Merge branch 'bug-1292' into release
[cacert-devel.git] / includes / notary.inc.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2011 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 define('NULL_DATETIME', '0000-00-00 00:00:00');
20 define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
21
22 function query_init ($query)
23 {
24 return mysql_query($query);
25 }
26
27 function query_getnextrow ($res)
28 {
29 $row1 = mysql_fetch_assoc($res);
30 return $row1;
31 }
32
33 function query_get_number_of_rows ($resultset)
34 {
35 return intval(mysql_num_rows($resultset));
36 }
37
38 function get_number_of_assurances ($userid)
39 {
40 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
41 WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' and `deleted` = 0");
42 $row = query_getnextrow($res);
43
44 return intval($row['list']);
45 }
46
47 function get_number_of_ttpassurances ($userid)
48 {
49 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
50 WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' and `deleted` = 0");
51 $row = query_getnextrow($res);
52
53 return intval($row['list']);
54 }
55
56 function get_number_of_assurees ($userid)
57 {
58 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
59 WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' and `deleted` = 0");
60 $row = query_getnextrow($res);
61
62 return intval($row['list']);
63 }
64
65 function get_top_assurer_position ($no_of_assurances)
66 {
67 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
68 WHERE `method` = 'Face to Face Meeting' and `deleted` = 0
69 GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
70 return intval(query_get_number_of_rows($res)+1);
71 }
72
73 function get_top_assuree_position ($no_of_assurees)
74 {
75 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
76 WHERE `method` = 'Face to Face Meeting' and `deleted` = 0
77 GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
78 return intval(query_get_number_of_rows($res)+1);
79 }
80
81 /**
82 * Get the list of assurances given by the user
83 * @param int $userid - id of the assurer
84 * @param int $log - if set to 1 also includes deleted assurances
85 * @return resource - a MySQL result set
86 */
87 function get_given_assurances($userid, $log=0)
88 {
89 $deleted='';
90 if ($log == 0) {
91 $deleted = ' and `deleted` = 0 ';
92 }
93 $res = query_init("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc");
94 return $res;
95 }
96
97 /**
98 * Get the list of assurances received by the user
99 * @param int $userid - id of the assuree
100 * @param int $log - if set to 1 also includes deleted assurances
101 * @return resource - a MySQL result set
102 */
103 function get_received_assurances($userid, $log=0)
104 {
105 $deleted='';
106 if ($log == 0) {
107 $deleted = ' and `deleted` = 0 ';
108 }
109 $res = query_init("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc ");
110 return $res;
111 }
112
113 function get_given_assurances_summary ($userid)
114 {
115 $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method");
116 return $res;
117 }
118
119 function get_received_assurances_summary ($userid)
120 {
121 $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method");
122 return $res;
123 }
124
125 function get_user ($userid)
126 {
127 $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
128 return mysql_fetch_assoc($res);
129 }
130
131 function get_cats_state ($userid)
132 {
133
134 $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
135 WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
136 return mysql_num_rows($res);
137 }
138
139
140 /**
141 * Calculate awarded points (corrects some issues like out of range points
142 * or points that were issued by means that have been deprecated)
143 *
144 * @param array $row - associative array containing the data from the
145 * `notary` table
146 * @return int - the awarded points for this assurance
147 */
148 function calc_awarded($row)
149 {
150 // Back in the old days there was no `awarded` column => is now zero,
151 // there the `points` column contained that data
152 $points = max(intval($row['awarded']), intval($row['points']));
153
154 // Set negative points to zero, yes there are such things in the database
155 $points = max($points, 0);
156
157 switch ($row['method'])
158 {
159 // These programmes have been revoked
160 case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
161 case 'CT Magazine - Germany': // revoke c't (only one test-entry)
162 case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
163 $points = 0;
164 break;
165
166 case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
167 if ($points <= 2) // maybe limit to 35/50 pts in the future?
168 $points = 0;
169 break;
170
171 // TTP assurances, limit to 35
172 case 'TTP-Assisted':
173 $points = min($points, 35);
174 break;
175
176 // TTP TOPUP, limit to 30
177 case 'TOPUP':
178 $points = min($points, 30);
179
180 // All these should be preserved for the time being
181 case 'Unknown': // to be revoked in the future? limit to max 50 pts?
182 case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
183 case '': // to be revoked in the future? limit to max 50 pts?
184 case 'Face to Face Meeting': // normal assurances (and superassurances?), limit to 35/50 pts in the future?
185 break;
186
187 default: // should never happen ... ;-)
188 $points = 0;
189 }
190
191 return $points;
192 }
193
194
195 /**
196 * Calculate the experience points from a given Assurance
197 * @param array $row - [inout] associative array containing the data from
198 * the `notary` table, the keys 'experience' and 'calc_awarded' will be
199 * added
200 * @param int $sum_points - [inout] the sum of already counted assurance
201 * points the assurer issued
202 * @param int $sum_experience - [inout] the sum of already counted
203 * experience points that were awarded to the assurer
204 */
205 function calc_experience(&$row, &$sum_points, &$sum_experience)
206 {
207 $row['calc_awarded'] = calc_awarded($row);
208
209 // Don't count revoked assurances even if we are displaying them
210 if ($row['deleted'] !== NULL_DATETIME) {
211 $row['experience'] = 0;
212 return;
213 }
214
215 $experience = 0;
216 if ($row['method'] == "Face to Face Meeting")
217 {
218 $experience = 2;
219 }
220 $sum_experience += $experience;
221 $row['experience'] = $experience;
222
223 $sum_points += $row['calc_awarded'];
224 }
225
226 /**
227 * Calculate the points received from a received Assurance
228 * @param array $row - [inout] associative array containing the data from
229 * the `notary` table, the keys 'experience' and 'calc_awarded' will be
230 * added
231 * @param int $sum_points - [inout] the sum of already counted assurance
232 * points the assuree received
233 * @param int $sum_experience - [inout] the sum of already counted
234 * experience points that were awarded to the assurer
235 */
236 function calc_assurances(&$row, &$sum_points, &$sum_experience)
237 {
238 $row['calc_awarded'] = calc_awarded($row);
239 $experience = 0;
240
241 // High point values mean that some of them are experience points
242 if ($row['calc_awarded'] > 100)
243 {
244 $experience = $row['calc_awarded'] - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
245 $row['calc_awarded'] = 100;
246 }
247
248 switch ($row['method'])
249 {
250 case 'Thawte Points Transfer':
251 case 'CT Magazine - Germany':
252 case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
253 $experience = 0;
254 $row['deleted'] = THAWTE_REVOCATION_DATETIME;
255 break;
256 }
257
258 // Don't count revoked assurances even if we are displaying them
259 if ($row['deleted'] !== NULL_DATETIME) {
260 $row['experience'] = 0;
261 return;
262 }
263
264 $sum_experience += $experience;
265 $row['experience'] = $experience;
266 $sum_points += $row['calc_awarded'];
267 }
268
269 /**
270 * Generate a link to the support engineer page for the user with the name
271 * of the user as link text
272 * @param array $user - associative array containing the data from the
273 * `user` table
274 * @return string
275 */
276 function show_user_link($user)
277 {
278 $name = trim($user['fname'].' '.$user['lname']);
279 $userid = intval($user['id']);
280
281 if($name == "")
282 {
283 if ($userid == 0) {
284 $name = _("System");
285 } else {
286 $name = _("Deleted account");
287 }
288 }
289 else
290 {
291 $name = "<a href='wot.php?id=9&amp;userid=".$userid."'>".sanitizeHTML($name)."</a>";
292 }
293
294 return $name;
295 }
296
297 /**
298 * Generate a link to the support engineer page for the user with the email
299 * address as link text
300 * @param array $user - associative array containing the data from the
301 * `user` table
302 * @return string
303 */
304 function show_email_link($user)
305 {
306 $email = trim($user['email']);
307 if($email != "") {
308 $email = "<a href='account.php?id=43&amp;userid=".intval($user['id'])."'>".sanitizeHTML($email)."</a>";
309 }
310 return $email;
311 }
312
313 function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
314 {
315 $num_of_assurances = get_number_of_assurances (intval($userid));
316 $rank_of_assurer = get_top_assurer_position($num_of_assurances);
317 }
318
319 function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
320 {
321 $num_of_assurees = get_number_of_assurees (intval($userid));
322 $rank_of_assuree = get_top_assuree_position($num_of_assurees);
323 }
324
325
326 // ************* html table definitions ******************
327
328 function output_ranking($userid)
329 {
330 get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
331 get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
332
333 ?>
334 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
335 <tr>
336 <td class="title"><?=_("Assurer Ranking")?></td>
337 </tr>
338 <tr>
339 <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
340 </tr>
341 <tr>
342 <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
343 </tr>
344 </table>
345 <br/>
346 <?
