.")."<br/>"; + } else { + if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>"; + } + + // Search for open requests: + $query = "select * from `tverify` where `modified`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) { + echo "<br/>"._("The following requests are still open:")."<br/><ul>"; + while($row = mysql_fetch_assoc($res)) { + $uid=intval($row['id']); + $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'"; + $rc3 = mysql_num_rows(mysql_query($query3)); + if($rc3 <= 0) + { + echo "<li><a href='account.php?id=52&uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n"; + } } - } - echo "</ul>\n<br>\n"; - } - else - { - echo "<br/>"._("There are no pending requests where you haven't voted yet."); + echo "</ul>\n<br>\n"; + } else { + echo "<br/>"._("There are no pending requests where you haven't voted yet."); + } } +} - - } } ?> +?> diff --git a/pages/account/55.php b/pages/account/55.php index ec401a0..24cc86d 100644 --- a/pages/account/55.php +++ b/pages/account/55.php @@ -1,112 +1,122 @@ -<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
- $user_id = intval($_SESSION['profile']['id']);
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
- </tr>
-</table>
-<?
- } else {
- $user_id = intval($_REQUEST['userid']);
- $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
- } else {
- $row = mysql_fetch_assoc($res);
- }
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
- </tr>
-</table>
-
-<?
- }
-?>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Test")?></b></td>
- <td class="DataTD"><b><?=_("Variant")?></b></td>
- </tr>
-<?
- $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
- " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
- " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
- " ORDER BY `CP`.`pass_date`";
-
- $res = mysql_query($query);
-
- $HaveTest=0;
- while($row = mysql_fetch_array($res, MYSQL_NUM))
- {
- if ($row[1] == "Assurer Challenge") {
- $HaveTest=1;
- }
-?>
- <tr>
- <td class="DataTD"><?=$row[0]?></td>
- <td class="DataTD"><?=$row[1]?></td>
- <td class="DataTD"><?=$row[2]?></td>
- </tr>
-<? }
-?>
-</table>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
-<?
- if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
-?>
- <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=$user_id ?>">back</a></td></tr>
-<? } else {
- $query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
- ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '.
- ' GROUP BY `u`.id, `u`.`assurer`';
- $res = mysql_query($query);
- if (!$res) {
- print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
- } else {
- $row = mysql_fetch_array($res, MYSQL_NUM);
- if ($HaveTest && ($row[2]>=100)) {
- if (!$row[1]) {
- // This should not happen...
- fix_assurer_flag($_SESSION['profile']['id']);
- }
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td>
-<? } elseif (($row[2]>=100) && !$HaveTest) {
-?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td>
-<? } elseif ($HaveTest && ($row[2]<100)) {
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td>
-<? }
- }
- }
-?> </tr>
-</table>
-
+<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<? + if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) { + $user_id = intval($_SESSION['profile']['id']); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Your passed Tests")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td> + </tr> +</table> +<? + } else { + $user_id = intval($_REQUEST['userid']); + $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) <= 0) + { + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); + } else { + $row = mysql_fetch_assoc($res); + } +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td> + </tr> +</table> + +<? + } +?> +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Test")?></b></td> + <td class="DataTD"><b><?=_("Variant")?></b></td> + </tr> +<? + $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ". + " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ". + " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'". + " ORDER BY `CP`.`pass_date`"; + + $res = mysql_query($query); + + $HaveTest=0; + while($row = mysql_fetch_array($res, MYSQL_NUM)) + { + if ($row[1] == "Assurer Challenge") { + $HaveTest=1; + } +?> + <tr> + <td class="DataTD"><?=sanitizeHTML($row[0])?></td> + <td class="DataTD"><?