Merge branch 'bug-1276' into release
[cacert-devel.git] / includes / lib / account.php
1 <?php
2 /*
3 LibreSSL - CAcert web application
4 Copyright (C) 2004-2008 CAcert Inc.
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; version 2 of the License.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18 */
19
20 /**
21 * Function to recalculate the cached Assurer status
22 *
23 * @param int $userID
24 * if the user ID is not given the flag will be recalculated for all users
25 *
26 * @return bool
27 * false if there was an error on fixing the flag. This does NOT return the
28 * new value of the flag
29 */
30 function fix_assurer_flag($userID = NULL)
31 {
32 // Update Assurer-Flag on users table if 100 points and CATS passed.
33 //
34 // We may have some performance issues here if no userID is given
35 // there are ~150k assurances and ~220k users currently
36 // but the exists-clause on cats_passed should be a good filter
37 $sql = '
38 UPDATE `users` AS `u` SET `assurer` = 1
39 WHERE '.(
40 ($userID === NULL) ?
41 '`u`.`assurer` = 0' :
42 '`u`.`id` = \''.intval($userID).'\''
43 ).'
44 AND EXISTS(
45 SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv`
46 WHERE `cp`.`variant_id` = `cv`.`id`
47 AND `cv`.`type_id` = 1
48 AND `cp`.`user_id` = `u`.`id`
49 )
50 AND (
51 SELECT SUM(`points`) FROM `notary` AS `n`
52 WHERE `n`.`to` = `u`.`id`
53 AND (`n`.`expire` > now()
54 OR `n`.`expire` IS NULL)
55 AND `n`.`deleted` = 0
56 ) >= 100';
57
58 $query = mysql_query($sql);
59 if (!$query) {
60 return false;
61 }
62 // Challenge has been passed and non-expired points >= 100
63
64 // Reset flag if requirements are not met
65 //
66 // Also a bit performance critical but assurer flag is only set on
67 // ~5k accounts
68 $sql = '
69 UPDATE `users` AS `u` SET `assurer` = 0
70 WHERE '.(
71 ($userID === NULL) ?
72 '`u`.`assurer` <> 0' :
73 '`u`.`id` = \''.intval($userID).'\''
74 ).'
75 AND (
76 NOT EXISTS(
77 SELECT 1 FROM `cats_passed` AS `cp`,
78 `cats_variant` AS `cv`
79 WHERE `cp`.`variant_id` = `cv`.`id`
80 AND `cv`.`type_id` = 1
81 AND `cp`.`user_id` = `u`.`id`
82 )
83 OR (
84 SELECT SUM(`points`) FROM `notary` AS `n`
85 WHERE `n`.`to` = `u`.`id`
86 AND (
87 `n`.`expire` > now()
88 OR `n`.`expire` IS NULL
89 )
90 AND `n`.`deleted` = 0
91 ) < 100
92 )';
93
94 $query = mysql_query($sql);
95 if (!$query) {
96 return false;
97 }
98
99 return true;
100 }
101
102 /**
103 * Supported hash algorithms for signing certificates
104 */
105 class HashAlgorithms {
106 /**
107 * Default hash algorithm identifier for signing
108 * @var string
109 */
110 public static $default = 'sha256';
111
112 /**
113 * Get display strings for the supported hash algorithms
114 * @return array(string=>array('name'=>string, 'info'=>string))
115 * - [$hash_identifier]['name'] = Name that should be displayed in UI
116 * - [$hash_identifier]['info'] = Additional information that can help
117 * with the selection of a suitable algorithm
118 */
119 public static function getInfo() {
120 return array(
121 'sha256' => array(
122 'name' => 'SHA-256',
123 'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),
124 ),
125 'sha384' => array(
126 'name' => 'SHA-384',
127 'info' => '',
128 ),
129 'sha512' => array(
130 'name' => 'SHA-512',
131 'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),
132 ),
133 );
134 }
135
136 /**
137 * Check if the input is a supported hash algorithm identifier otherwise
138 * return the identifier of the default hash algorithm
139 *
140 * @param string $hash_identifier
141 * @return string The cleaned identifier
142 */
143 public static function clean($hash_identifier) {
144 if (array_key_exists($hash_identifier, self::getInfo() )) {
145 return $hash_identifier;
146 } else {
147 return self::$default;
148 }
149 }
150 }