347 }
348
349 /**
350 * Render header for the assurance table (same for given/received)
351 * @param string $title - The title for the table
352 * @param int $support - set to 1 if the output is for the support interface
353 * @param int $log - if set to 1 also includes deleted assurances
354 */
355 function output_assurances_header($title, $support, $log)
356 {
357 if ($support == 1) {
358 $log = 1;
359 }
360
361 $colspan = 7;
362 if ($support == 1) {
363 $colspan += 2;
364 }
365 if ($log == 1) {
366 $colspan += 1;
367 }
368 ?>
369 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
370 <tr>
371 <td colspan="<?=$colspan?>" class="title"><?=$title?></td>
372 </tr>
373 <tr>
374 <td class="DataTD"><strong><?=_("ID")?></strong></td>
375 <td class="DataTD"><strong><?=_("Date")?></strong></td>
376 <?
377 if ($support == 1)
378 {
379 ?>
380 <td class="DataTD"><strong><?=_("When")?></strong></td>
381 <td class="DataTD"><strong><?=_("Email")?></strong></td>
382 <?
383 }
384 ?>
385 <td class="DataTD"><strong><?=_("Who")?></strong></td>
386 <td class="DataTD"><strong><?=_("Points")?></strong></td>
387 <td class="DataTD"><strong><?=_("Location")?></strong></td>
388 <td class="DataTD"><strong><?=_("Method")?></strong></td>
389 <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
390 <?
391 if ($log == 1)
392 {
393 ?>
394 <td class="DataTD"><strong><?=_("Revoked")?></strong></td>
395 <?
396 }
397 ?>
398 </tr>
399 <?
400 }
401
402 /**
403 * Render footer for the assurance table (same for given/received)
404 * @param string $points_txt - Description for sum of assurance points
405 * @param int $sumpoints - sum of assurance points
406 * @param string $experience_txt - Description for sum of experience points
407 * @param int $sumexperience - sum of experience points
408 * @param int $support - set to 1 if the output is for the support interface
409 * @param int $log - if set to 1 also includes deleted assurances
410 */
411 function output_assurances_footer(
412 $points_txt,
413 $sumpoints,
414 $experience_txt,
415 $sumexperience,
416 $support,
417 $log)
418 {
419 ?>
420 <tr>
421 <td colspan="<?=($support == 1) ? 5 : 3 ?>" class="DataTD"><strong><?=$points_txt?>:</strong></td>
422 <td class="DataTD"><?=intval($sumpoints)?></td>
423 <td class="DataTD">&nbsp;</td>
424 <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
425 <td class="DataTD"><?=intval($sumexperience)?></td>
426 <?
427 if ($log == 1)
428 {
429 ?>
430 <td class="DataTD">&nbsp;</td>
431 <?
432 }
433 ?>
434 </tr>
435 </table>
436 <br/>
437 <?
438 }
439
440 /**
441 * Render an assurance for a view
442 * @param array $assurance - associative array containing the data from the `notary` table
443 * @param int $userid - Id of the user whichs given/received assurances are displayed
444 * @param array $other_user - associative array containing the other users data from the `users` table
445 * @param int $support - set to 1 if the output is for the support interface
446 * @param string $ticketno - ticket number currently set in the support interface
447 * @param int $log - if set to 1 also includes deleted assurances
448 */
449 function output_assurances_row(
450 $assurance,
451 $userid,
452 $other_user,
453 $support,
454 $ticketno,
455 $log)
456 {
457 $assuranceid = intval($assurance['id']);
458 $date = $assurance['date'];
459 $when = $assurance['when'];
460 $awarded = intval($assurance['calc_awarded']);
461 $points = intval($assurance['points']);
462 $location = $assurance['location'];
463 $method = $assurance['method'] ? _($assurance['method']) : '';
464 $experience = intval($assurance['experience']);
465 $revoked = $assurance['deleted'] !== NULL_DATETIME;
466
467 $email = show_email_link($other_user);
468 $name = show_user_link($other_user);
469
470 if ($support == 1) {
471 $log = 1;
472 }
473
474 $tdstyle="";
475 $emopen="";
476 $emclose="";
477
478 if ($awarded == $points)
479 {
480 if ($awarded == 0)
481 {
482 if ($when < "2006-09-01")
483 {
484 $tdstyle="style='background-color: #ffff80'";
485 $emopen="<em>";
486 $emclose="</em>";
487 }
488 }
489 }
490 ?>
491 <tr>
492 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
493 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
494 <?
495 if ($support == 1)
496 {
497 ?>
498 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
499 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
500 <?
501 }
502 ?>
503 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
504 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$revoked ? sprintf("<strong style='color: red'>%s</strong>",_("Revoked")) : $awarded?><?=$emclose?></td>
505 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=sanitizeHTML($location)?><?=$emclose?></td>
506 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
507 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?$experience:'&nbsp;'?><?=$emclose?></td>
508 <?
509 if ($log == 1)
510 {
511 if ($revoked == true)
512 {
513 ?>
514 <td class="DataTD" <?=$tdstyle?>><?=$assurance['deleted']?></td>
515 <?
516 } elseif ($support == 1) {
517 ?>
518 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
519 <?
520 } else {
521 ?>
522 <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
523 <?
524 }
525 }
526 ?>
527 </tr>
528 <?
529 }
530
531 function output_summary_header()
532 {
533 ?>
534 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
535 <tr>
536 <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
537 </tr>
538 <tr>
539 <td class="DataTD"><strong><?=_("Description")?></strong></td>
540 <td class="DataTD"><strong><?=_("Points")?></strong></td>
541 <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
542 <td class="DataTD"><strong><?=_("Remark")?></strong></td>
543 </tr>
544 <?
545 }
546
547 function output_summary_footer()
548 {
549 ?>
550 </table>
551 <br/>
552 <?
553 }
554
555 function output_summary_row($title,$points,$points_countable,$remark)
556 {
557 ?>
558 <tr>
559 <td class="DataTD"><strong><?=$title?></strong></td>
560 <td class="DataTD"><?=$points?></td>
561 <td class="DataTD"><?=$points_countable?></td>
562 <td class="DataTD"><?=$remark?></td>
563 </tr>
564 <?