=sanitizeHTML($row[1])?></td> + <td class="DataTD"><?=sanitizeHTML($row[2])?></td> + </tr> +<? } +?> +</table> +<br> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> +<? + if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) { +?> + <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=intval($user_id)?>">back</a></td></tr> +<? + } else { + $query = ' + SELECT `u`.`id`, + `u`.`assurer`, + SUM(`points`) + FROM `users` AS `u`, + `notary` AS `n` + WHERE `u`.`id` = \''.intval($_SESSION['profile']['id']).'\' + AND `n`.`to` = `u`.`id` + AND `expire` < NOW() + AND `n`.`deleted` = 0 + GROUP BY `u`.`id`, `u`.`assurer` + '; + $res = mysql_query($query); + if (!$res) { + print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n"; + } else { + $row = mysql_fetch_array($res, MYSQL_NUM); + if ($HaveTest && ($row[2]>=100)) { + if (!$row[1]) { + // This should not happen... + fix_assurer_flag($_SESSION['profile']['id']); + } +?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td> +<? } elseif (($row[2]>=100) && !$HaveTest) { +?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td> +<? } elseif ($HaveTest && ($row[2]<100)) { +?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td> +<? } + } + } +?> </tr> +</table> + diff --git a/pages/account/56.php b/pages/account/56.php index 348cc49..cabe8e0 100644 --- a/pages/account/56.php +++ b/pages/account/56.php @@ -1,41 +1,41 @@ -<? /*
-LibreSSL - CAcert web application
-Copyright (C) 2004-2008 CAcert Inc.
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; version 2 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?=_("List of Organisation Assurers:")?>
-
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="1" class="title"><?=_("Name")?></td>
- <td colspan="1" class="title"><?=_("Email")?></td>
- <td colspan="1" class="title"><?=_("Country")?></td>
- </tr>
- <?
- $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- {
- ?>
- <tr>
- <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td>
- <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td>
- <td><?=sanitizeHTML($row['name'])?></td>
- </tr>
- <?
- }
-?>
-</table>
-
+<? /* +LibreSSL - CAcert web application +Copyright (C) 2004-2008 CAcert Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ ?> +<?=_("List of Organisation Assurers:")?> + +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="1" class="title"><?=_("Name")?></td> + <td colspan="1" class="title"><?=_("Email")?></td> + <td colspan="1" class="title"><?=_("Country")?></td> + </tr> + <? + $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;"; + $res = mysql_query($query); + while($row = mysql_fetch_assoc($res)) + { + ?> + <tr> + <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td> + <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td> + <td><?=sanitizeHTML($row['name'])?></td> + </tr> + <? + } +?> +</table> + diff --git a/pages/account/57.php b/pages/account/57.php index 0356eeb..9db7ccf 100644 --- a/pages/account/57.php +++ b/pages/account/57.php @@ -28,7 +28,7 @@ $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { - echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); } else { $row = mysql_fetch_assoc($res); ?> @@ -48,12 +48,12 @@ <td class="DataTD"><b><?=_('Type')?></b></td> </tr> <? - $data=get_first_user_agreement($user_id,1); + $data=get_first_user_agreement($user_id, 'CCA', 1); if (!isset($data['active'])){ $type=''; - }else{ + }else{ $type=_('active'); - } + } ?> <tr> <td class="DataTD"><?=_('First active CCA')?></td> @@ -62,7 +62,7 @@ <td class="DataTD"><?=$type?></td> </tr> <? - $data=get_first_user_agreement($user_id,0); + $data=get_first_user_agreement($user_id, 'CCA', 0); if (!isset($data['active'])){ $type=""; }else{ @@ -76,14 +76,14 @@ <td class="DataTD"><?=$type?></td> </tr> <? - $data=get_last_user_agreement($user_id); + $data=get_last_user_agreement($user_id, 'CCA'); if (!isset($data['active'])){ - $type=""; - }elseif($data['active']==1){ - $type=_('active'); - }else{ - $type=_('passive'); - } + $type=""; + }elseif($data['active']==1){ + $type=_('active'); + }else{ + $type=_('passive'); + } ?> <tr> <td class="DataTD"><?=_('Last CCA')?></td> @@ -98,7 +98,7 @@ <? if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) { ?> - <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=$user_id ?