565 }
566
567
568 // ************* output given assurances ******************
569
570 /**
571 * Helper function to render assurances given by the user
572 * @param int $userid
573 * @param int& $sum_points - [out] sum of given points
574 * @param int& $sum_experience - [out] sum of experience points gained
575 * @param int $support - set to 1 if the output is for the support interface
576 * @param string $ticketno - the ticket number set in the support interface
577 * @param int $log - if set to 1 also includes deleted assurances
578 */
579 function output_given_assurances_content(
580 $userid,
581 &$sum_points,
582 &$sum_experience,
583 $support,
584 $ticketno,
585 $log)
586 {
587 $sum_points = 0;
588 $sumexperience = 0;
589 $res = get_given_assurances(intval($userid), $log);
590 while($row = mysql_fetch_assoc($res))
591 {
592 $assuree = get_user(intval($row['to']));
593 calc_experience($row, $sum_points, $sum_experience);
594 output_assurances_row($row, $userid, $assuree, $support, $ticketno, $log);
595 }
596 }
597
598 // ************* output received assurances ******************
599
600 /**
601 * Helper function to render assurances received by the user
602 * @param int $userid
603 * @param int& $sum_points - [out] sum of received points
604 * @param int& $sum_experience - [out] sum of experience points the assurers gained
605 * @param int $support - set to 1 if the output is for the support interface
606 * @param string $ticketno - the ticket number set in the support interface
607 * @param int $log - if set to 1 also includes deleted assurances
608 */
609 function output_received_assurances_content(
610 $userid,
611 &$sum_points,
612 &$sum_experience,
613 $support,
614 $ticketno,
615 $log)
616 {
617 $sum_points = 0;
618 $sumexperience = 0;
619 $res = get_received_assurances(intval($userid), $log);
620 while($row = mysql_fetch_assoc($res))
621 {
622 $fromuser = get_user(intval($row['from']));
623 calc_assurances($row, $sum_points, $sum_experience);
624 output_assurances_row($row, $userid, $fromuser, $support, $ticketno, $log);
625 }
626 }
627
628 // ************* output summary table ******************
629
630 function check_date_limit ($userid,$age)
631 {
632 $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
633 $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
634 return intval(query_get_number_of_rows($res));
635 }
636
637 function max_points($userid)
638 {
639 return output_summary_content ($userid,0);
640 }
641
642 function output_summary_content($userid,$display_output)
643 {
644 $sum_points = 0;
645 $sum_experience = 0;
646 $sum_experience_other = 0;
647 $max_points = 100;
648 $max_experience = 50;
649
650 $experience_limit_reached_txt = _("Limit reached");
651
652 if (check_date_limit($userid,18) != 1)
653 {
654 $max_experience = 10;
655 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
656 }
657 if (check_date_limit($userid,14) != 1)
658 {
659 $max_experience = 0;
660 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
661 }
662
663 $res = get_received_assurances_summary($userid);
664 while($row = mysql_fetch_assoc($res))
665 {
666 $points = calc_awarded($row);
667
668 if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
669 {
670 $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
671 $points = $max_points;
672 }
673 $sum_points += $points*intval($row['number']);
674 }
675
676 $res = get_given_assurances_summary($userid);
677 while($row = mysql_fetch_assoc($res))
678 {
679 switch ($row['method'])
680 {
681 case 'Face to Face Meeting': // count Face to Face only
682 $sum_experience += 2*intval($row['number']);
683 break;
684 }
685
686 }
687
688 if ($sum_points > $max_points)
689 {
690 $sum_points_countable = $max_points;
691 $remark_points = _("Limit reached");
692 }
693 else
694 {
695 $sum_points_countable = $sum_points;
696 $remark_points = "&nbsp;";
697 }
698 if ($sum_experience > $max_experience)
699 {
700 $sum_experience_countable = $max_experience;
701 $remark_experience = $experience_limit_reached_txt;
702 }
703 else
704 {
705 $sum_experience_countable = $sum_experience;
706 $remark_experience = "&nbsp;";
707 }
708
709 if ($sum_experience_countable + $sum_experience_other > $max_experience)
710 {
711 $sum_experience_other_countable = $max_experience-$sum_experience_countable;
712 $remark_experience_other = $experience_limit_reached_txt;
713 }
714 else
715 {
716 $sum_experience_other_countable = $sum_experience_other;
717 $remark_experience_other = "&nbsp;";
718 }
719
720 if ($sum_points_countable < $max_points)
721 {
722 if ($sum_experience_countable != 0)
723 $remark_experience = _("Points on hold due to less assurance points");
724 $sum_experience_countable = 0;
725 if ($sum_experience_other_countable != 0)
726 $remark_experience_other = _("Points on hold due to less assurance points");
727 $sum_experience_other_countable = 0;
728 }
729
730 $issue_points = 0;
731 $cats_test_passed = get_cats_state ($userid);
732 if ($cats_test_passed == 0)
733 {
734 $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
735 if ($sum_points_countable < $max_points)
736 {
737 $issue_points_txt = "<strong style='color: red'>";
738 $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
739 $issue_points_txt .= "</strong>";
740 }
741 }
742 else
743 {
744 $experience_total = $sum_experience_countable+$sum_experience_other_countable;
745 $issue_points_txt = "";
746 if ($sum_points_countable == $max_points)
747 $issue_points = 10;
748 if ($experience_total >= 10)
749 $issue_points = 15;
750 if ($experience_total >= 20)
751 $issue_points = 20;
752 if ($experience_total >= 30)
753 $issue_points = 25;
754 if ($experience_total >= 40)
755 $issue_points = 30;
756 if ($experience_total >= 50)
757 $issue_points = 35;
758 if ($issue_points != 0)
759 $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
760 }
761 if ($display_output)
762 {
763 output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
764 output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
765 output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
766 output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
767 }
768 return $issue_points;
769 }
770
771 /**
772 * Render assurances given by the user
773 * @param int $userid
774 * @param int $support - set to 1 if the output is for the support interface
775 * @param string $ticketno - the ticket number set in the support interface
776 * @param int $log - if set to 1 also includes deleted assurances
777 */
778 function output_given_assurances($userid, $support=0, $ticketno='', $log=0)
779 {
780 output_assurances_header(
781 _("Assurance Points You Issued"),
782 $support,
783 $log);
784
785 output_given_assurances_content(
786 $userid,
787 $sum_points,
788 $sum_experience,
789 $support,
790 $ticketno,
791 $log);
792
793 output_assurances_footer(
794 _("Total Points Issued"),
795 $sum_points,
796 _("Total Experience Points"),
797 $sum_experience,
798 $support,
799 $log);
800 }
801
802 /**
803 * Render assurances received by the user
804 * @param int $userid
805 * @param int $support - set to 1 if the output is for the support interface
806 * @param string $ticketno - the ticket number set in the support interface
807 * @param int $log - if set to 1 also includes deleted assurances
808 */
809 function output_received_assurances($userid, $support=0, $ticketno='', $log=0)
810 {
811 output_assurances_header(
812 _("Assurance Points You Received"),
813 $support,
814 $log);
815
816 output_received_assurances_content(
817 $userid,
818 $sum_points,
819 $sum_experience,
820 $support,
821 $ticketno,
822 $log);
823
824 output_assurances_footer(
825 _("Total Points Received"),
826 $sum_points,
827 _("Total Experience Points"),
828 $sum_experience,
829 $support,
830 $log);
831 }
832
833 function output_summary($userid)
834 {
835 output_summary_header();
836 output_summary_content($userid,1);
837 output_summary_footer();
838 }
839
840 function output_end_of_page()
841 {
842 ?>
843 <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
844 <?
845 }
846
847 //functions to do with recording user agreements
848 /**
849 * write_user_agreement()
850 * writes a new record to the table user_agreement
851 *
852 * @param mixed $memid
853 * @param mixed $document
854 * @param mixed $method
855 * @param mixed $comment
856 * @param integer $active
857 * @param integer $secmemid
858 * @return
859 */
860 function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
861 // write a new record to the table user_agreement
862 $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
863 ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
864 $res = mysql_query($query);
865 }
866
867 /**
868 * get_user_agreement_status()
869 * returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded
870 * @param mixed $memid
871 * @param string $type
872 * @return
873 */
874 function get_user_agreement_status($memid, $type="CCA"){
875 $query="SELECT u.`document` FROM `user_agreements` u
876 WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ;
877 $res = mysql_query($query);
878 if(mysql_num_rows($res) <=0){
879 return 0;
880 }else{
881 return 1;
882 }
883 }
884
885 /**
886 * Get the first user_agreement entry of the requested type
887 * @param int $memid
888 * @param string $type - the type of user agreement, by default all
889 * agreements are listed
890 * @param int $active - whether to get active or passive agreements:
891 * 0 := passive
892 * 1 := active
893 * null := both
894 * @return array(string=>mixed) - an associative array containing
895 * 'document', 'date', 'method', 'comment', 'active'
896 */
897 function get_first_user_agreement($memid, $type=null, $active=null){
898 $filter = '';
899 if (!is_null($type)) {
900 $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
901 }
902
903 if (!is_null($active)) {
904 $filter .= " AND u.`active` = ".intval($active);
905 }
906
907 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
908 WHERE u.`memid`=".intval($memid)."
909 $filter
910 ORDER BY u.`date` LIMIT 1";
911 $res = mysql_query($query);
912 if(mysql_num_rows($res) >0){
913 $rec = mysql_fetch_assoc($res);
914 }else{
915 $rec=array();
916 }
917 return $rec;
918 }
919
920 /**
921 * Get the last user_agreement entry of the requested type
922 * @param int $memid
923 * @param string $type - the type of user agreement, by default all
924 * agreements are listed
925 * @param int $active - whether to get active or passive agreements:
926 * 0 := passive,
927 * 1 := active,
928 * null := both
929 * @return array(string=>mixed) - an associative array containing
930 * 'document', 'date', 'method', 'comment', 'active'
931 */
932 function get_last_user_agreement($memid, $type=null, $active=null){
933 $filter = '';
934 if (!is_null($type)) {
935 $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
936 }
937
938 if (!is_null($active)) {
939 $filter .= " AND u.`active` = ".intval($active);
940 }
941
942 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
943 WHERE u.`memid`=".intval($memid)."
944 $filter
945 ORDER BY u.`date` DESC LIMIT 1";
946 $res = mysql_query($query);
947 if(mysql_num_rows($res) >0){
948 $rec = mysql_fetch_assoc($res);
949 }else{
950 $rec=array();
951 }
952 return $rec;
953 }
954
955 /**
956 * Get the all user_agreement entries of the requested type
957 * @param int $memid
958 * @param string $type - the type of user agreement, by default all
959 * agreements are listed
960 * @param int $active - whether to get an active or passive agreements:
961 * 0 := passive,
962 * 1 := active,
963 * null := both
964 * @return resource - a mysql result set containing all agreements
965 */
966 function get_user_agreements($memid, $type=null, $active=null){
967 $filter = '';
968 if (!is_null($type)) {
969 $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
970 }
971
972 if (!is_null($active)) {
973 $filter .= " AND u.`active` = ".intval($active);
974 }
975
976 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
977 WHERE u.`memid`=".intval($memid)."
978 $filter
979 ORDER BY u.`date`";
980 return mysql_query($query);
981 }
982
983 /**
984 * delete_user_agreement()
985 * deletes all entries for a given type from user_agreement of a given user, if type is not given all
986 * @param mixed $memid
987 * @param string $type
988 * @return
989 */
990 function delete_user_agreement($memid, $type=false){
991 if ($type === false) {
992 $filter = '';
993 } else {
994 $filter = " and `document` = '" . mysql_real_escape_string($type) . "'";
995 }
996 mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
997 }
998
999 // functions for 6.php (assure somebody)
1000
1001 function AssureHead($confirmation,$checkname)
1002 {
1003 ?>
1004 <form method="post" action="wot.php">
1005 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
1006 <tr>
1007 <td colspan="2" class="title"><?=$confirmation?></td>
1008 </tr>
1009 <tr>
1010 <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
1011 </tr>
1012 <?
1013 }
1014
1015 function AssureTextLine($field1,$field2)
1016 {
1017 ?>
1018 <tr>
1019 <td class="DataTD"><?=$field1.(empty($field1)?'':':')?></td>
1020 <td class="DataTD"><?=$field2?></td>
1021 </tr>
1022 <?
1023 }
1024
1025 function AssureBoxLine($type,$text,$checked)
1026 {
1027 ?>
1028 <tr>
1029 <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
1030 <td class="DataTD"><?=$text?></td>
1031 </tr>
1032 <?
1033 }
1034
1035 function AssureMethodLine($text,$methods,$remark)
1036 {
1037 if (count($methods) != 1) {
1038 ?>
1039 <tr>
1040 <td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
1041 <td class="DataTD">
1042 <select name="method">
1043 <?
1044 foreach($methods as $val) {
1045 ?>
1046 <option value="<?=$val?>"><?=$val?></option>
1047 <?
1048 }
1049 ?>
1050 </select>
1051 <br />
1052 <?=$remark?>
1053 </td>
1054 </tr>
1055 <?
1056 } else {
1057 ?>
1058 <input type="hidden" name="method" value="<?=$methods[0]?>" />
1059 <?
1060 }
1061 }
1062
1063 function AssureInboxLine($type,$field,$value,$description)
1064 {
1065 ?>
1066 <tr>
1067 <td class="DataTD"><?=$field.(empty($field)?'':':')?></td>
1068 <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
1069 </tr>
1070 <?
1071 }
1072
1073 function AssureFoot($oldid,$confirm)
1074 {
1075 ?>
1076 <tr>
1077 <td class="DataTD" colspan="2">
1078 <input type="submit" name="process" value="<?=$confirm?>" />
1079 <input type="submit" name="cancel" value="<?=_("Cancel")?>" />
1080 </td>
1081 </tr>
1082 </table>
1083 <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
1084 <input type="hidden" name="oldid" value="<?=$oldid?>" />
1085 </form>
1086 <?