>">back</a></td></tr> + <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=intval($user_id)?>">back</a></td></tr> <? } ?> </table> <? diff --git a/pages/account/58.php b/pages/account/58.php index 1f6b1a0..af26b70 100644 --- a/pages/account/58.php +++ b/pages/account/58.php @@ -23,7 +23,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) != 1){ - echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); } else { if ($row = mysql_fetch_assoc($res)){ $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']); @@ -54,7 +54,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) } ?></table> <? }else{ - echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); } } } diff --git a/pages/account/59.php b/pages/account/59.php new file mode 100644 index 0000000..1c73ae5 --- /dev/null +++ b/pages/account/59.php @@ -0,0 +1,385 @@ +<?/* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ +include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); + + +$userid = intval($_REQUEST['userid']); + +$res = get_user_data($userid); +if (mysql_num_rows($res) <= 0) +{ + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!"); + exit; +} + +$user = mysql_fetch_assoc($res); + +$fname = $user['fname']; +$mname = $user['mname']; +$lname = $user['lname']; +$suffix = $user['suffix']; +$dob = $user['dob']; +$username = $fname." ".$mname." ".$lname." ".$suffix; +$email = $user['email']; +$alerts =get_alerts($userid); + +$ticketno = ""; +if (array_key_exists('ticketno', $_SESSION)) { + $ticketno = $_SESSION['ticketno']; +} + +$oldid = 0; +if (array_key_exists('oldid', $_REQUEST)) { + $oldid = intval($_REQUEST['oldid']); +} + +// Support Engineer access restrictions +$support=0; +if ($userid != $_SESSION['profile']['id']) { + // Check if support engineer + if (array_key_exists('admin', $_SESSION['profile']) && + $_SESSION['profile']['admin'] != 0) + { + $support=$_SESSION['profile']['admin']; + + } else { + echo _("You do not have access to this page."); + showfooter(); + exit; + } + + if (!valid_ticket_number($ticketno)) { + printf(_("I'm sorry, you did not enter a ticket number! %s Support is not allowed to view the account history without a ticket number."), '<br/>'); + echo '<br/><a href="account.php?id=43&userid='.intval($userid).'">'. _('Back to previous page.') .'</a>'; + showfooter(); + exit; + } + + if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $ticketno)) { + echo _("Writing to the admin log failed. Can't continue."); + echo '<br/><a href="account.php?id=43&userid='.intval($userid).'">'. _('Back to previous page.') .'</a>'; + showfooter(); + exit; + } +} + +// Account details +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?printf(_('Account history of %s'),$username)?></td> + </tr> + <tr> + <td colspan="2" class="title"><?=_('User actions')?></td> + </tr> + <tr> + <td class="DataTD"><?=_('User name')?></td> + <td class="DataTD"><?=sanitizeHTML($username)?></td> + </tr> + <tr> + <td class="DataTD"><?=_('Date of Birth')?></td> + <td class="DataTD"><?=sanitizeHTML($dob)?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Is Assurer")?>:</td> + <td class="DataTD"><?= ($user['assurer']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Blocked Assurer")?>:</td> + <td class="DataTD"><?= ($user['assurer_blocked']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Account Locking")?>:</td> + <td class="DataTD"><?= ($user['locked']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Code Signing")?>:</td> + <td class="DataTD"><?= ($user['codesign']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Org Assurer")?>:</td> + <td class="DataTD"><?= ($user['orgadmin']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("TTP Admin")?>:</td> + <td class="DataTD"><?= $user['ttpadmin']._(' - 0 = none, 1 = TTP Admin, 2 = TTP TOPUP admin')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Location Admin")?>:</td> + <td class="DataTD"><?= ($user['locadmin']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Admin")?>:</td> + <td class="DataTD"><?= ($user['admin']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Ad Admin")?>:</td> + <td class="DataTD"><?= $user['adadmin']._(' - 0 = none, 1 = submit, 2 = approve')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("General Announcements")?>:</td> + <td class="DataTD"><?= ($alerts['general']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Country Announcements")?