1087 }
1088
1089 function account_email_delete($mailid){
1090 //deletes an email entry from an acount
1091 //revolkes all certifcates for that email address
1092 //called from www/account.php if($process != "" && $oldid == 2)
1093 //called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
1094 //called from account_delete
1095 $mailid = intval($mailid);
1096 revoke_all_client_cert($mailid);
1097 $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
1098 mysql_query($query);
1099 }
1100
1101 function account_domain_delete($domainid){
1102 //deletes an domain entry from an acount
1103 //revolkes all certifcates for that domain address
1104 //called from www/account.php if($process != "" && $oldid == 9)
1105 //called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
1106 //called from account_delete
1107 $domainid = intval($domainid);
1108 revoke_all_server_cert($domainid);
1109 mysql_query(
1110 "update `domains`
1111 set `deleted`=NOW()
1112 where `id` = '$domainid'");
1113 }
1114
1115 function account_delete($id, $arbno, $adminid){
1116 //deletes an account following the deleted account routnie V3
1117 // called from www/account.php if($oldid == 50 && $process != "")
1118 //change password
1119 $id = intval($id);
1120 $arbno = mysql_real_escape_string($arbno);
1121 $adminid = intval($adminid);
1122 $pool = 'abcdefghijklmnopqrstuvwxyz';
1123 $pool .= '0123456789!()ยง';
1124 $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
1125 srand ((double)microtime()*1000000);
1126 $password="";
1127 for($index = 0; $index < 30; $index++)
1128 {
1129 $password .= substr($pool,(rand()%(strlen ($pool))), 1);
1130 }
1131 mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
1132
1133 //create new mail for arbitration number
1134 $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
1135 mysql_query($query);
1136 $emailid = mysql_insert_id();
1137
1138 //set new mail as default
1139 $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
1140 mysql_query($query);
1141
1142 //delete all other email address
1143 $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
1144 $res=mysql_query($query);
1145 while($row = mysql_fetch_assoc($res)){
1146 account_email_delete($row['id']);
1147 }
1148
1149 //delete all domains
1150 $query = "select `id` from `domains` where `memid`='".$id."'";
1151 $res=mysql_query($query);
1152 while($row = mysql_fetch_assoc($res)){
1153 account_domain_delete($row['id']);
1154 }
1155
1156 //clear alert settings
1157 mysql_query(
1158 "update `alerts` set
1159 `general`='0',
1160 `country`='0',
1161 `regional`='0',
1162 `radius`='0'
1163 where `memid`='$id'");
1164
1165 //set default location
1166 $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
1167 mysql_query($query);
1168
1169 //clear listings
1170 $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
1171 mysql_query($query);
1172
1173 //set lanuage to default
1174 //set default language
1175 mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
1176 //delete secondary langugaes
1177 mysql_query("delete from `addlang` where `userid`='".$id."'");
1178
1179 //change secret questions
1180 for($i=1;$i<=5;$i++){
1181 $q="";
1182 $a="";
1183 for($index = 0; $index < 30; $index++)
1184 {
1185 $q .= substr($pool,(rand()%(strlen ($pool))), 1);
1186 $a .= substr($pool,(rand()%(strlen ($pool))), 1);
1187 }
1188 $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
1189 mysql_query($query);
1190 }
1191
1192 //change personal information to arbitration number and DOB=1900-01-01
1193 $query = "update `users` set `fname`='".$arbno."',
1194 `mname`='".$arbno."',
1195 `lname`='".$arbno."',
1196 `suffix`='".$arbno."',
1197 `dob`='1900-01-01'
1198 where `id`='".$id."'";
1199 mysql_query($query);
1200
1201 //clear all admin and board flags
1202 mysql_query(
1203 "update `users` set
1204 `assurer`='0',
1205 `assurer_blocked`='0',
1206 `codesign`='0',
1207 `orgadmin`='0',
1208 `ttpadmin`='0',
1209 `locadmin`='0',
1210 `admin`='0',
1211 `adadmin`='0',
1212 `tverify`='0',
1213 `board`='0'
1214 where `id`='$id'");
1215
1216 //block account
1217 mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
1218 }
1219
1220
1221 function check_email_exists($email){
1222 // called from includes/account.php if($process != "" && $oldid == 1)
1223 // called from includes/account.php if($oldid == 50 && $process != "")
1224 $email = mysql_real_escape_string($email);
1225 $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
1226 $res = mysql_query($query);
1227 return mysql_num_rows($res) > 0;
1228 }
1229
1230 function check_gpg_cert_running($uid,$cca=0){
1231 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
1232 // called from includes/account.php if($oldid == 50 && $process != "")
1233 $uid = intval($uid);
1234 if (0==$cca) {
1235 $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
1236 }else{
1237 $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
1238 }
1239 $res = mysql_query($query);
1240 return mysql_num_rows($res) > 0;
1241 }
1242
1243 function check_client_cert_running($uid,$cca=0){
1244 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
1245 // called from includes/account.php if($oldid == 50 && $process != "")
1246 $uid = intval($uid);
1247 if (0==$cca) {
1248 $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
1249 $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
1250 }else{
1251 $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
1252 $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
1253 }
1254 $res = mysql_query($query1);
1255 $r1 = mysql_num_rows($res)>0;
1256 $res = mysql_query($query2);
1257 $r2 = mysql_num_rows($res)>0;
1258 return !!($r1 || $r2);
1259 }
1260
1261 function check_server_cert_running($uid,$cca=0){
1262 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
1263 // called from includes/account.php if($oldid == 50 && $process != "")
1264 $uid = intval($uid);
1265 if (0==$cca) {
1266 $query1 = "
1267 select 1 from `domaincerts` join `domains`
1268 on `domaincerts`.`domid` = `domains`.`id`
1269 where `domains`.`memid` = '$uid'
1270 and `domaincerts`.`expire` > NOW()
1271 and `domaincerts`.`revoked` < `domaincerts`.`created`";
1272 $query2 = "
1273 select 1 from `domaincerts` join `domains`
1274 on `domaincerts`.`domid` = `domains`.`id`
1275 where `domains`.`memid` = '$uid'
1276 and `revoked`>NOW()";
1277 }else{
1278 $query1 = "
1279 select 1 from `domaincerts` join `domains`
1280 on `domaincerts`.`domid` = `domains`.`id`
1281 where `domains`.`memid` = '$uid'
1282 and `expire`>(NOW()-90*86400)
1283 and `revoked`<`created`";
1284 $query2 = "
1285 select 1 from `domaincerts` join `domains`
1286 on `domaincerts`.`domid` = `domains`.`id`
1287 where `domains`.`memid` = '$uid'
1288 and `revoked`>(NOW()-90*86400)";
1289 }
1290 $res = mysql_query($query1);
1291 $r1 = mysql_num_rows($res)>0;
1292 $res = mysql_query($query2);
1293 $r2 = mysql_num_rows($res)>0;
1294 return !!($r1 || $r2);
1295 }
1296
1297 function check_is_orgadmin($uid){
1298 // called from includes/account.php if($oldid == 50 && $process != "")
1299 $uid = intval($uid);
1300 $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
1301 $res = mysql_query($query);
1302 return mysql_num_rows($res) > 0;
1303 }
1304
1305
1306 // revokation of certificates
1307 function revoke_all_client_cert($mailid){
1308 //revokes all client certificates for an email address
1309 $mailid = intval($mailid);
1310 $query = "select `emailcerts`.`id`
1311 from `emaillink`,`emailcerts` where
1312 `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
1313 group by `emailcerts`.`id`";
1314 $dres = mysql_query($query);
1315 while($drow = mysql_fetch_assoc($dres)){
1316 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
1317 }
1318 }
1319
1320 function revoke_all_server_cert($domainid){
1321 //revokes all server certs for an domain
1322 $domainid = intval($domainid);
1323 $query =
1324 "select `domaincerts`.`id`
1325 from `domaincerts`
1326 where `domaincerts`.`domid` = '$domainid'
1327 union distinct
1328 select `domaincerts`.`id`
1329 from `domaincerts`, `domlink`
1330 where `domaincerts`.`id` = `domlink`.`certid`
1331 and `domlink`.`domid` = '$domainid'";
1332 $dres = mysql_query($query);
1333 while($drow = mysql_fetch_assoc($dres))
1334 {
1335 mysql_query(
1336 "update `domaincerts`
1337 set `revoked`='1970-01-01 10:00:01'
1338 where `id` = '".$drow['id']."'