>:</td> + <td class="DataTD"><?= ($alerts['country']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Regional Announcements")?>:</td> + <td class="DataTD"><?= ($alerts['regional']==0)? _('No'):_('Yes')?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Within 200km Announcements")?>:</td> + <td class="DataTD"><?= ($alerts['radius']==0)? _('No'):_('Yes')?></td> + </tr> +</table> +<br/> +<? + +// Email addresses +$dres = get_email_addresses($userid,'',1); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="3" class="title"><?=_('Email addresses')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_log_email_header(); + while ($drow = mysql_fetch_assoc($dres)) + { + output_log_email($drow,$email); + } +} else { + ?> + <tr> + <td colspan="3" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> +<? + +// Domains +$dres = get_domains($userid, 1); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="3" class="title"><?=_('Domains')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_log_domains_header(); + while ($drow = mysql_fetch_assoc($dres)) + { + output_log_domains($drow); + } +} else { + ?> + <tr> + <td colspan="3" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> + +<? +// Trainings +$dres = get_training_results($userid); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="3" class="title"><?=_('Trainings')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_log_training_header(); + while ($drow = mysql_fetch_assoc($dres)) + { + output_log_training($drow); + } +} else { + ?> + <tr> + <td colspan="3" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> + +<? +// User Agreements +$dres = get_user_agreements($userid); +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="4" class="title"><?=_('User agreements')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_log_agreement_header(); + while ($drow = mysql_fetch_assoc($dres)) + { + output_log_agreement($drow); + } +} else { + ?> + <tr> + <td colspan="4" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> + +<? +// Client Certificates +$dres = get_client_certs($userid, 1); +$colspan=8; +if (1 == $support) { + $colspan=6; +} +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="<?=$colspan?>" class="title"><?=_('Client certificates')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_client_cert_header($support); + while ($drow = mysql_fetch_assoc($dres)) + { + output_client_cert($drow,$support); + } +} else { + ?> + <tr> + <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> + +<? +// Server Certificates +$dres = get_server_certs($userid,1); +$colspan = 7; +if (1 == $support) { + $colspan = 5; +} +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="<?=$colspan?>" class="title"><?=_('Server certificates')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_server_certs_header($support); + while ($drow = mysql_fetch_assoc($dres)) + { + output_server_certs($drow,$support); + } +} else { + ?> + <tr> + <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +</table> +<br/> + +<? +// GPG Certificates +$dres = get_gpg_certs($userid,1); +$colspan = 6; +if (1 == $support) { + $colspan = 4; +} +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="<?=$colspan?>" class="title"><?=_('GPG/PGP certificates')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_gpg_certs_header($support); + while ($drow = mysql_fetch_assoc($dres)) + { + output_gpg_certs($drow, $support); + } +} else { + ?> + <tr> + <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td> + </tr> + <? +}?> +</table> +<br/> + +<? + +output_given_assurances($userid, $support, $ticketno, 1); +?><br/><? + +output_received_assurances($userid, $support, $ticketno, 1); +?><br/><? + +$dres = get_se_log($userid); +$colspan = 2; +if (1 == $support) { + $colspan = 4; +} +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="<?=$colspan?>" class="title"><?=_('Admin log')?></td> + </tr> +<? +if (mysql_num_rows($dres) > 0) { + output_log_se_header($support); + while ($drow = mysql_fetch_assoc($dres)) + { + output_log_se($drow,$support); + } +} else { + ?> + <tr> + <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td> + </tr> + <? +} +?> +<tr> + <td colspan="<?=$colspan?>" > + <a href="account.php?id=<?=$oldid?intval($oldid):($support?43:13)?>&userid=<?=intval($userid)?