1339 and `revoked` = 0");
1340 }
1341 }
1342
1343 function revoke_all_private_cert($uid){
1344 //revokes all certificates linked to a personal accounts
1345 //gpg revokation needs to be added to a later point
1346 $uid=intval($uid);
1347 $query = "select `id` from `email` where `memid`='".$uid."'";
1348 $res=mysql_query($query);
1349 while($row = mysql_fetch_assoc($res)){
1350 revoke_all_client_cert($row['id']);
1351 }
1352
1353
1354 $query = "select `id` from `domains` where `memid`='".$uid."'";
1355 $res=mysql_query($query);
1356 while($row = mysql_fetch_assoc($res)){
1357 revoke_all_server_cert($row['id']);
1358 }
1359 }
1360
1361 /**
1362 * check_date_format()
1363 * checks if the date is entered in the right date format YYYY-MM-DD and
1364 * if the date is after the 1st January of the given year
1365 *
1366 * @param mixed $date
1367 * @param integer $year
1368 * @return
1369 */
1370 function check_date_format($date, $year=2000){
1371 if (!strpos($date,'-')) {
1372 return FALSE;
1373 }
1374 $arr=explode('-',$date);
1375
1376 if ((count($arr)!=3)) {
1377 return FALSE;
1378 }
1379 if (intval($arr[0])<=$year) {
1380 return FALSE;
1381 }
1382 if (intval($arr[1])>12 or intval($arr[1])<=0) {
1383 return FALSE;
1384 }
1385 if (intval($arr[2])>31 or intval($arr[2])<=0) {
1386 return FALSE;
1387 }
1388
1389 return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
1390
1391 }
1392
1393 /**
1394 * check_date_difference()
1395 * returns false if the date is larger then today + time diffrence
1396 *
1397 * @param mixed $date
1398 * @param integer $diff
1399 * @return
1400 */
1401 function check_date_difference($date, $diff=1){
1402 return (strtotime($date)<=time()+$diff*86400);
1403 }
1404
1405 /**
1406 * Write some information to the adminlog
1407 *
1408 * @param int $uid - id of the user account
1409 * @param int $adminid - id of the admin
1410 * @param string $type - the operation that was performed on the user account
1411 * @param string $info - the ticket / arbitration number or other information
1412 * @return bool - true := success, false := error
1413 */
1414 function write_se_log($uid, $adminid, $type, $info){
1415 //records all support engineer actions changing a user account
1416 $uid = intval($uid);
1417 $adminid = intval($adminid);
1418 $type = mysql_real_escape_string($type);
1419 $info = mysql_real_escape_string($info);
1420 $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values
1421 (Now(), $uid, $adminid, '$type', '$info')";
1422 return mysql_query($query);
1423 }
1424
1425 /**
1426 * Check if the entered information is a valid ticket or arbitration number
1427 * @param string $ticketno
1428 * @return bool
1429 */
1430 function valid_ticket_number($ticketno){
1431 //a arbitration case
1432 //d dispute action
1433 //s support case
1434 //m board motion
1435 $pattern='/[adsmADSM]\d{8}\.\d+/';
1436 if (preg_match($pattern, $ticketno)) {
1437 return true;
1438 }
1439 return false;
1440 }
1441
1442 // function for handling account/43.php
1443 /**
1444 * Get all data of an account given by the id from the `users` table
1445 * @param int $userid - account id
1446 * @param int $deleted - states if deleted data should be visible , default = 0 - not visible
1447 * @return resource - a mysql result set
1448 */
1449 function get_user_data($userid, $deleted=0){
1450 $userid = intval($userid);
1451 $filter='';
1452 if (0==$deleted) {
1453 $filter .=' and `users`.`deleted`=0';
1454 }
1455 $query = "select * from `users` where `users`.`id`='$userid' ".$filter;
1456 return mysql_query($query);
1457 }
1458
1459 /**
1460 * Get the alert settings for a user
1461 * @param int $userid for the requested account
1462 * @return array - associative array
1463 */
1464 function get_alerts($userid){
1465 return mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($userid)."'"));
1466 }
1467
1468 /**
1469 * Get all email addresses linked to the account
1470 * @param int $userid
1471 * @param string $exclude - if given the email address will be excluded
1472 * @param int $deleted - states if deleted data should be visible, default = 0 - not visible
1473 * @return resource - a mysql result set
1474 */
1475 function get_email_addresses($userid, $exclude, $deleted=0){
1476 //should be entered in account/2.php
1477 $userid = intval($userid);
1478 $filter='';
1479 if (0==$deleted) {
1480 $filter .= ' and `deleted`=0';
1481 }
1482 if ($exclude) {
1483 $filter .= " and `email`!='".mysql_real_escape_string($exclude)."'";
1484 }
1485 $query = "select * from `email` where `memid`='".$userid."' and `hash`='' ".$filter." order by `created`";
1486 return mysql_query($query);
1487 }
1488
1489 /**
1490 * Get all domains linked to the account
1491 * @param int $userid
1492 * @param int $deleted - states if deleted data should be visible, default = 0 - not visible
1493 * @return resource - a mysql result set
1494 */
1495 function get_domains($userid, $deleted=0){
1496 //should be entered in account/9.php
1497 $userid = intval($userid);
1498 $filter='';
1499 if (0==$deleted) {
1500 $filter .= ' and `deleted`=0';
1501 }
1502 $query = "select * from `domains` where `memid`='".$userid."' and `hash`=''".$filter." order by `created`";
1503 return mysql_query($query);
1504 }
1505
1506 /**
1507 * Get all training results for the account
1508 * @param int $userid
1509 * @return resource - a mysql result set
1510 */
1511 function get_training_results($userid){
1512 //should be entered in account/55.php
1513 $userid = intval($userid);
1514 $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
1515 " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
1516 " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".$userid."'".
1517 " ORDER BY `CP`.`pass_date`";
1518 return mysql_query($query);
1519 }
1520
1521 /**
1522 * Get all SE log entries for the account
1523 * @param int $userid
1524 * @return resource - a mysql result set
1525 */
1526 function get_se_log($userid){
1527 $userid = intval($userid);
1528 $query = "SELECT `adminlog`.`when`, `adminlog`.`type`, `adminlog`.`information`, `users`.`fname`, `users`.`lname`
1529 FROM `adminlog`, `users`
1530 WHERE `adminlog`.`adminid` = `users`.`id` and `adminlog`.`uid`=".$userid."
1531 ORDER BY `adminlog`.`when`";
1532 return mysql_query($query);
1533 }
1534
1535 /**
1536 * Get all client certificates linked to the account
1537 * @param int $userid
1538 * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
1539 * @return resource - a mysql result set
1540 */
1541 function get_client_certs($userid, $viewall=0){
1542 //add to account/5.php
1543 $userid = intval($userid);
1544 $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
1545 UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1546 UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
1547 `emailcerts`.`expire`,
1548 `emailcerts`.`revoked` as `revoke`,
1549 UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
1550 `emailcerts`.`id`,
1551 `emailcerts`.`CN`,
1552 `emailcerts`.`serial`,
1553 `emailcerts`.`disablelogin`,
1554 `emailcerts`.`description`
1555 from `emailcerts`
1556 where `emailcerts`.`memid`='".$userid."'";
1557 if($viewall == 0)
1558 {
1559 $query .= " AND `emailcerts`.`revoked`=0 AND `emailcerts`.`renewed`=0";
1560 $query .= " HAVING `timeleft` > 0";
1561 }
1562 $query .= " ORDER BY `emailcerts`.`modified` desc";
1563 return mysql_query($query);
1564 }
1565
1566 /**
1567 * Get all server certs linked to the account
1568 * @param int $userid
1569 * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
1570 * @return resource - a mysql result set
1571 */
1572 function get_server_certs($userid, $viewall=0){
1573 //add to account/12.php
1574 $userid = intval($userid);
1575 $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
1576 UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1577 UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
1578 `domaincerts`.`expire`,
1579 `domaincerts`.`revoked` as `revoke`,
1580 UNIX_TIMESTAMP(`revoked`) as `revoked`,
1581 `domaincerts`.`CN`,
1582 `domaincerts`.`serial`,
1583 `domaincerts`.`id`,
1584 `domaincerts`.`description`
1585 from `domaincerts`,`domains`
1586 where `domains`.`memid`='".$userid."' and `domaincerts`.`domid`=`domains`.`id`";
1587 if($viewall == 0)
1588 {
1589 $query .= " AND `domaincerts`.`revoked`=0 AND `domaincerts`.`renewed`=0";
1590 $query .= " HAVING `timeleft` > 0";
1591 }
1592 $query .= " ORDER BY `domaincerts`.`modified` desc";
1593 return mysql_query($query);
1594 }
1595
1596 /**
1597 * Get all gpg certs linked to the account
1598 * @param int $userid
1599 * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
1600 * @return resource - a mysql result set
1601 */
1602 function get_gpg_certs($userid, $viewall=0){
1603 //add to gpg/2.php
1604 $userid = intval($userid);
1605 $query = $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
1606 UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1607 UNIX_TIMESTAMP(`expire`) as `expired`,
1608 `expire`, `id`, `level`, `email`, `keyid`, `description`
1609 from `gpg` where `memid`='".$userid."'";
1610 if ($viewall == 0) {
1611 $query .= " HAVING `timeleft` > 0";
1612 }
1613 $query .= " ORDER BY `issued` desc";
1614 return mysql_query($query);
1615 }
1616
1617
1618
1619 /**
1620 * Show the table header to the email table for the admin log
1621 */
1622 function output_log_email_header(){
1623 ?>
1624 <tr>
1625 <td class="DataTD bold"><?= _("Email, primary bold") ?></td>
1626 <td class="DataTD bold"><?= _("Created") ?></td>
1627 <td class="DataTD bold"><?= _("Deleted") ?></td>
1628 </tr>
1629
1630 <?
1631 }
1632 /**
1633 * Show all email data for the admin log
1634 * @param array $row - associative array containing the column data
1635 * @param string $primary - if given the primary address is highlighted
1636 */
1637 function output_log_email($row, $primary){
1638 $style = '';
1639 if ($row['deleted'] !== NULL_DATETIME) {
1640 $style = ' deletedemailaddress';
1641 } elseif ($primary == $row['email']) {
1642 $style = ' primaryemailaddress';
1643 }
1644 ?>
1645 <tr>
1646 <td class="DataTD<?=$style?>"><?=$row['email']?></td>
1647 <td class="DataTD<?=$style?>"><?=$row['created']?></td>
1648 <td class="DataTD<?=$style?>"><?=$row['deleted']?></td>
1649 </tr>
1650 <?
1651 }
1652
1653 /**
1654 * Show the table header to the domains table for the admin log
1655 */
1656 function output_log_domains_header(){
1657 ?>
1658 <tr>
1659 <td class="DataTD bold"><?= _("Domain") ?></td>
1660 <td class="DataTD bold"><?= _("Created") ?></td>
1661 <td class="DataTD bold"><?= _("Deleted") ?></td>
1662 </tr>
1663
1664 <?
1665 }
1666
1667 /**
1668 * Show the domain data for the admin log
1669 * @param array $row - associative array containing the column data
1670 */
1671 function output_log_domains($row){
1672 $italic='';
1673 if ($row['deleted'] !== NULL_DATETIME) {
1674 $italic=' italic';
1675 }
1676 ?>
1677 <tr>
1678 <td class="DataTD<?=$italic?>"><?=$row['domain']?></td>
1679 <td class="DataTD<?=$italic?>"><?=$row['created']?></td>
1680 <td class="DataTD<?=$italic?>"><?=$row['deleted']?></td>
1681 </tr>
1682 <?
1683 }
1684
1685 /**
1686 * Show the table header to the user agreement table for the admin log
1687 */
1688 function output_log_agreement_header(){
1689 ?>
1690 <tr>
1691 <td class="DataTD bold"><?= _("Agreement") ?></td>
1692 <td class="DataTD bold"><?= _("Date") ?></td>
1693 <td class="DataTD bold"><?= _("Method") ?></td>
1694 <td class="DataTD bold"><?= _("Active ") ?></td>
1695 </tr>
1696 <?
1697 }
1698
1699 /**
1700 * Show the agreement data for the admin log
1701 * @param array $row - associative array containing the column data
1702 */
1703 function output_log_agreement($row){
1704 ?>
1705 <tr>
1706 <td class="DataTD" ><?=$row['document']?></td>
1707 <td class="DataTD" ><?=$row['date']?></td>
1708 <td class="DataTD" ><?=$row['method']?></td>
1709 <td class="DataTD"><?= ($row['active']==0)? _('passive'):_('active')?></td>
1710 </tr>
1711 <?
1712 }
1713
1714 /**
1715 * Show the table header to the training table
1716 */
1717 function output_log_training_header(){
1718 //should be entered in account/55.php
1719 ?>
1720 <tr>
1721 <td class="DataTD bold"><?= _("Agreement") ?></td>
1722 <td class="DataTD bold"><?= _("Test") ?></td>
1723 <td class="DataTD bold"><?= _("Variant") ?></td>
1724 </tr>
1725 <?
1726 }
1727
1728 /**
1729 * Show the training data
1730 * @param array $row - associative array containing the column data
1731 */
1732 function output_log_training($row){
1733 //should be entered in account/55.php
1734 ?>
1735 <tr>
1736 <td class="DataTD"><?=$row['pass_date']?></td>
1737 <td class="DataTD"><?=$row['type_text']?></td>
1738 <td class="DataTD"><?=$row['test_text']?></td>
1739 </tr>
1740 <?
1741 }
1742
1743 /**
1744 * Show the table header to the SE log table for the admin log
1745 * @param int $support - if support = 1 more information is visible
1746 */
1747 function output_log_se_header($support=0){
1748 ?>
1749 <tr>
1750 <td class="DataTD bold"><?= _("Date") ?></td>
1751 <td class="DataTD bold"><?= _("Type") ?></td>
1752 <?
1753 if (1 == $support) {
1754 ?>
1755 <td class="DataTD bold"><?= _("Information") ?></td>
1756 <td class="DataTD bold"><?= _("Admin") ?></td>
1757 <?
1758 }
1759 ?>
1760 </tr>
1761 <?
1762 }
1763
1764 /**
1765 * Show the SE log data for the admin log
1766 * @param array $row - associative array containing the column data
1767 * @param int $support - if support = 1 more information is visible
1768 */
1769 function output_log_se($row, $support=0){
1770 //should be entered in account/55.php
1771 ?>
1772 <tr>
1773 <td class="DataTD"><?=$row['when']?></td>
1774 <td class="DataTD"><?=$row['type']?></td>
1775 <?
1776 if (1 == $support) {
1777 ?>
1778 <td class="DataTD"><?=$row['information']?></td>
1779 <td class="DataTD"><?=$row['fname'].' '.$row['lname']?></td>
1780 <?
1781 }
1782 ?>
1783 </tr>
1784 <?
1785 }
1786
1787 /**
1788 * Shows the table header to the client cert table
1789 * @param int $support - if support = 1 some columns ar not visible
1790 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
1791 */
1792 function output_client_cert_header($support=0, $readonly=true){
1793 //should be added to account/5.php
1794 ?>
1795 <tr>
1796 <?
1797 if (!$readonly) {
1798 ?>
1799 <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
1800 <?
1801 }
1802 ?>
1803 <td class="DataTD"><?=_("Status")?></td>
1804 <td class="DataTD"><?=_("Email Address")?></td>
1805 <td class="DataTD"><?=_("SerialNumber")?></td>
1806 <td class="DataTD"><?=_("Revoked")?></td>
1807 <td class="DataTD"><?=_("Expires")?></td>
1808 <td class="DataTD"><?=_("Login")?></td>
1809 <?
1810 if (1 != $support) {
1811 ?>
1812 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
1813 <?
1814 }
1815 ?>
1816 </tr>
1817 <?
1818 }
1819
1820 /**
1821 * Show the client cert data
1822 * @param array $row - associative array containing the column data
1823 * @param int $support - if support = 1 some columns are not visible
1824 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
1825 */
1826 function output_client_cert($row, $support=0, $readonly=true){
1827 //should be entered in account/5.php
1828 $verified="";
1829 if ($row['timeleft'] > 0) {
1830 $verified = _("Valid");
1831 } else {
1832 $verified = _("Expired");
1833 }
1834
1835 if ($row['expired'] == 0) {
1836 $verified = _("Pending");
1837 }
1838
1839 if ($row['revoked'] == 0) {
1840 $row['revoke'] = _("Not Revoked");
1841 } else {
1842 $verified = _("Revoked");
1843 }
1844
1845 ?>
1846 <tr>
1847 <?