>"><?= _('Back to previous page.')?></a> + </td> +</tr> + +</table> diff --git a/pages/account/6.php b/pages/account/6.php index 8455499..de8d1a3 100644 --- a/pages/account/6.php +++ b/pages/account/6.php @@ -25,7 +25,7 @@ if(array_key_exists('cert',$_REQUEST)) { $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`, - `emailcerts`.`expire` as `expires`, + `emailcerts`.`expire`, `emailcerts`.`revoked` as `revoke`, UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, `emailcerts`.`id`, @@ -60,7 +60,7 @@ if (array_key_exists('format', $_REQUEST)) { } $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname $outform`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname $outform"); header("Content-Type: application/pkix-cert"); header("Content-Length: ".strlen($cert)); @@ -82,7 +82,7 @@ if (array_key_exists('format', $_REQUEST)) { } else { // All other browsers $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname -outform DER`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform DER"); header("Content-Type: application/x-x509-user-cert"); header("Content-Length: ".strlen($cert)); @@ -111,7 +111,7 @@ if (array_key_exists('format', $_REQUEST)) { // Allow to directly copy and paste the cert in PEM format $crtname=escapeshellarg($row['crt_name']); - $cert = `/usr/bin/openssl x509 -in $crtname -outform PEM`; + $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform PEM"); echo "<pre>$cert</pre>"; ?> @@ -137,11 +137,11 @@ if (array_key_exists('format', $_REQUEST)) { </tr> <tr> <td class="DataTD"><?=_("Email Address")?></td> - <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td> </tr> <tr> <td class="DataTD"><?=_("SerialNumber")?></td> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td> </tr> <tr> <td class="DataTD"><?=_("Revoked")?></td> @@ -149,7 +149,7 @@ if (array_key_exists('format', $_REQUEST)) { </tr> <tr> <td class="DataTD"><?=_("Expires")?></td> - <td class="DataTD"><?=$row['expires']?></td> + <td class="DataTD"><?=$row['expire']?></td> </tr> <tr> <td class="DataTD"><?=_("Login")?></td> diff --git a/pages/gpg/2.php b/pages/gpg/2.php index cc8a872..84e11d2 100644 --- a/pages/gpg/2.php +++ b/pages/gpg/2.php @@ -30,7 +30,7 @@ $query = "select UNIX_TIMESTAMP(`issued`) as `issued`, UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`expire`) as `expired`, - `expire` as `expires`, `id`, `level`, + `expire`, `id`, `level`, `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."' ORDER BY `issued` desc"; $res = mysql_query($query); @@ -43,6 +43,7 @@ <? } else { while($row = mysql_fetch_assoc($res)) { + $verified = ''; if($row['timeleft'] > 0) $verified = _("Valid"); if($row['timeleft'] < 0) @@ -53,18 +54,18 @@ <tr> <? if($verified == _("Valid")) { ?> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['email']?></a></td> + <td class="DataTD"><a href="gpg.php?id=3&cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> <? } else if($verified == _("Pending")) { ?> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><?=$row['email']?></td> + <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> <? } else { ?> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['email']?></a></td> + <td class="DataTD"><a href="gpg.php?id=3&cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> <? } ?> - <td class="DataTD"><?=$row['expires']?></td> - <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['keyid']?></a></td> - <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> - <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> + <td class="DataTD"><?=$row['expire']?></td> + <td class="DataTD"><a href="gpg.php?id=3&cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['keyid'])?></a></td> + <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td> </tr> <? } ?> <? } ?> @@ -77,5 +78,5 @@ <td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td> </tr> </table> -<input type="hidden" name="oldid" value="<?=$id?>" /> +<input type="hidden" name="oldid" value="<?=intval($id)?>" /> </form> diff --git a/pages/index/52.php b/pages/index/52.php new file mode 100644 index 0000000..0926780 --- /dev/null +++ b/pages/index/52.php @@ -0,0 +1,33 @@ +<?/* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +?> + +<div style="text-align: center;"> + <h1><?=_('CAcert Community Agreement Acceptance')?></h1> + <p><?=sprintf(_('To get access to your account your agreement to the %s CAcert Community Agreement %s (CCA) is required.'),'<a href="/policy/CAcertCommunityAgreement.php">', '</a>')?></p> + <p><?=_('Every member, who has agreed to the CCA, should be able to rely on the fact that every other user of CAcert has also agreed to the CCA and that the same rules apply to everybody. Moreover it is a basic requirement for the audit to be able to tell who has accepted our rules.')?></p> + <p><?=_('Originally the acceptance was not recorded. Up until now, we do not have your agreement on record. Once you have accepted the CCA (again) your agreement is recorded and you will not need to do this step again.')?></p> + <p><?=sprintf(_('If you do not wish to accept the CCA you should consider to ask for the closing of your account as you will not be able to access our system. In this case please send an email to support (%s).'),'<a href="mailto:support@cacert.org">support@cacert.org</a>')?></p> + <p><?=_('If you do not want to decide about the acceptance of the CCA now, you can come back at any time.')?></p> + <form method="post" action="index.php"> + <input type="submit" name="agree" value="<?=_('I agree to the CCA')?>"> + <input type="submit" name="disagree" value="<?=_('I do not want to accept the CCA')?>"> + <input type="hidden" name="oldid" value="<?=$id?>"> + </form> +</div> diff --git a/pages/wot/1.php b/pages/wot/1.php index a45b5df..9047f27 100644 --- a/pages/wot/1.php +++ b/pages/wot/1.php @@ -14,9 +14,9 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? - $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries")); +*/ + + $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries")); $total1 =$res['summe']; $locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0; @@ -91,7 +91,7 @@ { $query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and `ccid`='".$ccid."' and `regid`='".$regid."' and - `locid`='".$locid."' and `users`.`id`=`notary`.`to` + `locid`='".$locid."' and `users`.`id`=`notary`.`to` and `notary`.`deleted`=0 group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc"; $list = mysql_query($query); if(mysql_num_rows($list) > 0) @@ -104,19 +104,19 @@ <td class="title"><?=_("Contact Details")?></td> <td class="title"><?=_("Email Assurer")?></td> <td class="title"><?=_("Assurer Challenge")?></td> - </tr> -<? while($row = mysql_fetch_assoc($list)) { ?> + +<? while($row = mysql_fetch_assoc($list)) { ?> <tr> - <td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td> + <td class="DataTD" width="100"><nobr><?=sanitizeHTML($row['fname'])?> <?=substr($row['lname'], 0, 1)?>.</nobr></td> <td class="DataTD"><?=maxpoints($row['id'])?></td> - <td class="DataTD"><?=$row['contactinfo']?></td> + <td class="DataTD"><?=sanitizeHTML($row['contactinfo'])?></td> <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td> <td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td> - </tr> -<? } - } +<? + } + } ?> </table> <br> diff --git a/pages/wot/10.php b/pages/wot/10.php index bc76a86..b5e146c 100644 --- a/pages/wot/10.php +++ b/pages/wot/10.php @@ -24,7 +24,7 @@ <td colspan="5" class="title"><?=_("Assurer Ranking")?></td> </tr> <tr> -<? +<?// the rank calculation is not adjusted to the new deletion method $query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary` WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to` AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`"; @@ -36,8 +36,8 @@ WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to` GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC"; */ - $query = "SELECT count(*) AS `list` FROM `users` - inner join `notary` on `users`.`id` = `notary`.`from` + $query = "SELECT count(*) AS `list` FROM `users` + inner join `notary` on `users`.`id` = `notary`.`from` GROUP BY `notary`.`from` HAVING count(*) > '$rc'"; $rank = mysql_num_rows(mysql_query($query)) + 1; @@ -64,18 +64,18 @@ <td class="DataTD"><b><?=_("Method")?></b></td> </tr> <? - $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'"; + $query = "select `id`, `date`, `from`, `points`, `location`, `method` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'")); + $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'")); ?> <tr> - <td class="DataTD"><?=$row['id']?></td> + <td class="DataTD"><?=intval($row['id'])?></td> <td class="DataTD"><?