1848 if (!$readonly) {
1849 if ($verified === _("Pending")) {
1850 ?>
1851 <td class="DataTD">
1852 <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>">
1853 </td>
1854 <?
1855
1856 } elseif ($verified === _("Revoked")) {
1857 ?>
1858 <td class="DataTD">&nbsp;</td>
1859 <?
1860
1861 } else {
1862 ?>
1863 <td class="DataTD">
1864 <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>">
1865 </td>
1866 <?
1867 }
1868 }
1869
1870 ?>
1871 <td class="DataTD"><?=$verified?></td>
1872 <?
1873
1874 if ($verified === _("Pending")) {
1875 ?>
1876 <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?></td>
1877 <?
1878 } else {
1879 ?>
1880 <td class="DataTD">
1881 <a href="account.php?id=6&amp;cert=<?=intval($row['id'])?>">
1882 <?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?>
1883 </a>
1884 </td>
1885 <?
1886 }
1887
1888 ?>
1889 <td class="DataTD"><?=$row['serial']?></td>
1890 <td class="DataTD"><?=$row['revoke']?></td>
1891 <td class="DataTD"><?=$row['expire']?></td>
1892 <td class="DataTD">
1893 <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?> <?=$readonly?'disabled="disabled"':''?>/>
1894 <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" />
1895 </td>
1896 <?
1897
1898 if (1 != $support) {
1899 ?>
1900 <td class="DataTD">
1901 <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
1902 </td>
1903 <?
1904 if (!$readonly) {
1905 ?>
1906 <td class="DataTD">
1907 <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
1908 </td>
1909 <?
1910 }
1911 }
1912
1913 ?>
1914 </tr>
1915 <?
1916 }
1917
1918 /**
1919 * Show the table header to the server cert table
1920 * @param int $support - if support = 1 some columns ar not visible
1921 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
1922 */
1923 function output_server_certs_header($support=0, $readonly=true){
1924 //should be entered in account/12.php
1925 ?>
1926 <tr>
1927 <?
1928 if (!$readonly) {
1929 ?>
1930 <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
1931 <?
1932 }
1933 ?>
1934 <td class="DataTD"><?=_("Status")?></td>
1935 <td class="DataTD"><?=_("CommonName")?></td>
1936 <td class="DataTD"><?=_("SerialNumber")?></td>
1937 <td class="DataTD"><?=_("Revoked")?></td>
1938 <td class="DataTD"><?=_("Expires")?></td>
1939 <?
1940 if (1 != $support) {
1941 ?>
1942 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
1943 <?
1944 }
1945 ?>
1946 </tr>
1947 <?
1948 }
1949
1950 /**
1951 * Show the server cert data
1952 * @param array $row - associative array containing the column data
1953 * @param int $support - if support = 1 some columns are not visible
1954 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
1955 */
1956 function output_server_certs($row, $support=0, $readonly=true){
1957 //should be entered in account/12.php
1958 $verified="";
1959 if ($row['timeleft'] > 0) {
1960 $verified = _("Valid");
1961 } else {
1962 $verified = _("Expired");
1963 }
1964
1965 if ($row['expired'] == 0) {
1966 $verified = _("Pending");
1967 }
1968
1969 if ($row['revoked'] == 0) {
1970 $row['revoke'] = _("Not Revoked");
1971 } else {
1972 $verified = _("Revoked");
1973 }
1974
1975 ?>
1976 <tr>
1977 <?
1978 if (!$readonly) {
1979 if ($verified === _("Pending")) {
1980 ?>
1981 <td class="DataTD">
1982 <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/>
1983 </td>
1984 <?
1985 } elseif($verified === _("Revoked")) {
1986 ?>
1987 <td class="DataTD">&nbsp;</td>
1988 <?
1989 } else {
1990 ?>
1991 <td class="DataTD">
1992 <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/>
1993 </td>
1994 <?
1995 }
1996 }
1997
1998 ?>
1999 <td class="DataTD"><?=$verified?></td>
2000 <?
2001
2002 if ($verified === _("Pending")) {
2003 ?>
2004 <td class="DataTD"><?=htmlspecialchars($row['CN'])?></td>
2005 <?
2006 } else {
2007 ?>
2008 <td class="DataTD">
2009 <a href="account.php?id=15&amp;cert=<?=intval($row['id'])?>">
2010 <?=htmlspecialchars($row['CN'])?>
2011 </a>
2012 </td>
2013 <?
2014 }
2015
2016 ?>
2017 <td class="DataTD"><?=$row['serial']?></td>
2018 <td class="DataTD"><?=$row['revoke']?></td>
2019 <td class="DataTD"><?=$row['expire']?></td>
2020 <?
2021
2022 if (1 != $support) {
2023 ?>
2024 <td class="DataTD">
2025 <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
2026 </td>
2027 <?
2028 if (!$readonly) {
2029 ?>
2030 <td class="DataTD">
2031 <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
2032 </td>
2033 <?
2034 }
2035 }
2036
2037 ?>
2038 </tr>
2039 <?
2040 }
2041
2042 /**
2043 * Show the table header to the gpg cert table
2044 * @param int $support - if support = 1 some columns ar not visible
2045 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2046 */
2047 function output_gpg_certs_header($support=0, $readonly=true){
2048 // $readonly is currently ignored but kept for consistency
2049 ?>
2050 <tr>
2051 <td class="DataTD"><?=_("Status")?></td>
2052 <td class="DataTD"><?=_("Email Address")?></td>
2053 <td class="DataTD"><?=_("Expires")?></td>
2054 <td class="DataTD"><?=_("Key ID")?></td>
2055 <?
2056 if (1 != $support) {
2057 ?>
2058 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
2059 <?
2060 }
2061 ?>
2062 </tr>
2063 <?
2064 }
2065
2066 /**
2067 * Show the gpg cert data
2068 * @param array $row - associative array containing the column data
2069 * @param int $support - if support = 1 some columns are not visible
2070 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2071 */
2072 function output_gpg_certs($row, $support=0, $readonly=true){
2073 //should be entered in account/55.php
2074 $verified="";
2075 if ($row['timeleft'] > 0) {
2076 $verified = _("Valid");
2077 } else {
2078 $verified = _("Expired");
2079 }
2080
2081 if ($row['expired'] == 0) {
2082 $verified = _("Pending");
2083 }
2084
2085 ?>
2086 <tr>
2087 <td class="DataTD"><?=$verified?></td>
2088 <?
2089
2090 if($verified == _("Pending")) {
2091 ?>
2092 <td class="DataTD"><?=htmlspecialchars($row['email'])?></td>
2093 <?
2094 } else {
2095 ?>
2096 <td class="DataTD">
2097 <a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>">
2098 <?=htmlspecialchars($row['email'])?>
2099 </a>
2100 </td>
2101 <?
2102 }
2103
2104 ?>
2105 <td class="DataTD"><?=$row['expire']?></td>
2106 <?
2107
2108 if($verified == _("Pending")) {
2109 ?>
2110 <td class="DataTD"><?=htmlspecialchars($row['keyid'])?></td>
2111 <?
2112 } else {
2113 ?>
2114 <td class="DataTD">
2115 <a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>">
2116 <?=htmlspecialchars($row['keyid'])?>
2117 </a>
2118 </td>
2119 <?
2120 }
2121
2122 if (1 != $support) {
2123 ?>
2124 <td class="DataTD">
2125 <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
2126 </td>
2127 <?
2128 if (!$readonly) {
2129 ?>
2130 <td class="DataTD">
2131 <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
2132 </td>
2133 <?
2134 }
2135 }
2136
2137 ?>
2138 </tr>
2139 <?
2140 }