=$row['date']?></td> - <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($row['from'])?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> - <td class="DataTD"><?=$row['points']?></td> - <td class="DataTD"><?=$row['location']?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($row['from'])?>"><?=sanitizeHTML(trim($fromuser['fname']." ".$fromuser['lname']))?></td> + <td class="DataTD"><?=intval($row['points'])?></td> + <td class="DataTD"><?=sanitizeHTML($row['location'])?></td> <td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td> </tr> <? @@ -114,30 +114,30 @@ if ($thawte) </tr> <? $points = 0; - $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'"; + $query = "select `id`, `date`, `points`, `to`, `location`, `method` from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."' and `deleted`=0" ; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'")); - $points += $row['points']; + $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'")); + $points += intval($row['points']); $name = trim($fromuser['fname']." ".$fromuser['lname']); if($name == "") $name = _("Deleted before Verification"); else - $name = "<a href='wot.php?id=9&userid=".intval($row['to'])."'>$name</a>"; + $name = "<a href='wot.php?id=9&userid=".intval($row['to'])."'>".sanitizeHTML($name)."</a>"; ?> <tr> <td class="DataTD"><?=intval($row['id'])?></td> <td class="DataTD"><?=$row['date']?></td> <td class="DataTD"><?=$name?></td> <td class="DataTD"><?=intval($row['points'])?></td> - <td class="DataTD"><?=$row['location']?></td> + <td class="DataTD"><?=sanitizeHTML($row['location'])?></td> <td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="3"><b><?=_("Total Points Issued")?>:</b></td> - <td class="DataTD"><?=$points?></td> + <td class="DataTD"><?=intval($points)?></td> <td class="DataTD" colspan="2"> </td> </tr> </table> diff --git a/pages/wot/15.php b/pages/wot/15.php index cca2702..c1f3e0f 100644 --- a/pages/wot/15.php +++ b/pages/wot/15.php @@ -14,7 +14,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ +*/ require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); diff --git a/pages/wot/5.php b/pages/wot/5.php index c1a6438..565dd6a 100644 --- a/pages/wot/5.php +++ b/pages/wot/5.php @@ -18,14 +18,24 @@ include_once("../includes/shutdown.php"); require_once("../includes/lib/l10n.php"); ?> -<? - if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") +<? + if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><font color="orange" size="+1"> <? echo _("ERROR").": ".$_SESSION['_config']['error'] ?> </font> <?unset($_SESSION['_config']['error']); - } + } + + if (!isset($_SESSION['assuresomeone']['year'])) { + $_SESSION['assuresomeone']['year'] = 0; + } + if (!isset($_SESSION['assuresomeone']['month'])) { + $_SESSION['assuresomeone']['month'] = 0; + } + if (!isset($_SESSION['assuresomeone']['day'])) { + $_SESSION['assuresomeone']['day'] = 0; + } ?> <? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?> <form method="post" action="wot.php"> @@ -60,6 +70,37 @@ <td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td> <? } ?> </tr> + <tr> + <td class="DataTD"> + <?=_("Date of Birth")?><br/> + (<?=_("yyyy/mm/dd")?>)</td> + <td class="DataTD"> + <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['year']) >= 1900 ? intval($_SESSION['assuresomeone']['year']):''?>" size="4" autocomplete="off"></nobr> + <select name="month"> +<? +for($i = 1; $i <= 12; $i++) +{ + echo "<option value='$i'"; + if(array_key_exists('month',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['month']) === $i) + echo " selected=\"selected\""; + echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n"; +} +?> + </select> + <select name="day"> +<? +for($i = 1; $i <= 31; $i++) +{ + echo "<option"; + if(array_key_exists('day',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['day']) === $i) + echo " selected=\"selected\""; + echo ">$i</option>"; +} +?> + </select> + </td> + </tr> + <tr> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td> </tr> diff --git a/pages/wot/6.php b/pages/wot/6.php index a565aa7..4094a18 100644 --- a/pages/wot/6.php +++ b/pages/wot/6.php @@ -24,6 +24,9 @@ } $row = $_SESSION['_config']['notarise']; + $_SESSION['assuresomeone']['year'] = 0; + $_SESSION['assuresomeone']['month'] = 0; + $_SESSION['assuresomeone']['day'] = 0; if($_SESSION['profile']['ttpadmin'] == 1) // $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP"); @@ -47,10 +50,10 @@ '12' => _('December') ); - $fname = $row['fname']; - $mname = $row['mname']; - $lname = $row['lname']; - $suffix = $row['suffix']; + $fname = sanitizeHTML($row['fname']); + $mname = sanitizeHTML($row['mname']); + $lname = sanitizeHTML($row['lname']); + $suffix = sanitizeHTML($row['suffix']); $dob = $row['dob']; $dob_date = explode('-', $dob, 3); @@ -74,8 +77,8 @@ AssureMethodLine(_("Method"),$methods,''); AssureBoxLine("certify",sprintf(_("I certify that %s %s %s %s has appeared in person."), $fname, $mname, $lname, $suffix),array_key_exists('certify',$_POST) && $_POST['certify'] == 1); AssureBoxLine("CCAAgreed",sprintf(_("I verify that %s %s %s %s has accepted the CAcert Community Agreement."), $fname, $mname, $lname, $suffix),array_key_exists('CCAAgreed',$_POST) && $_POST['CCAAgreed'] == 1); - AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?$_SESSION['_config']['location']:"",""); - AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?$_SESSION['_config']['date']:date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); + AssureInboxLine("location",_("Location"),array_key_exists('location',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['location']):"",""); + AssureInboxLine("date",_("Date"),array_key_exists('date',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['date']):date("Y-m-d"),"<br/>"._("The date when the assurance took place. Please adjust the date if you assured the person on a different day (YYYY-MM-DD).")); AssureTextLine("",_("Only tick the next box if the Assurance was face to face.")); AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1); AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1); diff --git a/pages/wot/9.php b/pages/wot/9.php index bfa7a98..20f2c6d 100644 --- a/pages/wot/9.php +++ b/pages/wot/9.php @@ -15,9 +15,9 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ - + require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); - + $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'"); if(mysql_num_rows($res) <= 0) @@ -26,11 +26,10 @@ } else { $user = mysql_fetch_array($res); - $userlang = $user['language']; + $userlang = L10n::normalise_translation($user['language']); $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` - where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); - if($points <= 0) - { + where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0")); + if($points <= 0) { echo _("Sorry, I was unable to locate that user."); } else { @@ -38,31 +37,31 @@ ?> <? if($_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?> <form method="post" action="wot.php"> -<input type="hidden" name="userid" value="<?=$user['id']?>"> +<input type="hidden" name="userid" value="<?=intval($user['id'])?>"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="2" class="title"><?=_("Contact Assurer")?></td> </tr> <tr> <td class="DataTD"><?=_("To")?>:</td> - <td class="DataTD" align="left"><?=$user['fname']?> <?=substr($user['lname'], 0, 1)?></td> + <td class="DataTD" align="left"><?=sanitizeHTML(trim($user['fname'].' '.substr($user['lname'], 0, 1)))?></td> </tr> <? if($userlang != "") { ?> <tr> <td class="DataTD"><?=_("Language")?>:</td> - <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], L10n::$translations[$userlang]) ?></td> + <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), sanitizeHTML($user['fname']), L10n::$translations[$userlang]) ?></td> </tr> <? } ?> <? - $query = "select * from `addlang` where `userid`='".$user['id']."'"; + $query = "select * from `addlang` where `userid`='".intval($user['id'])."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'")); + $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'")); ?> <tr> <td class="DataTD"><?=_("Additional Language")?>:</td> - <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), $user['fname'], $lang['lang'], $lang['country']) ?></td> + <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), $lang['lang'], $lang['country']) ?></td> </tr> <? } ?> <tr> @@ -79,7 +78,7 @@ </table> <input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>"> <input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> </form> <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> <? } } ?> |